+### What happens to message approval (moderation) settings on distribution groups after upgrading?

+The message approval (moderation) settings are preserved and continue to work fine after the distribution group is upgraded to a Microsoft 365 Group.

+- **Report as misclassified**: You can always resolve a message as misclassified at any point during the message review workflow. Misclassified signifies that the alert was non-actionable or that the alert was incorrectly generated by the alerting process and any trainable classifiers. Resolving the item as misclassified sends message content, attachments, and the message subject (including metadata) to Microsoft to help improve trainable classifiers. Data that is sent to Microsoft doesn't contain information that may identify or be used to identify any users in your organization. Further actions canΓÇÖt be taken on the message and all misclassified messages are displayed in the **Resolved** tab.

+- **Escalate for investigation**: Using the **Escalate for investigation** control, you can create a new [Advanced eDiscovery case](overview-ediscovery-20.md) for single or multiple messages. You'll provide a name and notes for the new case, and user who sent the message matching the policy is automatically assigned as the case custodian. You don't need any additional permissions to manage the case. Creating a case doesn't resolve or create a new tag for the message. You can select a total of 100 messages when creating an Advanced eDiscovery case during the remediation process. Messages in all communication channels monitored by communication compliance are supported. For example, you could select 50 Microsoft Teams chats, 25 Exchange Online email messages, and 25 Yammer messages when you open a new Advanced eDiscovery case for a user.

+- **Remove message in Teams**: Using the **Remove message in Teams** control, you can block inappropriate messages and content identified in alerts from Microsoft Teams channels and 1:1 and group chats. Removed messages and content are replaced with a policy tip that explains that it's blocked and the policy that applies to its removal from view. Recipients are provided a link in the policy tip to learn more about the applicable policy and the review process. The sender receives a policy tip for the blocked message and content but can review the details of the blocked message and content for context regarding the removal.

+Customers with Microsoft 365 subscriptions that include communication compliance don't need additional Power Automate licenses to use the recommended default communication compliance Power Automate template. The default template can be customized to support your organization and cover core communication compliance scenarios. If you choose to use premium Power Automate features in these templates, create a custom template using the Microsoft 365 compliance connector, or use Power Automate templates for other compliance areas in Microsoft 365, you may need additional Power Automate licenses.

+7. If needed, add any additional steps to the flow by selecting the **New step** button. In most cases, this change shouldn't be needed for the recommended default templates.

+When messages are resolved, they're removed from the **Pending** tab view and displayed in the **Resolved** tab view. Investigation and remediation actions aren't available for messages in the *Resolved* view. However, there may be instances where you need to take additional action on a message that was mistakenly resolved or that needs further investigation after initial resolution. You can use the unresolve command feature move one or more messages from the *Resolved* view back to the *Pending* view.

+| **Inappropriate text** | Detect inappropriate text | - Locations: Exchange Online, Microsoft Teams, Yammer, Skype for Business <br> - Direction: Inbound, Outbound, Internal <br> - Review Percentage: 100% <br> - Conditions: Threat, Discrimination, and Targeted harassment classifiers |

+3. In the **Copy policy** pane, you can accept the default name for the policy in the **Policy name** field or rename the policy. The policy name for the new policy canΓÇÖt be the same as an existing active or deactivated policy. Complete the **Description** field as needed.

+Each communication compliance policy has a storage limit size of 100 GB or 1 million messages, whichever is reached first. As the policy approaches these limits, notification emails are automatically sent to users assigned to the *Communication Compliance* or *Communication Compliance Admin* role groups. Notifications messages are sent when the storage size or message count reach 80, 90, and 95 percent of the limit. When the policy limit is reached, the policy is automatically deactivated, and the policy stops processing messages for alerts.

+- **Discrimination**: Scans for explicit discriminatory language and is particularly sensitive to discriminatory language against the African American/Black communities when compared to other communities.

+After you configure a policy, a corresponding alert policy is automatically created and alerts are generated for messages that match conditions defined in the policy. It may take up to 24 hours after creating a policy start to receive alerts from activity indicators. By default, all policy matches alert triggers are assigned a severity level of medium in the associated alert policy. Alerts are generated for a communication compliance policy once the aggregation trigger threshold level is met in the associated alert policy. A single email notification is sent once every 24 hours for any alerts, regardless of the number of individual messages that match policy conditions. For example, Contoso has an inappropriate content policy enabled and for January 1st, there were 100 policy matches that generated six alerts. A single email notification for the six alerts is sent at end of January 1st.

+- **Conversation policy matching**: Messages in conversations are grouped by policy matches to give you more visibility about how conversations relate to your communication policies. For example, conversation policy matching in the *Pending Alerts* view will automatically show all messages in a Teams channel that have matches for your Inappropriate Content policy. Other messages in the conversation that don't match the Inappropriate Content policy wouldn't be displayed.

+Additionally, Teams and Skype for Business Online endpoints in US Government national cloud instances of Microsoft 365 will make the same change, affecting endpoints such as:

+- *.gcc.teams.microsoft.com

+- *.dod.teams.microsoft.us

+- *.gov.teams.microsoft.us

+This change will not affect certificates, domains, or services used in the China or Germany national cloud instances of Microsoft 365.

+Services began transitioning to the new Root CAs in January 2022 and will continue through October 2022.

+As an example, this is a valid certificate with one of the new certificate chains:

+

+### File types (preview)

+File Types are a grouping of file formats which are utilized to protect specific workflows or areas of business. You can use one or more File types as conditions in your DLP policies.

+|File Type |App |monitored file extensions |

+||||

+|word processing |Word, PDF | .doc, .docx, .docm, .dot, .dotx, .dotm, .docb, .pdf |

+|spreadsheet |Excel, CSV, TSV |.xls, .xlsx, .xlt, .xlm, .xlsm, .xltx, .xltm, .xlsb, .xlw, .csv, .tsv |

+|presentation |PowerPoint|.ppt, .pptx, .pos, .pps, .pptm, .potx, .potm, .ppam, .ppsx|

+|archive |file archive and compression tools | .zip, .zipx, .rar, .7z, .tar, .gz |

+|email |Outlook |.pst, .ost, .msg |

+### File extensions (preview)

+If the File types don't cover the file extensions you need to list as a condition in a policy, you can use file extensions separated by comma instead.

+> [!IMPORTANT]

+> The file extensions and file types options cannot be used as conditions in the same rule. If you want to use them as conditions in the same policy, they must be in separate rules.

+> [!IMPORTANT]

+> These Windows versions support File types and File extension features:

+>- Windows 10 versions 20H1/20H2/21H1 (KB 5006738)

+>- Windows 10 versions 19H1/19H2 (KB 5007189)

+>- Windows 10 RS5 (KB 5006744)

+Use the following options to configure the export. Not all options are allowed for some output options, most notably, export of text files and redacted PDFs aren't allowed when exporting to the PST format.

+ - Exchange: This folder contains all content from Exchange stored in PST files. Redacted PDF files canΓÇÖt be included with this option. If an attachment is selected in the review set, the parent email message will be exported with the attachment attached.

+

+ The Exchange folder may also contain a subfolder named mailboxname_loosefiles.zip, which contains the following items:

+ - Information Rights Management (IRM) protected messages that have been decoded.

+ - Error-remediated messages.

+ - Modern attachments or links referenced in messages.

+ - Encrypted items (which aren't included in the PST files in the Exchange folder).

+ - SharePoint: This folder contains all native content from SharePoint in a native file format. Redacted PDF files canΓÇÖt be included with this option.

+This option uses the same general structure as the *Condensed directory structure*, however the contents aren't zipped and the data is saved to your Azure Storage account. This option is generally used when working with a third-party eDiscovery provider. For details about how to use this option, see [Export documents in a review set to an Azure Storage account](download-export-jobs.md).

+Before you configure retention, first familiarize yourself with capacity and storage limits for the respective workloads:

+- For SharePoint and OneDrive, retained items are stored in the site's Preservation Hold library, which is included in the site's storage quota. For more information, see [Manage site storage limits](/sharepoint/manage-site-collection-storage-limits) from the SharePoint documentation.

+- For Exchange, Teams, and Yammer, where retained messages are stored in mailboxes, see [Exchange Online limits](/office365/servicedescriptions/exchange-online-service-description/exchange-online-limits) and enable [auto-expanding archiving](autoexpanding-archiving.md).

+

+ In extreme cases where a high volume of email is deleted in a short time period, either by users or automatically from policy settings, you might also need to configure Exchange to more frequently move items from the Recoverable Items folder in the user's primary mailbox to the Recoverable Items folder in their archive mailbox. For step-by-step instructions, see [Increase the Recoverable Items quota for mailboxes on hold](increase-the-recoverable-quota-for-mailboxes-on-hold.md).

+SharePoint Syntex is a Microsoft 365 service that helps organizations to:

+|Try out a customizable SharePoint site template to help manage contracts |[Use the Contracts Management site template](./use-contracts-management-site.md)|

+|Try out an instructional Content Center site template to learn more about models |[Use the Content Center site template](./use-content-center-site.md)|

+|Use PowerShell to manage SharePoint Syntex|[Manage SharePoint Syntex with PowerShell](./powershell-syntex-intro.md)|

+A SharePoint Syntex license gives your users premium content services that give you additional functionality in your Microsoft 365 environment. The resources in this section give you more details about these features and how to use them.

+|GCC High|<https://security.microsoft.us>|

+|DoD|<https://security.microsoft.us>|

+|Network discovery||||

+|Reports: Device Control, Device health, Firewall| In development| In development| In development|

+(<a id="fn1">1</a>) Refers to the modern, unified solution for Windows Server 2012 R2 and 2016. For more information, see [Onboard Windows Servers to the Defender for Endpoint service](configure-server-endpoints.md).