Updates from: 03/12/2021 04:13:39
Category Microsoft Docs article Related commit history on GitHub Change details
admin Add Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/add-users.md
Title: "Add users and assign licenses" f1.keywords: - NOCSH--++ audience: Admin
-localization_priority: Normal
+localization_priority: Priority
- M365-subscription-management - Adm_O365_Setup
admin Create Dns Records At 123 Reg Co Uk https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/dns/create-dns-records-at-123-reg-co-uk.md
When Microsoft finds the correct TXT record, your domain is verified.
![Select Delete (the trash can icon)](../../media/3be635e6-b591-49af-8430-a158272834b4.png)
-## Add the six CNAME records that are required for Microsoft
+## Add the five CNAME records that are required for Microsoft
<a name="BKMK_add_CNAME"> </a> 1. To get started, go to your domains page at 123-reg.co.uk by using [this link](https://www.123-reg.co.uk/secure/cpanel/domain/overview). You'll be prompted to log in first.
When Microsoft finds the correct TXT record, your domain is verified.
4. On the **Manage your DNS** page, select the **Advanced DNS** tab.
-5. Add the first of the six CNAME records.
+5. Add the first of the five CNAME records.
In the **Advanced DNS** section, in the boxes for the new record, type or copy and paste the values from the following table.
When Microsoft finds the correct TXT record, your domain is verified.
![Select Add](../../media/825a9854-559d-4a22-90ac-5e7a0a54269a.png)
-7. Add the other five CNAME records.
+7. Add the other four CNAME records.
In the **Advanced DNS** section, create a record using the values from the next row in the table, and then again select **Add** to complete that record.
- Repeat this process until you have created all six CNAME records.
+ Repeat this process until you have created all five CNAME records.
## Add a TXT record for SPF to help prevent email spam <a name="BKMK_add_TXT"> </a>
admin Message Center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/message-center.md
You can also use the [Microsoft 365 Admin app](https://go.microsoft.com/fwlink/p
### Messages
-Message center presents a view of all active messages in a table format. By default, it shows the most recent message at the top of the list. You can select **Service** to see messages for various services, such as Microsoft 365 Apps, SharePoint Online, etc. Under **Tag** you can select **Admin impact**, **Data privacy**, **Feature update**, **Major update**, **New feature**, or **User impact** messages. Under **Message state** you can select **Favorites**, **Unread**, or **Updated** messages.
+Message center presents a view of all active messages in a table format. By default, it shows the most recent message at the top of the list. You can select **Service** to see messages for various services, such as Microsoft 365 Apps, SharePoint Online, etc. Under **Tag** you can select **Admin impact**, **Data privacy**, **Feature update**, **Major update**, **New feature**, **Retirement**, or **User impact** messages. Under **Message state** you can select **Favorites**, **Unread**, or **Updated** messages.
The Archive tab shows the messages you have archived. To archive a message, in the message pane, Select **Archive**.
Here's a quick overview of the information you'll see in each column.
|Message title <br/> |Message titles are brief descriptions of upcoming changes. If the full title doesn't display, hover your cursor over it and the entire title will appear in a pop-up box. <br/> | |Service <br/> |Icons indicate the application to which the message applies.<br/> | |More options <br/> |More options lets you dismiss a message, mark it as read or unread, or share it with another admin. To restore an archived message, select the **Archive** tab, select the check mark next to the message, and select **Restore**. <br/> |
-|Tags <br/> |You can choose tags from the **Tag** drop-down to filter messages. The available tags are: **Admin impact**, **Major update**, **Data Privacy**, **Feature update**, **New feature**, and **User impact**. <br/> |
+|Tags <br/> |You can choose tags from the **Tag** drop-down to filter messages. The available tags are: **Admin impact**, **Major update**, **Data Privacy**, **Feature update**, **New feature**, **Retirement**, and **User impact**. <br/> |
|Category <br/> | This is not shown by default, but can be specified in the **Choose columns** panel. Messages are identified by one of the following three categories: <br/><br/> **Prevent or fix issues**: Informs you of known issues affecting your organization and may require that you take action to avoid disruptions in service. Prevent or fix issues are different than Service health messages because they prompt you to be proactive to avoid issues. <br/> <br/> **Plan for change**: Informs you of changes to Microsoft 365 that may require you to act to avoid disruptions in service. For example, we'll let you know about changes to system requirements or about features that are being removed. We try to provide at least 30 days' notice of any change that requires an admin to act to keep the service running normally. <br/> <br/> **Stay informed**: Tells you about new or updated features we are turning on in your organization. The features are usually announced first in the [Microsoft 365 Roadmap](https://go.microsoft.com/fwlink/?linkid=2070821). <br/><br/>May also let you know about planned maintenance in accordance with our Service Level Agreement. Planned maintenance may result in down time, where you or your users can't access Microsoft 365, a specific feature, or a service such as email or OneDrive for Business. <br/> | |Act by <br/> |We'll only have dates here if we're making a change that requires you to take an action by a certain deadline. Since we rarely use the **Act by** column, if you see something here, you should pay extra attention to it. <br/> | |Last updated <br/> |Date that the message was published or last updated. <br/> |
admin Enable Modern Authentication https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/enable-modern-authentication.md
To disable modern authentication on a device, set the following registry keys on
## Related articles [Sign in to Office 2013 with a second verification method](https://support.microsoft.com/office/2b856342-170a-438e-9a4f-3c092394d3cb)
-
+[Outlook prompts for password and doesn't use Modern Authentication to connect to Office 365](https://docs.microsoft.com/outlook/troubleshoot/authentication/outlook-prompt-password-modern-authentication-enabled)
+
admin Usage Analytics Data Model https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/usage-analytics/usage-analytics-data-model.md
description: "Learn how usage analytics connects to an API and provides monthly
## Data for the Microsoft 365 usage analytics tables
-Microsoft 365 usage analytics connects to an API that exposes a multidimensional data model. The APIs are in preview and can be accessed at `https://reports.office.com/pbi/v1.0/\<tenantid\>` (replace the \<tenant id\> with your tenant GUID).
+Microsoft 365 usage analytics connects to an API that exposes a multidimensional data model. The APIs that Microsoft 365 usage analytics uses to generate its data are from the various, generally-available, Graph APIs. The function of the Microsoft 365 usage analytics API by itself is not generally available.
> [!NOTE] > For more information, see [Working with Microsoft 365 usage reports in Microsoft Graph](https://go.microsoft.com/fwlink/p/?linkid=864336).
commerce Manage Payment Methods https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/manage-payment-methods.md
audience: Admin
-localization_priority: Normal
+localization_priority: Priority
- M365-subscription-management - Adm_O365 - Adm_TOC-- commerce - TopSMBIssues - okr_SMB - AdminSurgePortfolio
+- commerce
search.appverid: - MET150 description: "Learn how to manage your payment methods in the Microsoft 365 admin center."
commerce Pay For Your Subscription https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/pay-for-your-subscription.md
audience: Admin
-localization_priority: Normal
+localization_priority: Priority
- M365-subscription-management - Adm_O365
commerce Cancel Your Subscription https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/cancel-your-subscription.md
audience: Admin
-localization_priority: Normal
+localization_priority: Priority
- M365-subscription-management - Adm_O365 - Adm_TOC+
+- AdminSurgePortfolio
- commerce- search.appverid: - MET150 description: "Learn how to cancel your Microsoft 365 for business trial or paid subscription."
commerce What If My Subscription Expires https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/what-if-my-subscription-expires.md
audience: Admin
-localization_priority: Normal
+localization_priority: Priority
- M365-subscription-management - Adm_O365 - Adm_TOC+
+- AdminSurgePortfolio
- commerce- search.appverid:-- BCS160 - MET150-- MOE150-- BEA160-- GEA150 ms.assetid: 4436582f-211a-45ec-b72e-33647f97d8a3 description: "Learn what happens to your data when your Microsoft 365 for business subscription expires, is disabled, or if you cancel."
compliance Advanced Ediscovery Edrm https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/advanced-ediscovery-edrm.md
localization_priority: Normal -- M365-security-compliance-- m365solution-aed-- m365initiative-compliance
+- m365-security-compliance
search.appverid: - MOE150 - MET150
compliance Create And Manage Advanced Ediscoveryv2 Case https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-and-manage-advanced-ediscoveryv2-case.md
localization_priority: Normal - M365-security-compliance-- m365solution-aed
+- m365solution-ediscovery
- m365initiative-compliance
+- m365initiative-scenario
search.appverid: - MOE150 - MET150
compliance Customer Key Tenant Level https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/customer-key-tenant-level.md
Set-M365DataAtRestEncryptionPolicyAssignment -DataEncryptionPolicy ΓÇ£Default_Po
``` Parameters:+ | Name | Description | Optional (Y/N) | |-|-|| -DataEncryptionPolicy|Specifies the data encryption policy that needs to be assigned; specify either the Policy Name or the Policy ID.|N|
Set-M365DataAtRestEncryptionPolicy -Identity ΓÇ£EUR PolicyΓÇ¥ -Refresh
``` Parameters:+ | Name | Description | Optional (Y/N) | |-|-|| |-Identity|Specifies the data encryption policy that you want to modify.|N|
compliance Define Mail Flow Rules To Encrypt Email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/define-mail-flow-rules-to-encrypt-email.md
You can define mail flow rules for triggering message encryption with the new OM
6. To enable encryption using the new OME capabilities, from **Do the following**, choose **Modify the message security** and then choose **Apply Office 365 Message Encryption and rights protection**. Select an RMS template from the list, choose **Save** and then choose **OK**.
- The list of templates includes all default templates and options as well as any custom templates you've created for use by Office 365. If the list is empty, ensure that you have set up Office 365 Message Encryption with the new capabilities as described in [Set up new Office 365 Message Encryption capabilities built on top of Azure Information Protection](set-up-new-message-encryption-capabilities.md). For information about the default templates, see [Configuring and managing templates for Azure Information Protection](https://docs.microsoft.com/information-protection/deploy-use/configure-policy-templates). For information about the **Do Not Forward** option, see [Do Not Forward option for emails](https://docs.microsoft.com/information-protection/deploy-use/configure-usage-rights#do-not-forward-option-for-emails). For information about the **encrypt only** option, see [Encrypt Only option for emails](https://docs.microsoft.com/information-protection/deploy-use/configure-usage-rights#encrypt-only-option-for-emails).
+ The list of templates includes all default templates and options as well as any custom templates you've created for use by Office 365. If the list is empty, ensure that you have set up Office 365 Message Encryption with the new capabilities as described in [Set up new Office 365 Message Encryption capabilities built on top of Azure Information Protection](set-up-new-message-encryption-capabilities.md). For information about the default templates, see [Configuring and managing templates for Azure Information Protection](https://docs.microsoft.com/information-protection/deploy-use/configure-policy-templates). For information about the Do Not Forward option, see [Do Not Forward option for emails](https://docs.microsoft.com/information-protection/deploy-use/configure-usage-rights#do-not-forward-option-for-emails). For information about the encrypt-only option, see [Encrypt Only option for emails](https://docs.microsoft.com/information-protection/deploy-use/configure-usage-rights#encrypt-only-option-for-emails).
You can choose **add action** if you want to specify another action.
compliance Deprecating Ome Viewer https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/deprecating-ome-viewer.md
f1.keywords:
- NOCSH + Last updated 6/29/2018 audience: Admin
As announced September 2017, we have released a new version of [Office 365 Messa
- [Encrypt-only template](https://aka.ms/encryptonly) - [Control to decrypt attachments](https://techcommunity.microsoft.com/t5/Security-Privacy-and-Compliance/Admin-control-for-attachments-now-available-in-Office-365/ba-p/204007)
-
+ With this change, users will no longer be able to download the Office 365 Message Encryption Viewer mobile app beginning August 1. As a result, mail recipients may not be able to read messages encrypted with the previous version of OME on some Android and Apple mobile devices. However, they will still be able to read these messages on personal computers (via desktop browsers). Users who have already downloaded the app will continue to be able to use it. ## Why this change was made
compliance Differences Between Estimated And Actual Ediscovery Search Results https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/differences-between-estimated-and-actual-ediscovery-search-results.md
description: "Understand why estimated and actual search results may vary in sea
This topic applies to searches that you can run using one of the following Microsoft 365 eDiscovery tools: - Content search-- Core eDiscovery
-
+- Core eDiscovery
+ When you run an eDiscovery search, the tool you're using will return an estimate of the number of items (and their total size) that meet the search criteria. For example, when you run a search in the Microsoft 365 compliance center, the estimated search results are displayed on the flyout page for the selected search. ![Estimate of results displayed in details pane of selected search](../media/74e4ce83-40be-41a9-b60f-5ad447e79fe4.png)
Here are some reasons for these differences:
The reason for not exporting unindexed items from every location in the organization is because it might increase the likelihood of export errors and increase the time it takes to export and download the search results.
+- **Unindexed items in SharePoint and OneDrive not included in search estimates**. Unindexed items from SharePoint sites and OneDrive for Business accounts aren't included in the estimated search results. This is because the SharePoint index doesn't contain data for unindexed items. Only unindexed items from mailboxes are included in the search estimates. However, if you include unindexed items when exporting search results, unindexed items in SharePoint and OneDrive are included. This can result in differences between the estimated results (which don't include unindexed items in SharePoint and OneDrive sites) and the actual items that are downloaded. The rule about exporting unindexed items only from content locations that contain items that match the search criteria still applies in this situation.
+ - **Raw file formats versus exported file formats**. For Exchange items, the estimated size of the search results is calculated by using the raw Exchange message sizes. However, email messages are exported in a PST file or as individual messages (which are formatted as EML files). Both of these export options use a different file format than raw Exchange messages, which results in the total exported file size being different than the estimated file size. - **Document versions**. For SharePoint documents, multiple versions of a document aren't included in the estimated search results. But you have the option to include all document versions when you export the search results, which will increase the actual number (and total size) of the exported documents.
Here are some reasons for these differences:
- **De-duplication**. For Exchange items, de-duplication reduces the number of items that are exported. You have the option to de-duplicate the search results when you export them. For Exchange messages, this means that only a single instance of a message is exported, even though that message might be found in multiple mailboxes. The estimated search results include every instance of a message. So if you choose the de-duplication option when exporting search results, the actual number of items that are exported might be considerably less than the estimated number of items. Another thing to keep in mind if you choose the de-duplication option is that all Exchange items are exported in a single PST file and the folder structure from the source mailboxes isn't preserved. The exported PST file just contains the email items. However, a search results report contains an entry for each exported message that identifies the source mailbox where the message is located. This helps you identify all mailboxes that contain a duplicate message. If you don't enable de-duplication, a separate PST file is exported for each mailbox included in the search.
-
+++++ > [!NOTE] > If you don't select the **Include items that are encrypted or have an unrecognized format** option when you export search results or just download the reports, the index error reports are downloaded but they don't have any entries. This doesn't mean there aren't any indexing errors. It just means that unindexed items weren't included in the export.
compliance Dlp Conditions And Exceptions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-conditions-and-exceptions.md
The tables in the following sections describe the conditions and exceptions that
||||| |Recipient is| condition: *SentTo* <br/> exception: *ExceptIfSentTo* | Addresses | Messages where one of the recipients is the specified mailbox, mail user, or mail contact in the organization. The recipients can be in the **To**, **Cc**, or **Bcc** fields of the message.| |Recipient domain is| condition: *RecipientDomainIs* <br/> exception: *ExceptIfRecipientDomainIs* | DomainName | Messages where the domain of the sender's email address matches the specified value.|
-|Recipient address contains words| condition: *RecipientAddressContainsWords* <br/> exception: *ExceptIfRecipientAddressContainsWords*| Words| Messages that contain the specified words in the recipient's email address. <br/>**Note**: This condition doesn't consider messages that are sent to recipient proxy addresses. It only matches messages that are sent to the recipient's primary email address.|
-|Recipient address matches patterns| condition: *RecipientAddressMatchesPatterns* <br/> exception: *ExceptIfRecipientAddressMatchesPatterns*| Patterns |Messages where a recipient's email address contains text patterns that match the specified regular expressions. <br/> **Note**: This condition doesn't consider messages that are sent to recipient proxy addresses. It only matches messages that are sent to the recipient's primary email address.|
+|Recipient address contains words| condition: *AnyOfRecipientAddressContainsWords* <br/> exception: *ExceptIfAnyOfRecipientAddressContainsWords*| Words| Messages that contain the specified words in the recipient's email address. <br/>**Note**: This condition doesn't consider messages that are sent to recipient proxy addresses. It only matches messages that are sent to the recipient's primary email address.|
+|Recipient address matches patterns| condition: *AnyOfRecipientAddressMatchesPatterns* <br/> exception: *ExceptIfAnyOfRecipientAddressMatchesPatterns*| Patterns |Messages where a recipient's email address contains text patterns that match the specified regular expressions. <br/> **Note**: This condition doesn't consider messages that are sent to recipient proxy addresses. It only matches messages that are sent to the recipient's primary email address.|
|Sent to member of| condition: *SentToMemberOf* <br/> exception: *ExceptIfSentToMemberOf*| Addresses| Messages that contain recipients who are members of the specified distribution group, mail-enabled security group, or Microsoft 365 group. The group can be in the **To**, **Cc**, or **Bcc** fields of the message.| ### Message subject or body
compliance Endpoint Dlp Learn About https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/endpoint-dlp-learn-about.md
Microsoft Endpoint DLP enables you to audit and manage the following types of ac
|copy to USB removable media |Detects when a user attempts to copy an item or information to removable media or USB device. | auditable and restrictable| |copy to a network share |Detects when a user attempts to copy an item to a network share or mapped network drive |auditable and restrictable| |print a document |Detects when a user attempts to print a protected item to a local or network printer.| auditable and restrictable |
+|copy to a remote session|Detects when a user attempts to copy an item to a remote desktop session | auditable and restrictable|
+|copy to a Bluetooth device|Detects when a user attempts to copy an item to an unallowed Bluetooth app (as defined in the list of unallowed Bluetooth aps in Endpoint DLP settings).| auditable and restrictable|
|create an item|Detects when a user creates an item| auditable| |rename an item|Detects when a user renames an item| auditable|
compliance Get Started With Advanced Ediscovery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/get-started-with-advanced-ediscovery.md
localization_priority: Normal - M365-security-compliance-- m365solution-aed
+- m365solution-ediscovery
- m365initiative-compliance search.appverid: - MOE150
compliance Office 365 Encryption In The Microsoft Cloud Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/office-365-encryption-in-the-microsoft-cloud-overview.md
# Encryption in the Microsoft Cloud
-Customer data within Microsoft's enterprise cloud services is protected by a variety of technologies and processes, including various forms of encryption. (Customer data in this document includes Exchange Online mailbox content, e-mail body, calendar entries, and the content of e-mail attachments, and if applicable, Skype for Business content), SharePoint Online site content and the files stored within sites, and files uploaded to OneDrive for Business or Skype for Business.) Microsoft uses multiple encryption methods, protocols, and ciphers across its products and services to help provide a secure path for customer data to travel through our cloud services, and to help protect the confidentiality of customer data that is stored within our cloud services. Microsoft uses some of the strongest, most secure encryption protocols available to provide barriers against unauthorized access to customer data. Proper key management is also an essential element of encryption best practices, and Microsoft works to ensure that all Microsoft-managed encryption keys are properly secured.
+Customer data within Microsoft's enterprise cloud services is protected by several technologies and processes, including various forms of encryption. (Customer data in this document includes Exchange Online mailbox content, e-mail body, calendar entries, and the content of e-mail attachments, and if applicable, Skype for Business content), SharePoint Online site content and the files stored within sites, and files uploaded to OneDrive for Business or Skype for Business.) Microsoft uses multiple encryption methods, protocols, and ciphers across its products and services to help provide a secure path for customer data to travel through our cloud services, and to help protect the confidentiality of customer data that is stored within our cloud services. Microsoft uses some of the strongest, most secure encryption protocols available to provide barriers against unauthorized access to customer data. Proper key management is also an essential element of encryption best practices, and Microsoft works to ensure that all Microsoft-managed encryption keys are properly secured.
-Regardless of customer configuration, customer data stored within Microsoft's enterprise cloud services is protected using one or more forms of encryption. (Validation of our crypto policy and its enforcement is independently verified by multiple third-party auditors, and reports of those audits are available on the [Service Trust Portal](https://aka.ms/stp).)
+Customer data stored within Microsoft's enterprise cloud services is protected using one or more forms of encryption. (Validation of our crypto policy and its enforcement is independently verified by multiple third-party auditors, and reports of those audits are available on the [Service Trust Portal](https://aka.ms/stp).)
Microsoft provides service-side technologies that encrypt customer data at rest and in transit. For example, for customer data at rest, Microsoft Azure uses [BitLocker](https://docs.microsoft.com/windows/device-security/bitlocker/bitlocker-overview) and [DM-Crypt](https://en.wikipedia.org/wiki/Dm-crypt), and Microsoft 365 uses BitLocker, [Azure Storage Service Encryption](https://docs.microsoft.com/azure/), [Distributed Key Manager](https://docs.microsoft.com/microsoft-365/compliance/exchange-online-secures-email-secrets) (DKM), and Microsoft 365 service encryption. For customer data in transit, Azure, Office 365, Microsoft Commercial Support, Microsoft Dynamics 365, Microsoft Power BI, and Visual Studio Team Services use industry-standard secure transport protocols, such as Internet Protocol Security (IPsec) and Transport Layer Security (TLS), between Microsoft datacenters and between user devices and Microsoft datacenters.
-In addition to the baseline level of cryptographic security provided by Microsoft, our cloud services also include additional cryptography options that you can manage. For example, you can enable encryption for traffic between their Azure virtual machines (VMs) and their users. With [Azure Virtual Networks](https://azure.microsoft.com/services/virtual-network/), you can use the industry-standard IPsec protocol to encrypt traffic between your corporate VPN gateway and Azure as well as between the VMs located on your Virtual Network. In addition, In addition, [new Office 365 Message Encryption capabilities](set-up-new-message-encryption-capabilities.md) allow you to send encrypted mail to anyone.
+In addition to the baseline level of cryptographic security provided by Microsoft, our cloud services also include cryptography options that you can manage. For example, you can enable encryption for traffic between their Azure virtual machines (VMs) and their users. With [Azure Virtual Networks](https://azure.microsoft.com/services/virtual-network/), you can use the industry-standard IPsec protocol to encrypt traffic between your corporate VPN gateway and Azure. You can also encrypt traffic between the VMs on your virtual network. In addition, [new Office 365 Message Encryption capabilities](set-up-new-message-encryption-capabilities.md) allow you to send encrypted mail to anyone.
-In accordance with the Public Key Infrastructure Operational Security Standard, which is a component of the [Microsoft Security Policy](https://servicetrust.microsoft.com/ViewPage/TrustDocuments?command=Download&downloadType=Document&downloadId=5868ecc8-50b7-4f91-b43f-640e2b99e86e&docTab=6d000410-c9e9-11e7-9a91-892aae8839ad_FAQ%20and%20White%20Papers), Microsoft leverages the cryptographic capabilities included in the Windows operating system for certificates and authentication mechanisms, which includes the use of cryptographic modules that meet the U.S. government's [Federal Information Processing Standards](https://csrc.nist.gov/publications/PubsFIPS.html) (FIPS) 140-2 standard. You can search for the relevant NIST certificate numbers for Microsoft using the [Cryptographic Module Validation Program CMVP](https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search).
+Following the Public Key Infrastructure Operational Security Standard, which is a component of the [Microsoft Security Policy](https://servicetrust.microsoft.com/ViewPage/TrustDocuments?command=Download&downloadType=Document&downloadId=5868ecc8-50b7-4f91-b43f-640e2b99e86e&docTab=6d000410-c9e9-11e7-9a91-892aae8839ad_FAQ%20and%20White%20Papers), Microsoft uses the cryptographic capabilities included in the Windows operating system for certificates and authentication mechanisms. These mechanisms include the use of cryptographic modules that meet the U.S. government's [Federal Information Processing Standards](https://csrc.nist.gov/publications/PubsFIPS.html) (FIPS) 140-2 standard. You can search for the relevant NIST certificate numbers for Microsoft using the [Cryptographic Module Validation Program CMVP](https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search).
> [NOTE] > To access the Microsoft Security Policy as a resource, you must sign in using your work or school account. If you don't have a subscription yet, [you can sign up for a free trial](https://servicetrust.microsoft.com/Home/TrialSubscriptions).
-FIPS 140-2 is a standard designed specifically for validating product modules that implement cryptography rather than the products that use them. Cryptographic modules that are implemented within a service can be certified as meeting the requirements for hash strength, key management, and the like. Any time cryptographic capabilities are employed to protect the confidentiality, integrity, or availability of data in Microsoft's cloud services, the modules and ciphers used meet the FIPS 140-2 standard.
+FIPS 140-2 is a standard designed specifically for validating product modules that implement cryptography rather than the products that use them. Cryptographic modules that are implemented within a service can be certified as meeting the requirements for hash strength, key management, and the like. The cryptographic modules and ciphers used to protect the confidentiality, integrity, or availability of data in Microsoft's cloud services meet the FIPS 140-2 standard.
Microsoft certifies the underlying cryptographic modules used in our cloud services with each new release of the Windows operating system:
Microsoft certifies the underlying cryptographic modules used in our cloud servi
Encryption of customer data at rest is provided by multiple service-side technologies, including BitLocker, DKM, Azure Storage Service Encryption, and service encryption in Exchange Online, Skype for Business, OneDrive for Business, and SharePoint Online. Office 365 service encryption includes an option to use customer-managed encryption keys that are stored in Azure Key Vault. This customer-managed key option, called [Customer Key](https://docs.microsoft.com/microsoft-365/compliance/customer-key-overview), is available for Exchange Online, SharePoint Online, Skype for Business, and OneDrive for Business.
-For customer data in transit, all Office 365 servers negotiate secure sessions using TLS by default with client machines to secure customer data. This applies to protocols on any device used by clients, such as Skype for Business, Outlook, and Outlook on the web, mobile clients, and web browsers.
+For customer data in transit, all Office 365 servers negotiate secure sessions using TLS by default with client machines to secure customer data. For example, Office 365 will negotiate secure sessions to Skype for Business, Outlook, and Outlook on the web, mobile clients, and web browsers.
-(All customer-facing servers negotiate to TLS 1.2 by default, but we also support negotiating down to a lower standard, if required.)
+(All customer-facing servers negotiate to TLS 1.2 by default.)
## Related Links
compliance Ome Faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ome-faq.md
When attachments are protected with a protected mail, Outlook clients provide th
## What email clients support revocation of protected emails?
-Outlook on the web supports revocation of protected mail. See [How to revoke an encrypted message that you sent](https://docs.microsoft.com/microsoft-365/compliance/revoke-ome-encrypted-mail?view=o365-worldwide#how-to-revoke-an-encrypted-message-that-you-sent) for details.
-
+Outlook on the web supports revocation of protected mail. See [How to revoke an encrypted message that you sent](revoke-ome-encrypted-mail.md#how-to-revoke-an-encrypted-message-that-you-sent) for details.
## Can I automatically encrypt messages by setting up policies?
There are currently two known limitations:
```powershell Add-MailboxPermission -Identity support@contoso.onmicrosoft.com -User ayla@contoso.com -AccessRights FullAccess -AutoMapping $true ```
-
- ## Can I open encrypted messages sent to another user's mailbox with Fullaccess?
+
+## Can I open encrypted messages sent to another user's mailbox with Fullaccess?
Users can open encrypted messages as long as they are given direct access and automapping is turned ON. Access is not allowed if the access is granted via an email-enabled security group.
compliance Ome Sensitive Info Types https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ome-sensitive-info-types.md
Use a work or school account that has global administrator permissions in your o
## Example mail flow rule created with PowerShell
-Run the following commands in PowerShell to create an Exchange mail flow rule that automatically encrypts emails sent outside your organization with the *Encrypt-Only* policy if the emails or their attachments contain the following sensitive information types:
+Run the following commands in PowerShell to create an Exchange mail flow rule that automatically encrypts emails sent outside your organization with the encrypt-only option if the emails or their attachments contain the following sensitive information types:
- ABA routing number - Credit card Number
compliance Ome Version Comparison https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ome-version-comparison.md
If your organization has not yet set up Azure Information Protection, you'll nee
| **Situation** | **Legacy OME** | **IRM in AD RMS** | **New OME capabilities** | |--|-|-|--| |*Sending an encrypted mail* |Through Exchange mail flow rules|End-user initiated from Outlook desktop or Outlook on the Web; or through Exchange mail flow rules|End-user initiated from Outlook desktop, Outlook for Mac, or Outlook on the Web; through Exchange mail flow rules (also known as transport rules) and Data Loss Prevention (DLP)|
-|*Rights management template* | N/A |Do Not Forward option and custom templates|Do Not Forward option, Encrypt-Only option, and custom templates|
+|*Rights management template* | N/A |Do Not Forward option and custom templates|Do Not Forward option, encrypt-only option, and custom templates|
|*Recipient type* |Internal and external recipients|Internal recipients only |Internal and external recipients| |*Experience for internal recipient*|Recipients receive an HTML message, which they download and open in a web browser or mobile app|Native inline experience in Outlook clients|Native inline experience for recipients in the same organization using Outlook clients. Recipients can read message from OME portal using clients other than Outlook (no download or app required).| |*Experience for external recipient*|Recipients receive an HTML message, which they download and open in a web browser or mobile app|N/A|Native inline experience for Microsoft 365 recipients. All other recipients can read message from OME portal (no download or app required).|
-|*Attachment permissions* |No restrictions on attachments|Attachments are protected|Attachments are protected for the Do Not Forward option and custom templates. Admins can choose whether attachments for the Encrypt-Only option are protected or not.|
+|*Attachment permissions* |No restrictions on attachments|Attachments are protected|Attachments are protected for the Do Not Forward option and custom templates. Admins can choose whether attachments for the encrypt-only option are protected or not.|
|*Bring your own key (BYOK) support*|None |None |BYOK supported | ||
If your organization has not yet set up Azure Information Protection, you'll nee
The new capabilities provide the following advantages: -- Ability to use Encrypt-Only (which enables secure collaboration), Do Not Forward, and custom restrictions.
+- Ability to use the encrypt-only option (which enables secure collaboration), Do Not Forward option, and custom restrictions.
- Senders can send mail encrypted with the new capabilities manually from Outlook Desktop, Outlook for Mac and Outlook on the web clients. - Microsoft 365 recipients get to use an inline experience in supported Outlook clients. Alternatively, admins can choose to show Microsoft 365 recipients a branded experience. - Accounts outside of Microsoft 365, such as Gmail, Yahoo, and Microsoft accounts, are federated with the OME portal, which provides a better user experience for these recipients. All other identities use a one-time pass code to access encrypted messages.
compliance Ome https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ome.md
With Office 365 Message Encryption, your organization can send and receive encry
The rest of this article applies to the new OME capabilities.
-Office 365 Message Encryption is an online service that's built on Microsoft Azure Rights Management (Azure RMS) which is part of Azure Information Protection. This includes encryption, identity, and authorization policies to help secure your email. You can encrypt messages by using rights management templates, the [Do Not Forward option](https://docs.microsoft.com/information-protection/deploy-use/configure-usage-rights#do-not-forward-option-for-emails), and the [encrypt-only option](https://docs.microsoft.com/information-protection/deploy-use/configure-usage-rights#encrypt-only-option-for-emails).
+Office 365 Message Encryption is an online service that's built on Microsoft Azure Rights Management (Azure RMS) which is part of Azure Information Protection. This service includes encryption, identity, and authorization policies to help secure your email. You can encrypt messages by using rights management templates, the [Do Not Forward option](https://docs.microsoft.com/information-protection/deploy-use/configure-usage-rights#do-not-forward-option-for-emails), and the [encrypt-only option](https://docs.microsoft.com/information-protection/deploy-use/configure-usage-rights#encrypt-only-option-for-emails).
-Users can then encrypt email messages and a variety of attachments by using these options. For a full list of supported attachment types, see ["File types covered by IRM policies when they are attached to messages" in Introduction to IRM for email messages](https://support.office.com/article/bb643d33-4a3f-4ac7-9770-fd50d95f58dc#FileTypesforIRM).
+Users can then encrypt email messages and various attachments by using these options. For a full list of supported attachment types, see ["File types covered by IRM policies when they are attached to messages" in Introduction to IRM for email messages](https://support.office.com/article/bb643d33-4a3f-4ac7-9770-fd50d95f58dc#FileTypesforIRM).
As an administrator, you can also define mail flow rules to apply this protection. For example, you can create a rule that requires the encryption of all messages addressed to a specific recipient, or that contains specific words in the subject line, and also specify that recipients can't copy or print the contents of the message.
-Unlike the previous version of OME, the new capabilities provide a unified sender experience whether you're sending mail inside your organization or to recipients outside of Microsoft 365. In addition, recipients who receive a protected email message sent to a Microsoft 365 account in Outlook 2016 or Outlook on the web, don't have to take any additional action to view the message. It works seamlessly. Recipients using other email clients and email service providers also have an improved experience. For information, see [Learn about protected messages in Office 365](https://support.office.com/article/Learn-about-protected-messages-in-Office-365-2baf3ac7-12db-40a4-8af7-1852204b4b67) and [How do I open a protected message](https://support.office.com/article/How-do-I-open-a-protected-message-1157a286-8ecc-4b1e-ac43-2a608fbf3098).
+Unlike the previous version of OME, the new capabilities provide a unified sender experience whether you're sending mail inside your organization or to recipients outside of Microsoft 365. In addition, recipients who receive a protected email message sent to a Microsoft 365 account in Outlook 2016 or Outlook on the web, don't have to take any other action to view the message. It works seamlessly. Recipients using other email clients and email service providers also have an improved experience. For information, see [Learn about protected messages in Office 365](https://support.office.com/article/Learn-about-protected-messages-in-Office-365-2baf3ac7-12db-40a4-8af7-1852204b4b67) and [How do I open a protected message](https://support.office.com/article/How-do-I-open-a-protected-message-1157a286-8ecc-4b1e-ac43-2a608fbf3098).
For a detailed list of the differences between the previous version of OME and the new OME capabilities, see [Compare versions of OME](ome-version-comparison.md).
compliance Overview Ediscovery 20 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/overview-ediscovery-20.md
localization_priority: Normal -- M365-security-compliance-- m365solution-aed
+- m365-security-compliance
+- m365solution-ediscovery
- m365initiative-compliance
+- m365solution-overview
search.appverid: - MOE150 - MET150
compliance Retention Policies Sharepoint https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention-policies-sharepoint.md
Items in SharePoint that have a standard retention label (doesn't declare the it
To retain this content when a user attempts to change or delete it, a check is made whether the content's been changed since the retention settings were applied. If this is the first change since the retention settings were applied, the content is copied to the Preservation Hold library, which allows the person to change or delete the original content. Any content in a site collection can be copied to the Preservation Hold library, independently from retention settings. A timer job periodically cleans up the Preservation Hold library. For content that has been in the Preservation Hold library for more than 30 days, this job compares the content to all queries used by the retention settings for that content. Content that is older than their configured retention period is then deleted from the Preservation Hold library, and the original location if it is still there. This timer job runs every seven days, which means that together with the minimal 30 days, it can take up to 37 days for content to be deleted from the Preservation Hold library.
-
-This behavior applies to content that exists when the retention settings were applied. In addition, for retention policies, any new content that's created or added to the site collection after it was included in the policy will be retained after deletion. However, new content isn't copied to the Preservation Hold library the first time it's edited, only when it's deleted. To retain all versions of a file, you must turn on [versioning](#how-retention-works-with-document-versions).
+
+While files are retained in the Preservation Hold library, administrators won't be able to delete the content's SharePoint site or OneDrive account.
+
+This behavior for copying files into the Preservation Hold library applies to content that exists when the retention settings were applied. In addition, for retention policies, any new content that's created or added to the site after it was included in the policy will be retained in the Preservation Hold library. However, new content isn't copied to the Preservation Hold library the first time it's edited, only when it's deleted. To retain all versions of a file, you must turn on [versioning](#how-retention-works-with-document-versions).
Users see an error message if they try to delete a library, list, folder, or site that's subject to retention. They can delete a folder if they first move or delete any files in the folder that are subject to retention.
compliance Retention https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention.md
You apply Preservation Lock after the retention policy or retention label policy
## Releasing a policy for retention
-Providing your policies for retention don't have a Preservation Lock, you can delete your policies at any time, which effectively turns off the previously applied retention settings. You can also keep the policy but change the location status to off.
+Providing your policies for retention don't have a Preservation Lock, you can delete your policies at any time, which effectively turns off the previously applied retention settings. You can also keep the policy, but remove a site for SharePoint or an account for OneDrive, or change the location status to off, or disable the policy.
-When you do either of these actions, any SharePoint or OneDrive content that's being retained in the Preservation Hold library is not immediately and permanently deleted. Instead, to help prevent inadvertent data loss, there is a 30-day grace period, during which content expiration for that policy does not happen in the Preservation Hold library, so that you can restore any content from there, if needed. Additionally, you can't manually delete this content during the grace period.
+When you do any of these actions, any SharePoint or OneDrive content that's subject to retention from the policy continues to be retained for 30 days to prevent inadvertent data loss. During this 30-day grace period, you can't delete the site, deleted files are still retained (files continue to be added to the Preservation Hold library), but the timer job that periodically cleans up the Preservation Hold library is suspended for these files so you can restore them if necessary.
-You can change the location status back to on during the grace period, and no content will be deleted for that policy.
+For more information about the Preservation Hold library, see [How retention works for SharePoint and OneDrive](retention-policies-sharepoint.md#how-retention-works-for-sharepoint-and-onedrive).
-This 30-day grace period in SharePoint and OneDrive corresponds to the 30-day delay hold in Exchange. For more information, see [Managing mailboxes on delay hold](identify-a-hold-on-an-exchange-online-mailbox.md#managing-mailboxes-on-delay-hold).
+Because of the behavior during the grace period, if you re-enable the policy or change the location status back to on within 30 days, the policy resumes without any permanent data loss during this time.
## Auditing retention configuration
compliance Sensitive Information Type Learn About https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitive-information-type-learn-about.md
A high confidence level returns the fewest false positives but might result in m
You should use high confidence level patterns with low counts, say five to ten, and low confidence patterns with higher counts, say 20 or more.
+> [!NOTE]
+> If you have existing policies or custom sensitive information types (SITs) defined using number-based confidence levels (also know as accuracy), they will automatically be mapped to the three discrete confidence levels; low confidence, medium confidence, and high confidence, across the Security @ Compliance Center UI.
+> - All policies with minimum accuracy or custom SIT patterns with confidence levels of between 76 and 100 will be mapped to high confidence.
+> - All policies with minimum accuracy or custom SIT patterns with confidence levels of between 66 and 75 will be mapped to medium confidence.
+> - All policies with minimum accuracy or custom SIT patterns with confidence levels less than or equal to 65 will be mapped to low confidence.
## Creating custom sensitive information types To create custom sensitive information types in the Security & Compliance Center, you can choose from several options:
managed-desktop Archived Device List https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/service-description/archived-device-list.md
To be enrolled in Microsoft Managed Desktop, a device must be one of the followi
|Dell Optiplex 3070 | 128 GB / Intel i3 / 8 GB RAM | None | **May 1, 2025** | |HP EliteBook 830 / 840 / 850 G5| 128 GB / Intel i5 / 8 GB RAM | SKU with 5VS01AV, IR camera or fingerprint sensor required | **Feb 15, 2023** | |HP EliteBook 830 / 840 / 850 G6| 128 GB / Intel i5 / 8 GB RAM | SKU with 5VS01AV, IR camera or fingerprint sensor required | **Nov 30, 2023** |
+|HP EliteBook 830 / 840 / 850 G7| 128 GB / Intel i5 / 8 GB RAM | SKU with 9MZ21AV, IR camera or fingerprint sensor required | **Nov 30, 2024** |
|HP Elite x2 1013 G3| 256 GB / Intel i5 / 8 GB RAM | SKU with 5VS03AV, IR camera required |**May 14, 2023** |
+|HP Elite x2 G4| 256 GB / Intel i5 / 8 GB RAM | SKU with 5VS03AV, IR camera required |**May 31, 2024** |
+|HP EliteBook x360 830 G7| 256 GB / Intel i5 / 8 GB RAM | SKU with 9MZ21AV, IR camera required |**Nov 30, 2024** |
|HP EliteBook x360 1030 G5| 256 GB / Intel i5 / 8 GB RAM | SKU with 5VS01AV, IR camera required |**May 14, 2023** | |HP EliteBook x360 1030 G6| 256 GB / Intel i5 / 8 GB RAM | SKU with 5VS01AV, IR camera required |**Nov 30, 2023** | |HP EliteBook x360 1040 G5| 256 GB / Intel i5 / 8 GB RAM | SKU with 5VS01AV, IR camera required | **Oct 23, 2023** | |HP EliteBook x360 1040 G6| 256 GB / Intel i5 / 8 GB RAM | SKU with 5VS01AV, IR camera required | **Nov 30, 2023** |
+|HP EliteBook x360 1030 / 1040 G7| 256 GB / Intel i5 / 8 GB RAM | SKU with 8XW08AV, IR camera required | **Aug 31, 2024** |
|HP ProBook x360 440 G1| 128 GB / Intel i3 / 8 GB RAM | SKU with 5VS04AV, IR camera or fingerprint reader required | **Jun 6, 2023** | |HP EliteDesk 800 G4 DM | 128 GB / Intel i3 / 8 GB RAM | SKU with 5VS04AV | **Jul 18, 2023** | |HP EliteDesk 800 G4 SFF | 128 GB / Intel i3 / 8 GB RAM | SKU with 5VS04AV | **Jul 18, 2023** | |HP EliteOne 800 G4 23.8in AIO |128 GB / Intel i3 / 8 GB RAM |SKU with 5VS04AV| **Jul 18, 2023** |
+|HP EliteOne 800 G6 24/27 AIO |256 GB / Intel i5 / 8 GB RAM |SKU with 9XM14AV| **Jun 30, 2025** |
|HP ZBook 14u/15u G6 Mobile Workstation |256 GB / Intel i5 / 8 GB RAM |SKU with 5VS04AV, IR camera required| **Nov 30, 2023** |
+|HP ZBook Firefly 14/15 G7 Mobile Workstation |256 GB / Intel i5 / 8 GB RAM |SKU with 9MZ22AV, IR camera required| **Nov 30, 2024** |
|Surface Book 2| 256 GB / Intel i5 / 8 GB RAM | None | **Nov 16, 2022** | |Surface Go| 128 GB / Intel 4415Y / 8GB RAM | None | **Aug 2, 2023** | |Surface Laptop| 256 GB / Intel i5 / 8 GB RAM | None | **May 20, 2022** |
managed-desktop Device List https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/service-description/device-list.md
The links to devices here are for your reference only. If you want to order devi
| Model | Minimum specifications | Additional requirements | Archive date | Retirement date | |-|-||-|--|
-| [Dell Precision 5310 2-in-1](https://www.dell.com/en-us/work/shop/2-in-1-laptops-tablets/new-latitude-5310-2-in-1-business-laptop/spd/latitude-13-5310-2-in-1-laptop) | 256 GB / Intel i5 / 8 GB RAM | IR camera required | April 28, 2022 | April 28, 2025 |
+| [Dell Latitude 5310 / 5310 2-in-1](https://www.dell.com/en-us/work/shop/2-in-1-laptops-tablets/new-latitude-5310-2-in-1-business-laptop/spd/latitude-13-5310-2-in-1-laptop) | 256 GB / Intel i5 / 8 GB RAM | IR camera required | April 28, 2022 | April 28, 2025 |
| [Dell Latitude 3510](https://www.dell.com/en-us/work/shop/dell-laptops-and-notebooks/latitude-3510-business-laptop/spd/latitude-15-3510-laptop) | 256 GB / Intel i5 / 8 GB RAM | IR camera required | April 28, 2022 | April 28, 2025 | | [Dell Latitude 5410](https://www.dell.com/en-us/work/shop/dell-laptops-and-notebooks/new-latitude-5410-business-laptop/spd/latitude-14-5410-laptop) | 256 GB / Intel i5 / 8 GB RAM | IR camera required | April 28, 2022 | April 28, 2025 | | [Dell Latitude 5510](https://www.dell.com/en-us/work/shop/laptops/15-5510/spd/latitude-15-5510-laptop)** | 256 GB / Intel i5 / 8 GB RAM | IR camera required | April 28, 2022 | April 28, 2025 |
security Advanced Hunting Best Practices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-best-practices.md
The [join operator](https://docs.microsoft.com/azure/data-explorer/kusto/query/j
```kusto EmailEvents | where Timestamp > ago(7d)
- | where MalwareFilterVerdict == "Malware"
+ | where ThreatTypes has "Malware"
| project EmailReceivedTime = Timestamp, Subject, SenderFromAddress, AccountName = tostring(split(RecipientEmailAddress, "@")[0]) | join ( DeviceLogonEvents
abuse_sha256
| where Timestamp > ago(1d) ) on $left.sha256_hash == $right.SHA256 | project Timestamp,SenderFromAddress,RecipientEmailAddress,FileName,FileType,
-SHA256,MalwareFilterVerdict,MalwareDetectionMethod
+SHA256,ThreatTypes,DetectionMethods
``` ### Parse strings
security Advanced Hunting Query Emails Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-query-emails-devices.md
You can get account names and other account information by merging or joining th
EmailEvents | where Timestamp > ago(7d) //Get email processing events where the messages were identified as either phishing or malware
-| where MalwareFilterVerdict == 'Malware' or PhishFilterVerdict == 'Phish'
+| where ThreatTypes has "Malware" or ThreatTypes has "Phish"
//Merge email events with identity info to get recipient details | join (IdentityInfo | distinct AccountUpn, AccountDisplayName, JobTitle, Department, City, Country) on $left.RecipientEmailAddress == $right.AccountUpn //Show important message and recipient details
-| project Timestamp, NetworkMessageId, Subject, PhishFilterVerdict, MalwareFilterVerdict,
+| project Timestamp, NetworkMessageId, Subject, ThreatTypes,
SenderFromAddress, RecipientEmailAddress, AccountDisplayName, JobTitle, Department, City, Country ```
This query finds the 10 latest logons performed by email recipients within 30 mi
//Define new table for malicious emails let MaliciousEmails=EmailEvents //List emails detected as malware, getting only pertinent columns
-| where MalwareFilterVerdict == "Malware"
+| where ThreatTypes has "Malware"
| project TimeEmail = Timestamp, Subject, SenderFromAddress, AccountName = tostring(split(RecipientEmailAddress, "@")[0]); MaliciousEmails | join (
security Microsoft 365 Security Mde Redirection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/microsoft-365-security-mde-redirection.md
In alignment with MicrosoftΓÇÖs cross-domain approach to threat protection with
This guide explains how to route accounts to the Microsoft 365 security center by enabling automatic redirection from the former Microsoft Defender for Endpoint portal (securitycenter.windows.com or securitycenter.microsoft.com), to the Microsoft 365 security center portal (security.microsoft.com).
+> [!NOTE]
+> Microsoft Defender for Endpoint in the Microsoft 365 security center supports [granting access to managed security service providers (MSSPs)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/grant-mssp-access) in the same that way access is [granted in the Microsoft Defender security center](https://docs.microsoft.com/microsoft-365/security/mtp/mssp-access).
+ ## What to expect Once automatic redirection is enabled, accounts accessing the former Microsoft Defender for Endpoint portal at securitycenter.windows.com or securitycenter.microsoft.com, will be automatically routed to the Microsoft 365 security center portal at security.microsoft.com.
Once disabled, accounts will no longer be routed to security.microsoft.com, and
- [XDR versus SIEM infographic](https://afrait.com/blog/xdr-versus-siem/) - [The New Defender](https://afrait.com/blog/the-new-defender/) - [About Microsoft 365 Defender](https://www.microsoft.com/microsoft-365/security/microsoft-365-defender) -- [Microsoft security portals and admin centers](portals.md)
+- [Microsoft security portals and admin centers](portals.md)
security Overview Security Center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/overview-security-center.md
Common controls and content either appear in the same place, or are condensed in
- Learn more about how to [manage access to Microsoft 365 Defender](mtp-permissions.md) - Learn more about how to [create custom roles](custom-roles.md) in Microsoft 365 security center
+> [!NOTE]
+> Microsoft Defender for Endpoint in the Microsoft 365 security center supports [granting access to managed security service providers (MSSPs)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/grant-mssp-access) in the same that way access is [granted in the Microsoft Defender security center](https://docs.microsoft.com/microsoft-365/security/mtp/mssp-access).
+ ### Integrated reports Reports are also unified in the Microsoft 365 security center. Admins can start with a general security report, and branch into specific reports about endpoints, email & collaboration. The links here are dynamically generated based upon workload configuration.
security Threat Analytics Analyst Reports https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/threat-analytics-analyst-reports.md
Advanced hunting queries in the analyst reports have been vetted by Microsoft an
>[!NOTE]
-> Threat analytics is also available in [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/threat-analytics). However, it does not have the data integration between Microsoft Defender for Office and Microsoft Defender for Endpoint that Microsoft 365 Defender Threat analytics has.
+> Threat analytics is also available in [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/threat-analytics). However, it does not have the data integration between Microsoft Defender for Office and Microsoft Defender for Endpoint that Microsoft 365 Defender threat analytics has.
## Related topics
security Threat Analytics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/threat-analytics.md
Watch this short video to learn more about how threat analytics can help you tra
>[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RWwJfU]
-You can access Threat analytics either from the upper left-hand side of Microsoft 365 security portalΓÇÖs navigation bar, or from a dedicated dashboard card which shows the top threats in your org. Getting visibility on active or ongoing campaigns and knowing what to do through threat analytics can help equip your security operations team with informed decisions.
+You can access threat analytics either from the upper left-hand side of Microsoft 365 security portalΓÇÖs navigation bar, or from a dedicated dashboard card which shows the top threats in your org. Getting visibility on active or ongoing campaigns and knowing what to do through threat analytics can help equip your security operations team with informed decisions.
![Image of the threat analytics dashboard](../../media/threat-analytics/ta_inlandingpage_mtp.png)
-_Where to access Threat analytics_
+_Where to access threat analytics_
With more sophisticated adversaries and new threats emerging frequently and prevalently, it's critical to be able to quickly:
security Tickets Security Center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/tickets-security-center.md
- Title: Create and track ServiceNow tickets in the Microsoft 365 security center
-description: Learn how to create and track tickets in ServiceNow from Microsoft 365 security center.
-keywords: security, Microsoft 365, M365, secure score, security center, ServiceNow, tickets, tasks
- - NOCSH
----
- - M365-security-compliance
-
- - MOE150
- - MET150
-
- - seo-marvel-apr2020
--
-# Create and track ServiceNow tickets in the Microsoft 365 security center
--
->[!CAUTION]
->**The preview period for the ServiceNow connector has ended**<br>
->This capability is no longer available. Thank you for your feedback and continued support while we determine next steps.
-
-The [Microsoft 365 security center](overview-security-center.md) has been enhanced with the ability to natively create and track tickets in ServiceNow. [Learn more about ServiceNow](https://www.servicenow.com/)
-
-In the security center, security administrators can send a [Microsoft Secure Score](microsoft-secure-score.md) improvement action directly to ServiceNow and create a ticket. Both incident management and change management tickets can be created. Track tickets in the security center home page and ServiceNow.
-
security Tickets https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/tickets.md
ms.technology: m365d
>**The preview period for the ServiceNow connector has ended**<br> >This capability is no longer available. Thank you for your feedback and continued support while we determine next steps.
-ServiceNow is a popular cloud computing platform that helps companies manage digital workflows for enterprise operations. Their Now platform has IT workflows, employee workflows, and customer workflows. [Learn more about ServiceNow](https://www.servicenow.com/)
-
-Microsoft has partnered with ServiceNow to make it easier for IT admins to manage their tickets and tasks in both platforms. [Microsoft 365 security center](overview-security-center.md) and the [Microsoft 365 compliance center](https://docs.microsoft.com/microsoft-365/compliance/microsoft-365-compliance-center) are being enhanced with the ability to natively create and track tickets in ServiceNow.
+ServiceNow is a popular cloud computing platform that helps companies manage digital workflows for enterprise operations. Their Now platform has IT workflows, employee workflows, and customer workflows.
security Atp Safe Links https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/atp-safe-links.md
Title: Safe Links f1.keywords: - NOCSH--++ audience: Admin
The settings in Safe Links policies that apply to email messages are described i
- **Do not allow users to click through to original URL**: Allows or blocks users from clicking through the [warning page](#warning-pages-from-safe-links) to the original URL. The recommend value is enabled.
+- **Display the organization branding on notification and warning pages**: This option shows your organization's branding on warning pages. Branding helps users identify legitimate warnings, because default Microsoft warning pages are often used by attackers. For more information about customized branding, see [Add branding to your organization's Azure Active Directory sign-in page](/azure/active-directory/fundamentals/customize-branding).
+ - **Do not rewrite the following URLs**: Leaves URLs as they are. Keeps a custom list of safe URLs that don't need scanning. The list is unique for each Safe Links policy. For more information about the **Do not rewrite the following URLs** list, see the ["Do not rewrite the following URLs" lists in Safe Links policies](#do-not-rewrite-the-following-urls-lists-in-safe-links-policies) section later in this article. For more information about the recommended values for Standard and Strict policy settings for Safe Links policies, see [Safe Links policy settings](recommended-settings-for-eop-and-office365-atp.md#safe-links-policy-settings).
security Message Trace Scc https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/message-trace-scc.md
The available report types are:
- **Enhanced summary** or **Extended**: These reports are only available as downloadable CSV files, and require one or more of the following filtering options regardless of the time range: **By these people**, **To these people**, or **Message ID**. You can use wildcards for the senders or the recipients (for example, \*@contoso.com). The Enhanced summary report returns up to 50000 results. The Extended report returns up to 1000 results. > [!NOTE]
->
+>
> - Enhanced summary and Extended reports are prepared using archived message trace data, and it can take up to several hours before your report is available to download. Depending on how many other admins have also submitted report requests around the same time, you might also notice a delay before your queued request starts to be processed.
->
+>
> - While you can select an Enhanced summary or Extended report for any date/time range, commonly the last four hours of archived data will not yet be available for these two types of reports.
+>
+> - The maximum size for a downloadable report is 500 MB. If a downloadable report exceeds 500 MB, you can't open the report in Excel or Notepad.
When you click **Next**, you're presented with a summary page that lists the filtering options that you selected, a unique (editable) title for the report, and the email address that receives the notification when the message trace completes (also editable, and must be in one of your organization's accepted domains). Click **Prepare report** to submit the message trace. On the main **Message trace** page, you can see the status of the report in the **Downloadable reports** section.
security Virus Detection In Spo https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/virus-detection-in-spo.md
Microsoft 365 uses a common virus detection engine for scanning files that users
> [!IMPORTANT] > The built-in anti-virus capabilities are a way to help contain viruses. They aren't intended as a single point of defense against malware for your environment. We encourage all customers to investigate and implement anti-malware protection at various layers and apply best practices for securing their enterprise infrastructure. For more information about strategies and best practices, see [Security roadmap](security-roadmap.md).
-## What happens when an infected file is uploaded to SharePoint Online?
+## What happens if an infected file is uploaded to SharePoint Online?
-The Microsoft 365 virus detection engine runs asynchronously within SharePoint Online. **All files are not automatically scanned on upload**. Heuristics determine the files to scan. When a file is found to contain a virus, the file is flagged so it can't be downloaded again. In April 2018, we removed the 25 MB limit for scanned files.
+The Microsoft 365 virus detection engine runs asynchronously (independent from file uploads) within SharePoint Online. **All files are not automatically scanned**. Heuristics determine the files to scan. When a file is found to contain a virus, the file is flagged. In April 2018, we removed the 25 MB limit for scanned files.
Here's what happens: 1. A user uploads a file to SharePoint Online.
-2. SharePoint Online determines whether the file meets the criteria for a scan.
-3. The virus detection engine scans the file.
-4. If a virus is found, the virus engine sets a property on the file indicating that it's infected.
+2. SharePoint Online, as part of its virus scanning processes, later determines if the file meets the criteria for a scan.
+3. If the file meets the criteria for a scan, the virus detection engine scans the file.
+4. If a virus is found within the scanned file, the virus engine sets a property on the file indicating that it's infected.
## What happens when a user tries to download an infected file by using the browser?
solutions Allow Members To Send As Or Send On Behalf Of Group https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/allow-members-to-send-as-or-send-on-behalf-of-group.md
Title: "Allow members to send as or send on behalf of a Group"
+ Title: "Allow members to send as or send on behalf of a group"
f1.keywords: NOCSH
search.appverid: - MET150 ms.assetid: 0ad41414-0cc6-4b97-90fb-06bec7bcf590
-description: "Learn how to allow members to send email as a Microsoft 365 group or send email on behalf of a Microsoft 365 group."
+description: "Learn how to allow group members to send email as a Microsoft 365 group or send email on behalf of a Microsoft 365 group."
# Allow members to send as or send on behalf of a group
-A member of a Microsoft 365 group who has been granted **Send as** or **Send on behalf** permissions can send email as the group, or on behalf of the group. This article explains how a global or Exchange administrator can set these permissions.
+A member of a Microsoft 365 group who has been granted **Send as** or **Send on behalf** permissions can send email as the group, or on behalf of the group. (Guests in the group cannot be granted these permissions.)
+
+This article explains how a global or Exchange administrator can set these permissions.
For example, if Megan Bowen is part of the **Training** Microsoft 365 group, and has **Send as** permissions on the group, if she sends an email as the group, it will look like the **Training** group sent the email.
solutions Collaboration Governance Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/collaboration-governance-overview.md
This series of articles will help you understand how groups, teams, and SharePoi
There are many options for deploying Microsoft 365 Groups and Teams for secure collaboration in your organization. We recommend you use this governance content alongside [Set up secure collaboration with Microsoft 365](setup-secure-collaboration-with-teams.md) and its associated articles to create the best collaboration solution for your organization.
-## What are Microsoft 365 groups?
+## Why Microsoft 365 groups are important
Microsoft 365 groups lets you choose a set of people with whom you wish to collaborate, and easily set up a collection of resources for those people to share. Adding members to the group automatically grants the needed permissions to all assets provided by the group. Both Teams and Yammer use Microsoft 365 groups to manage their membership.
See a behind-the-scenes example of how Microsoft 365 Groups, SharePoint, Teams,
[Microsoft 365 security documentation](https://docs.microsoft.com/microsoft-365/security)
-[Microsoft 365 compliance documentation](https://docs.microsoft.com/microsoft-365/compliance)
+[Microsoft 365 compliance documentation](https://docs.microsoft.com/microsoft-365/compliance)