Updates from: 03/15/2024 13:30:05
Category Microsoft Docs article Related commit history on GitHub Change details
enterprise Architectural Models For Sharepoint Exchange Skype For Business And Lync https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/architectural-models-for-sharepoint-exchange-skype-for-business-and-lync.md
- Title: "Architectural models for SharePoint, Exchange, Skype for Business, and Lync"--- Previously updated : 05/16/2018----- scotvorg -- Ent_O365-- Strat_O365_Enterprise-- SPO_Content-- CSH--- Ent_Architecture-- MET150
-description: "Get IT posters that describe the architectural models, deployment, and platform options for SharePoint, Exchange, Skype for Business, and Lync."
--
-# Architectural models for SharePoint, Exchange, Skype for Business, and Lync
-
-The IT posters in this article describe the architectural models and deployment options for SharePoint, Exchange, Skype for Business, and Lync. They also provide design information for deploying SharePoint in Microsoft Azure.
-
-By using Microsoft 365, you can provide familiar collaboration and communication services through the cloud. With a few exceptions, the user experience remains the same whether you're maintaining an on-premises deployment or using Microsoft 365.
-
-This unified user experience complicates the decision of where to place each workload. It also raises questions:
-
-- How do you choose a platform for individual workloads?
-
-- Does it make sense to keep any service on-premises?
-
-- In what scenario is a hybrid deployment appropriate?
-
-- How does Azure fit into the picture?
-
-- What configurations of Office server workloads does Azure support?
-
-> [!TIP]
-> Most posters in this article are available in multiple languages. Available languages include Chinese, English, French, German, Italian, Japanese, Korean, Portuguese, Russian, and Spanish. To download a poster in one of these languages, under the poster thumbnail image, select **More languages**.
-
-Let us know what you think! Send us email at [cloudadopt@microsoft.com](mailto:cloudadopt@microsoft.com).
-
-Use the following links to get the posters you need:
-
-- **Architectural models**: Use these resources to determine your ideal platform and configuration for SharePoint 2016 and Skype for Business 2015.
-
- - [Microsoft SharePoint 2016 architectural models](architectural-models-for-sharepoint-exchange-skype-for-business-and-lync.md#SP2016_ArchModel)
-
- - [SharePoint Server 2016 databases](architectural-models-for-sharepoint-exchange-skype-for-business-and-lync.md#SP2016_Databases)
-
- - [Microsoft Skype for Business 2015 architectural models](architectural-models-for-sharepoint-exchange-skype-for-business-and-lync.md#SfB2015_ArchModel)
-
-- **Platform**: Use these resources to determine your ideal platform and configuration for SharePoint 2013, Exchange 2013, and Lync 2013.
-
- - [SharePoint 2013 platform options](architectural-models-for-sharepoint-exchange-skype-for-business-and-lync.md#SP2013_Options)
-
- - [Exchange 2013 platform options](architectural-models-for-sharepoint-exchange-skype-for-business-and-lync.md#Exch2013_options)
-
- - [Lync 2013 platform options](architectural-models-for-sharepoint-exchange-skype-for-business-and-lync.md#Lync2013_Options)
-
-- **SharePoint Server 2013 in Azure**: Use these IT posters to design and configure SharePoint Server 2013 workloads in Azure infrastructure services.
-
- - [Internet sites in Azure using SharePoint Server 2013](architectural-models-for-sharepoint-exchange-skype-for-business-and-lync.md#Azure_sharepoint2013)
-
- - [Design sample: Internet sites in Azure for SharePoint 2013](architectural-models-for-sharepoint-exchange-skype-for-business-and-lync.md#DesignSampleInternetSites)
-
- - [SharePoint disaster recovery to Azure](architectural-models-for-sharepoint-exchange-skype-for-business-and-lync.md#sharepoint_recovery_Azure)
-
-## Architectural models posters
-
-The IT posters for SharePoint 2016 and Skype for Business 2015 provide a way to compare deployment methods in an easy-to-print format. The posters list all configuration or platform options. They provide the following information for each option:
-
-- **Overview**: A brief summary of the platform, including a conceptual diagram.
-
-- **Best for**: Common scenarios that are ideally suited for the platform.
-
-- **License requirements**: The licenses you need for deployment.
-
-- **Architecture tasks**: The decisions you need to make as an architect.
-
-- **IT pro tasks or responsibilities**: The daily responsibilities that your IT staff needs to plan for.
-
-<a name="SP2016_ArchModel"> </a>
-### Microsoft SharePoint Server 2016 Architectural Models
-
-|Item|Description|
-|||
-|[![Thumbnail for the SharePoint Server 2016 Architectural Models poster.](../media/7d3e590c-1f3b-42cf-920d-9edac8fa3e04.png) ](https://www.microsoft.com/download/details.aspx?id=52650) <br/> [PDF](https://download.microsoft.com/download/4/F/A/4FA0F94B-EE2F-41DB-A047-D9864FEF41E9/SharePoint2016ArchitecturalModels.pdf) \| [Visio](https://download.microsoft.com/download/4/F/A/4FA0F94B-EE2F-41DB-A047-D9864FEF41E9/SharePoint2016ArchitecturalModels.vsdx) \| [More languages](https://www.microsoft.com/download/details.aspx?id=52650)|This IT poster describes the SharePoint Online, Azure, and SharePoint on-premises configurations that business decision makers and solutions architects need to know about. <br/><br/> - **SharePoint Online (SaaS)**: Consume SharePoint through a software as a service (SaaS) subscription model. <br/> - **SharePoint hybrid**: Move your SharePoint sites and apps to the cloud at your own pace. <br/> - **SharePoint in Azure (IaaS)**: Extend your on-premises environment into Azure, and deploy SharePoint 2016 servers there. (This model is recommended for high availability or disaster recovery environments and dev/test environments.) <br/> - **SharePoint on-premises**: Plan, deploy, maintain, and customize your SharePoint environment in a datacenter that you maintain.|
-
-<a name="SP2016_Databases"> </a>
-### SharePoint Server 2016 Databases
-
-|Item|Description|
-|||
-|[![Thumbnail for the SharePoint Server 2016 Databases poster.](../media/c53e9de7-3bf8-446d-8766-e6700c8dd8e1.png)](https://www.microsoft.com/download/details.aspx?id=55041) <br/> [PDF](https://download.microsoft.com/download/D/5/D/D5DC1121-8BC5-4953-834F-1B5BB03EB691/DBrefguideSPS2016_tabloid.pdf) \| [Visio](https://download.microsoft.com/download/D/5/D/D5DC1121-8BC5-4953-834F-1B5BB03EB691/DBrefguideSPS2016_tabloid.vsdx) \| [More languages](https://www.microsoft.com/download/details.aspx?id=55041)|This IT poster is a quick reference for SharePoint Server 2016 databases. You'll see details for each database: <br/><br/> - Size <br/> - Scaling guidance <br/> - I/O patterns <br/> - Requirements <br/><br/> The first page shows the SharePoint system databases and the service applications that have multiple databases. The second page shows all of the service applications that have single databases. <br/><br/> For more information, see [Database types and descriptions in SharePoint Server 2016](/SharePoint/technical-reference/database-types-and-descriptions).|
-
-<a name="SfB2015_ArchModel"> </a>
-### Microsoft Skype for Business 2015 Architectural Models
-
-|Item|Description|
-|||
-|[![Thumbnail for the Skype for Business Architectural Models poster.](../media/132288c0-6ae4-4394-88ab-b57dae367714.png)](https://www.microsoft.com/download/details.aspx?id=55022) <br/> [PDF](https://download.microsoft.com/download/7/7/4/7741262C-A60D-41F7-863B-99BF5964FBFE/Skype%20for%20Business%20Architectural%20Models.pdf) \| [Visio](https://download.microsoft.com/download/7/7/4/7741262C-A60D-41F7-863B-99BF5964FBFE/Skype%20for%20Business%20Architectural%20Models.vsd) \| [More languages](https://www.microsoft.com/download/details.aspx?id=55022)|This poster describes Skype for Business Online, on-premises, hybrid, and cloud private branch exchange (PBX). It also describes integration with Exchange and SharePoint configurations that business decision makers and solutions architects need to know about. <br/><br/> The poster is intended for IT pros to raise awareness of the fundamental architectural models through which Skype for Business Online and Skype for Business on-premises can be consumed. <br/><br/>Start with the configuration that best suits your organization's needs and plans. Consider and use other configurations as needed. For example, you might want to consider integration with Exchange and SharePoint or a solution that takes advantage of the Microsoft cloud PBX offering.|
-
-## Platform options posters
-
-The IT posters for SharePoint 2013, Exchange 2013, and Lync 2013 provide a way to compare the deployment methods at a glance. Each poster lists all of the configurations or platform options. It provides the following information for each option:
-
-- **Overview**: A brief summary of the platform, including a conceptual diagram.
-
-- **Best for**: Common scenarios that are ideally suited for the platform.
-
-- **License requirements**: The licenses you need for deployment.
-
-- **Architecture tasks**: The decisions you need to make as an architect.
-
-- **IT pro tasks or responsibilities**: The daily responsibilities that your IT staff needs to plan for.
-
-<a name="SP2013_Options"> </a>
-## SharePoint 2013 Platform Options
-
-|Item|Description|
-|||
-|[![Thumbnail image of the SharePoint 2013 Platform Options poster.](../media/SP-PlatformOptions.jpg)](https://www.microsoft.com/download/details.aspx?id=40332) <br/> [PDF](https://go.microsoft.com/fwlink/p/?LinkId=324594) \| [Visio](https://go.microsoft.com/fwlink/p/?LinkId=324593) \| [More languages](https://www.microsoft.com/download/details.aspx?id=40332)|For business decision makers and architects, this poster shows the platform options for SharePoint 2013, SharePoint in Microsoft 365, on-premises hybrid with Microsoft 365, Azure, and on-premises-only deployments. It includes an overview of each architecture, recommendations, license requirements, and lists of architect and IT pro tasks for each platform. The poster highlights several SharePoint solutions on Azure.|
-
-<a name="Exch2013_options"> </a>
-## Exchange 2013 Platform Options
-
-|Item|Description|
-|||
-|[![Thumbnail image of the Exchange Platform Options poster.](../media/ITPro-Other-Exchange2013PlatformOptions.jpg) ](https://www.microsoft.com/download/details.aspx?id=42676) <br/> [PDF](https://go.microsoft.com/fwlink/p/?LinkID=398740) \| [Visio](https://go.microsoft.com/fwlink/p/?LinkID=398742) \| [More languages](https://www.microsoft.com/download/details.aspx?id=42676)|For business decision makers and architects, this poster describes the platform options for Exchange 2013. Customers can choose from Exchange Online with Microsoft 365, hybrid Exchange, Exchange Server on-premises, and hosted Exchange. The poster details each architectural option, including the ideal scenarios for each, the license requirements, and IT pro responsibilities.|
-
-<a name="Lync2013_Options"> </a>
-## Lync 2013 Platform Options
-
-|Item|Description|
-|||
-|[![Thumbnail image of the Lync 2013 Platform Options poster.](../media/Lync-PlatformOptions.jpg) ](https://www.microsoft.com/download/details.aspx?id=41677) <br/> [PDF](https://go.microsoft.com/fwlink/p/?LinkID=391837) \| [Visio](https://go.microsoft.com/fwlink/p/?LinkID=391839) \| [More languages](https://www.microsoft.com/download/details.aspx?id=41677)|For business decision makers and architects, this poster describes the platform options for Lync 2013. Customers can choose from Lync Online with Microsoft 365, hybrid Lync, Lync Server on-premises, and hosted Lync. The IT poster details each architectural option, including the ideal scenarios for each, the license requirements, and IT pro responsibilities.|
-
-<a name="Lync2013_Options"> </a>
-## SharePoint in Azure solutions posters
-
-The IT posters for SharePoint in Azure show Azure-based solutions that use SharePoint Server 2013.
-
-<a name="Azure_sharepoint2013"> </a>
-### Internet Sites in Microsoft Azure Using SharePoint Server 2013
-
-|Item|Description|
-|||
-|[![Image of the Internet sites in Azure using SharePoint Server 2013 poster.](../medi)|
-
-<a name="DesignSampleInternetSites"> </a>
-### Internet sites in Azure for SharePoint 2013
-
-|Item|Description|
-|||
-|[![Image of the Internet sites in Microsoft Azure for SharePoint Server 2013 poster.](../medi)|
-
-<a name="sharepoint_recovery_Azure"> </a>
-### SharePoint Disaster Recovery to Microsoft Azure
-
-|Item|Description|
-|||
-|[![Image of the poster for the SharePoint disaster recovery process to Azure.](../medi)|
-
-## See also
--- [Microsoft 365 solution and architecture center](../solutions/index.yml)
-
-- [Microsoft cloud architecture models](../solutions/cloud-architecture-models.md)
-
-- [Microsoft 365 test lab guides](m365-enterprise-test-lab-guides.md)
-
-- [Hybrid solutions](hybrid-solutions.md)
enterprise Client Server Software Roadmap Microsoft 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/client-server-software-roadmap-microsoft-365.md
- Title: Client and server software roadmap for Microsoft 365-- NOCSH--- Previously updated : 08/10/2020----- scotvorg-- M365-subscription-management-
-description: Use this roadmap to set up client and server software for Microsoft 365.
--
-# Client and server software roadmap for Microsoft 365
-
-Most enterprise organizations have a heterogeneous environment that includes multiple releases of operating systems, client software, and server software. Microsoft 365 for Enterprise includes the most secure versions of the key components of your IT infrastructure. It also includes productivity features that are designed to take advantage of cloud technologies.
-
-To maximize the business value of the Microsoft 365 for Enterprise integrated suite of products, begin planning and implementing a strategy to migrate releases of:
--- The Office client installed on your computers to Microsoft 365 Apps for enterprise.-- The Office servers installed on your servers to their equivalent services in Microsoft 365.-- Windows 7 and Windows 8.1 on your devices to Windows 10 Enterprise.-
->[!Note]
->Support for Windows 7 ended on *January 14, 2020*. For more information, see the [end-of-support details](https://support.microsoft.com/help/4057281/windows-7-support-will-end-on-january-14-2020).
->
-
-As you accomplish these migrations over time, your organization comes closer to the vision of the [modern workplace](https://www.microsoft.com/microsoft-365/blog/2018/04/27/making-it-simpler-with-a-modern-workplace/). This secure and integrated environment can help you unlock teamwork and creativity in your organization. Microsoft 365 for Enterprise enables and empowers you all along the way.
-
-## Migration for Office client products
-
-Organizations both large and small often use a combination of older versions of Office client products, such as Word, Excel, and PowerPoint. These older versions:
--- Can be [updated](https://support.office.com/article/install-office-updates-2ab296f3-7f03-43a2-8e50-46de917611c5) with the latest security updates and support fixes. But the process is sometimes manual and might not scale across your organization.-- Aren't optimized to use the Microsoft cloud technologies that help you digitally transform your business.-- Don't provide the latest features.-
-Microsoft 365 for Enterprise includes Microsoft 365 Apps for enterprise. This version of the Office client products is available with a Microsoft 365 for Enterprise license. It's installed and updated from the Microsoft cloud. Microsoft 365 Apps for enterprise includes security updates and the latest features. For more information, see [About Microsoft 365 Apps for enterprise](/deployoffice/about-microsoft-365-apps).
-
-### Office 2007
-
-For versions of Office in the Office 2007 release, the end of support has already passed. For more information, see [Office 2007 end-of-support roadmap](/deployoffice/office-2007-end-support-roadmap).
-
-Rather than upgrading your computers that run Office 2007 to Office 2010, Office 2013, or Office 2016, consider taking the following steps:
-
-1. Get and assign a Microsoft 365 license for your users.
-2. Uninstall Office 2007 on their computers.
-3. Install Microsoft 365 Apps for enterprise, either individually or during an IT rollout. For more information, see [Deployment guide for Microsoft 365 Apps](/deployoffice/deployment-guide-microsoft-365-apps).
-
-Microsoft 365 Apps for enterprise installs updates automatically. It can take advantage of cloud-based services for enhanced security and productivity.
-
-### Office 2010
-
-For versions of Office in the Office 2010 release, support ended on *October 13, 2020*. For more information, see [Office 2010 end-of-support roadmap](/deployoffice/office-2010-end-support-roadmap).
-
-You might consider upgrading your computers that run Office 2010 to Office 2013 or Office 2016. However, both of those versions must be manually updated. So consider taking the following steps instead:
-
-1. Get and assign a Microsoft 365 license for your users.
-2. Uninstall Office 2010 on their computers.
-3. Install Microsoft 365 Apps for enterprise, either individually or during an IT rollout. For more information, see [Deployment guide for Microsoft 365 Apps](/deployoffice/deployment-guide-microsoft-365-apps).
-
-Microsoft 365 Apps for enterprise automatically installs both security updates and new feature updates. It can take advantage of cloud-based services in Microsoft 365 for enhanced security and productivity.
-
-### Office 2013 and Office 2016
-
-See the [end-of-support roadmap for Office 2013](/lifecycle/products/microsoft-office-2013). The end of support for Office 2016 hasn't yet been determined. In these versions, like Office 2010, you must still [install security updates](https://support.office.com/article/install-office-updates-2ab296f3-7f03-43a2-8e50-46de917611c5). This task might not scale well, depending on the size of your organization.
-
-Rather than keeping your computers current with the latest security updates for Office 2013 or Office 2016, or updating your computers from Office 2013 to Office 2016, consider taking the following steps:
-
-1. Get and assign a Microsoft 365 license for your users.
-2. Uninstall Office 2013 or Office 2016 on their computers.
-3. Install Microsoft 365 Apps for enterprise, either individually or during an IT rollout. For more information, see [Deployment guide for Microsoft 365 Apps](/deployoffice/deployment-guide-microsoft-365-apps).
-
-Microsoft 365 Apps for enterprise installs both security updates and new feature updates automatically. It can take advantage of cloud-based services in Microsoft 365 for enhanced security and productivity.
-
-## Migration for Office server products
-
-Both large and small organizations often use a combination of older versions of the Office server products, such as Exchange Server and SharePoint Server. These older versions:
--- Should be updated with the latest security updates and support fixes. In some cases, these updates are released monthly.-- Aren't optimized to use the Microsoft cloud technologies that help you digitally transform your business.-- Don't include new productivity applications, such as Microsoft Teams.-- Don't include the latest security features, such as Exchange and Defender for Office 365.-
-Microsoft 365 for Enterprise includes cloud-based versions of Office server services that use some of the same tools as on-premises versions of Office server software, such as web browsers and the Outlook client. These services are automatically updated for security. So your IT personnel save the time it takes to maintain and update on-premises servers. These services also offer new feature enhancements that aren't present in Office server software.
-
-Use the following resources for information about migrating users and data for specific Microsoft 365 workloads:
--- [Move mailboxes from on-premises Exchange Server to Exchange Online](/exchange/hybrid-deployment/move-mailboxes)-- [Migrate SharePoint data from SharePoint Server to SharePoint Online](/sharepointmigration/migrate-to-sharepoint-online)-- [Migrate Skype for Business Online to Microsoft Teams](/microsoftteams/migration-interop-guidance-for-teams-with-skype)-
-### Office 2007 server products
-
-For server products in the Office 2007 release, the end of support has already passed. See these articles for details:
--- [Exchange 2007 end-of-support roadmap](exchange-2007-end-of-support.md)-- [SharePoint Server 2007 end-of-support roadmap](sharepoint-2007-end-of-support.md)-- [Project Server 2007 end-of-support roadmap](project-server-2007-end-of-support.md)-- [Office Communications Server end-of-support roadmap](/skypeforbusiness/plan-your-deployment/upgrade)-- [PerformancePoint Server 2007 end-of-support roadmap](pps-2007-end-of-support.md)-
-Rather than upgrading your server products in the Office 2007 release with server products in the releases for Office 2010, Office 2013, or Office 2016, consider taking the following steps:
-
-1. Migrate the data on your Office 2007 servers to Microsoft 365. For more information or help, hire a Microsoft partner.
-2. Roll out the new functionality and work processes to your users.
-3. When you no longer need the on-premises servers running Office 2007 server products, decommission them.
-
-### Office 2010 server products
-
-Support for [Exchange Server 2010](exchange-2010-end-of-support.md) ended on *October 13, 2020*.
-
-The end of support for [SharePoint Server 2010](upgrade-from-sharepoint-2010.md) is *April 13, 2021*.
-
-Rather than upgrading these server products in the Office 2010 release with server products in the releases for Office 2013 or Office 2016, consider taking the following steps:
-
-1. Migrate the data on your Office 2010 servers to Microsoft 365. For more information, see [FastTrack for Microsoft 365](https://fasttrack.microsoft.com/microsoft365) or hire a Microsoft partner.
-2. Roll out the new functionality and work processes to your users.
-3. When you no longer need the on-premises servers running Office 2010 server products, decommission them.
-
-### Office 2013 server products
-
-For server products in the Office 2013 release, the end of support hasn't been determined. Rather than upgrading your server products in the Office 2013 release with server products in the Office 2016 release, consider taking the following steps:
-
-1. Migrate the data on your Office 2013 servers to Microsoft 365. For more information, see [FastTrack for Microsoft 365](https://fasttrack.microsoft.com/microsoft365) or hire a Microsoft partner.
-2. Roll out the new functionality and work processes to your users.
-3. When you no longer need the on-premises servers running Office 2013 server products, decommission them.
-
-### Office 2016 server products
-
-For server products in the Office 2016 release, the end of support hasn't been determined. To take advantage of cloud-based service and enhancements to digitally transform your business, consider taking the following steps:
-
-1. Migrate the data on your Office 2016 servers to Microsoft 365. For more information, see [FastTrack for Microsoft 365](https://fasttrack.microsoft.com/microsoft365) or hire a Microsoft partner.
-2. Roll out the new functionality and work processes to your users.
-3. When you no longer need the on-premises servers running Office 2016 server products, decommission them.
-
-## Migration for Windows 7 and 8.1
-
-Support ended for Windows 7 on *January 14, 2020*. To migrate your devices that run Windows 7 or Windows 8.1, you can do an in-place upgrade.
-
-For additional methods, see [Windows 10 deployment scenarios](/windows/deployment/windows-10-deployment-scenarios). You can also [plan for Windows 10 deployment](/windows/deployment/planning/) on your own.
-
-## Office 2010 clients and servers and Windows 7
-
-Here's a visual summary of the upgrade, migration, and move-to-cloud options for Office 2010 clients and servers and Windows 7:
-
-[![Image showing the options for the end of support for Office 2010 clients and servers and Windows 7.](../media/microsoft-365-overview/office2010-windows7-end-of-support.png)](https://download.microsoft.com/download/2/7/d/27da4118-32ae-4ffe-90d8-a61e7c895ba0/Office2010Windows7EndOfSupport.pdf)
-
-This one-page poster is a quick way to understand the paths you can take to manage the end of support for Office 2010 client and server products and Windows 7. The preferred paths are supported in Microsoft 365 for Enterprise.
-
-You can [download this poster](https://download.microsoft.com/download/2/7/d/27da4118-32ae-4ffe-90d8-a61e7c895ba0/Office2010Windows7EndOfSupport.pdf) and print it in letter size, legal size, or tabloid (11 x 17) size.
-
-## Transition your entire organization
-
-To get a better picture of how to move your entire organization to the products and services in Microsoft 365 for Enterprise, download this transition poster:
-
-[![Image showing the Transition to Microsoft 365 poster.](../media/microsoft-365-overview/transition-org-to-m365.png)](https://download.microsoft.com/download/2/c/7/2c7bcc04-aae3-4604-9707-1ffff66b9851/transition-org-to-m365.pdf)
-
-This two-page poster is a quick way to inventory your existing infrastructure. Use it to get guidance for moving to a product or service in Microsoft 365 for Enterprise. It shows Windows and Office products and other infrastructure and security elements such as device management, identity and threat protection, and information and compliance protection.
-
-## How Microsoft migrated to Microsoft 365 for Enterprise
-
-See how IT experts at Microsoft migrated the company to Microsoft 365 for Enterprise:
--- [Deploying and updating Microsoft 365 Apps for enterprise](https://www.microsoft.com/itshowcase/Article/Content/757/Deploying-and-updating-Microsoft-Office-365-ProPlus)-- [Microsoft migrates 150,000 mailboxes to Exchange Online](https://www.microsoft.com/itshowcase/Article/Content/577/Microsoft-migrates-150000-mailboxes-to-Exchange-Online)-- [SharePoint to the cloud: Learn how Microsoft ran its own migration](https://www.microsoft.com/itshowcase/Article/Content/691/SharePoint-to-the-cloud-Learn-how-Microsoft-ran-its-own-migration)-- [Deploying Windows 10 at Microsoft as an in-place upgrade](https://www.microsoft.com/itshowcase/Article/Content/668/Deploying-Windows-10-at-Microsoft-as-an-inplace-upgrade)-- [Windows 10 deployment: Tips and tricks from Microsoft IT](https://www.microsoft.com/itshowcase/Article/Content/951/Windows-10-deployment-tips-and-tricks-from-Microsoft-IT) (video)
enterprise Exchange 2007 End Of Support https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/exchange-2007-end-of-support.md
- Title: "Exchange 2007 end of support roadmap"--- Previously updated : 1/31/2018----- scotvorg-- Ent_O365-- NOCSH-
-description: "Learn about your options after Exchange Server 2007 end of support, and start planning migration to Microsoft 365, Office 365, or Exchange 2016."
--
-# Exchange 2007 end of support roadmap
-
-*This article applies to both Microsoft 365 Enterprise and Office 365 Enterprise.*
-
-Exchange Server 2007 reached end of support in April 2017. If you haven't started your migration from Exchange 2007 to Microsoft 365, Office 365, or Exchange 2016, now's the time to start planning.
-
-## What does *end of support* mean?
-
-Exchange Server, like almost all Microsoft products, has a support lifecycle during which we provide new features, bug fixes, security fixes, and so on. This lifecycle typically lasts for 10 years from the product's initial release. The end of this lifecycle is known as the product's end of support. Since Exchange 2007 reached its end of support on April 11, 2017, Microsoft no longer provides:
--- Technical support for problems that may occur.--- Bug fixes for issues that may impact the stability and usability of the server.--- Security fixes for vulnerabilities that may make the server vulnerable to security breaches.--- Time zone updates.-
-Your installation of Exchange 2007 will continue to run after the end-of-support date. But because there are no new updates or support, we strongly recommend that you migrate from Exchange 2007 as soon as possible.
-
-For more information about Office 2007 servers nearing the end of support, see [Plan your upgrade from Office 2007 servers and products](upgrade-from-office-2007-servers-and-products.md).
-
-## What are my options?
-
-You can:
--- Migrate to Microsoft 365 by using cutover, staged, or hybrid migration.--- Migrate your Exchange 2007 servers to a newer version of Exchange on your on-premises servers.-
-The following sections explore each option in more detail.
-
-### Migrate to Microsoft 365
-
-Migrating your email to Microsoft 365 is the best and simplest option to help retire your Exchange 2007 deployment. With a migration to Microsoft 365, you can make a single hop from 10-year-old technology to state-of-the-art features, including:
--- Compliance capabilities such as Retention Policies, In-Place and Litigation Hold, in-place eDiscovery, and more--- Microsoft 365 Groups--- Focused Inbox--- MyAnalytics--- REST APIs for programmatic access to email, calendars, contacts, and so on-
-Microsoft 365 also gets new features and experiences first, so you and your users can usually start using them right away. And you won't have to worry about:
--- Purchasing and maintaining hardware.--- Paying to heat and cool your servers.--- Keeping up to date on security, product, and time-zone fixes.--- Maintaining storage and software to support compliance requirements.--- Upgrading to a new version of Exchange. With Microsoft 365, you're always on the latest version of Exchange.-
-#### How should I migrate to Microsoft 365?
-
-You have a few migration options. You need to consider a few things, including:
--- The number of seats or mailboxes you need to move.-- How long you want the migration to last.-- Whether you need seamless integration between your on-premises installation and Microsoft 365 during the migration.-
-This table shows your migration options and the most important factors that determine which method to use:
-
-|Migration option|Organization size|Duration|
-||||
-|Cutover migration|Fewer than 150 seats|A week or less|
-|Staged migration|More than 150 seats|A few weeks|
-|Full hybrid migration|Several hundred to thousands of seats|A few months or more|
-
-The following sections provide an overview of these methods. For more detail, see [Decide on a migration path](https://support.office.com/article/Decide-on-a-migration-path-0d4f2396-9cef-43b8-9bd6-306d01df1e27).
-
-#### Cutover migration
-
-In a cutover migration, you migrate all your mailboxes, distribution groups, contacts, and so on, to Microsoft 365 at a preselected date and time. After the migration is complete, you shut down your on-premises Exchange servers and start using Microsoft 365 exclusively.
-
-Cutover migration is great for small organizations that don't have many mailboxes, want to get to Microsoft 365 quickly, and don't want to deal with some of the complexities of the other methods. But it should be completed in a week or less, and it requires users to reconfigure their Outlook profiles. Cutover migration can handle up to 2,000 mailboxes, but we strongly recommend you use it to migrate a maximum of 150 mailboxes. If you try to migrate more, you could run out of time to transfer all the mailboxes before your deadline, and your IT support staff may get overwhelmed with requests to help users reconfigure Outlook.
-
-If you're thinking about doing a cutover migration, here are things to consider:
--- Microsoft 365 will need to connect to your Exchange 2007 servers using Outlook Anywhere over TCP port 443.--- All on-premises mailboxes will be moved to Microsoft 365.--- You'll need an on-premises administrator account that has read access to your users' mailboxes.--- The Exchange 2007 accepted domains that you want to use in Microsoft 365 need to be added as verified domains in the service.--- Between the time you start the migration and when you begin the completion phase, Microsoft 365 will periodically synchronize the Microsoft 365 and on-premises mailboxes. This lets you complete the migration without worrying about email being left behind in your on-premises mailboxes.--- Users will receive new temporary passwords for their Microsoft 365 accounts. They'll need to change their password when they sign in to their mailbox for the first time.--- You'll need a Microsoft 365 license that includes Exchange Online for each user mailbox you migrate.--- Users will need to set up a new Outlook profile on each of their devices and download their email again. The amount of email that Outlook will download can vary. For more information, see [Change how much mail to keep offline](https://support.office.com/article/Change-how-much-mail-to-keep-offline-f3a1251c-6dd5-4208-aef9-7c8c9522d633?ui=en-US&amp;rs=en-US&amp;ad=US&amp;fromAR=1).-
-For more information about cutover migration, see:
--- [What you need to know about a cutover email migration](https://support.office.com/article/What-you-need-to-know-about-a-cutover-email-migration-to-Office-365-961978ef-f434-472d-a811-1801733869da)--- [Perform a cutover migration of email](https://support.office.com/article/Perform-a-cutover-migration-of-email-to-Office-365-9496e93c-1e59-41a8-9bb3-6e8df0cd81b4)-
-#### Staged migration
-
-In a staged migration, you have a few hundred or a few thousand mailboxes that you want to migrate to Microsoft 365, need to take a week or more to complete the migration, and don't need any of advanced hybrid migration features like shared Free/Busy calendar information.
-
-Staged migration is great for organizations that need to take more time to migrate their mailboxes to Microsoft 365 but still plan to complete the migration within a few weeks. You can migrate mailboxes in batches. You control how many and which mailboxes are migrated at a given time. You might batch mailboxes of users in the same department, for example, to make sure they're all moved at the same time. Or, you might leave executive mailboxes until the last batch. As with cutover migrations, your users will need to recreate their Outlook profiles.
-
-If you're thinking about doing a staged migration, here are things to consider:
--- Microsoft 365 will need to connect to your Exchange 2007 servers by using Outlook Anywhere over TCP port 443.--- You'll need an on-premises administrator account that has read access to your users' mailboxes.--- The Exchange 2007 accepted domains that you plan to use in Microsoft 365 need to be added as verified domains in the service.--- You'll need to create a CSV file with the full name and email address of each mailbox that you plan to migrate in a batch. You'll also need to include a new password for each mailbox that you're migrating, and send that password to each user. The user will be prompted to change the password the first time that they sign in to their new Microsoft 365 mailbox.--- Between the time you start the migration batch and when you begin the completion phase, Microsoft 365 will periodically synchronize the Microsoft 365 and on-premises mailboxes included in the batch. This lets you complete the migration without worrying about email being left behind in your on-premises mailboxes.--- You'll need a Microsoft 365 license that includes Exchange Online for each user mailbox you migrate.--- Users will need to set up a new Outlook profile on each of their devices and download their email again. The amount of email that Outlook will download can vary. For more information, see [Change how much mail to keep offline](https://support.office.com/article/Change-how-much-mail-to-keep-offline-f3a1251c-6dd5-4208-aef9-7c8c9522d633?ui=en-US&amp;rs=en-US&amp;ad=US&amp;fromAR=1).-
-For more information about staged migration, see:
--- [What you need to know about a staged email migration](https://support.office.com/article/What-you-need-to-know-about-a-staged-email-migration-to-Office-365-7e2c82be-5f3d-4e36-bc6b-e5b4d411e207)--- [Perform a staged migration of email](https://support.office.com/article/Perform-a-staged-migration-of-email-to-Office-365-83bc0b69-de47-4cc4-a57d-47e478e4894e)-
-#### Full hybrid
-
-In a full hybrid migration, your organization has many hundreds, up to tens of thousands, of mailboxes, and you want to move some or all of them to Microsoft 365. Because these migrations are typically longer-term, hybrid migrations make it possible to:
--- Show on-premises users the free/busy calendar information for users in Microsoft 365, and vice versa.--- See a unified global address list that contains recipients in both on-premises and Microsoft 365.--- View full Outlook recipient properties for all users, regardless of whether they're on-premises or in Microsoft 365.--- Secure email communication between on-premises Exchange servers and Microsoft 365 using TLS and certificates.--- Treat messages sent between on-premises Exchange servers and Microsoft 365 as internal, enabling them to:-
- - Be properly evaluated and processed by transport and compliance agents targeting internal messages.
-
- - Bypass anti-spam filters.
-
-Full hybrid migration is best for organizations that expect to stay in a hybrid configuration for many months or more. You'll get the features listed earlier in this section, plus directory synchronization, better integrated compliance features, and the ability to move mailboxes to and from Microsoft 365 by using online mailbox moves. Microsoft 365 becomes an extension of your on-premises organization.
-
-If you're thinking about doing a full hybrid migration, here are things to consider:
--- Full hybrid migration isn't suited to all types of organizations. Due to the complexity of full hybrid migrations, organizations with less than a few hundred mailboxes don't typically see benefits that justify the effort and cost needed to set one up. If this sounds like your organization, we recommend that you consider a cutover or staged migration instead.--- You'll need to deploy at least one Exchange 2013 server in your Exchange 2007 organization to act as a "hybrid server." This server will communicate with Microsoft 365 on behalf of your Exchange 2007 servers.--- Microsoft 365 will need to connect to the "hybrid server" using Outlook Anywhere over TCP port 443.--- You'll need to set up directory synchronization using Microsoft Entra Connect between your on-premises Active Directory servers and Microsoft 365.--- Users will be able to sign in to their Microsoft 365 mailbox using the same user name and password as when they sign in to the local network. (This functionality requires Microsoft Entra Connect with password synchronization and/or Active Directory Federation Services.)--- You'll need a Microsoft 365 license that includes Exchange Online for each user mailbox you migrate.--- Users don't need to set up a new Outlook profile on most of their devices, although some older Android phones might need a new profile. Users won't have to redownload their email.-
-If full hybrid migration sounds right for you, see the following resources to help with your migration:
--- [Exchange Deployment Assistant](/exchange/exchange-deployment-assistant)--- [Exchange Server Hybrid Deployments](/exchange/exchange-hybrid)--- [Hybrid Configuration wizard](/exchange/hybrid-configuration-wizard)--- [Hybrid Configuration wizard FAQs](/exchange/hybrid-configuration-wizard-faqs)--- [Hybrid deployment prerequisites](/exchange/hybrid-deployment-prerequisites)-
-### Migrate to a newer version of Exchange Server
-
-We strongly believe that you can achieve the best value and user experience by migrating to Microsoft 365. But we also understand that some organizations need to keep their email on-premises. This could be because of regulatory requirements, to guarantee data isn't stored in a datacenter located in another country/region, or similar. If you choose to keep your email on-premises, you can migrate your Exchange 2007 environment to Exchange 2010, Exchange 2013, or Exchange 2016.
-
-If you can't migrate to Microsoft 365, we recommend that you migrate to Exchange 2016. Exchange 2016 includes all the features of previous releases of Exchange. It also most closely matches the experience available with Microsoft 365, although some features are available only in Microsoft 365. Check out just a few of the things you've been missing:
-
-|Exchange release|Features|
-|||
-|Exchange 2010| Role-Based Access Control (permissions without ACLs) <br/> Outlook Web App mailbox policies <br/> Ability to share free/busy and delegate calendars between organizations|
-|Exchange 2013| *Features from Exchange 2010 and ...* <br/> Simplified architecture that reduced the number of server roles to three (Mailbox, Client Access, Edge Transport) <br/> Data loss prevention policies (DLP) that help keep sensitive information from leaking <br/> Improved Outlook Web App experience|
-|Exchange 2016| *Features from Exchange 2013 and ...* <br/> Further simplified server roles to just Mailbox and Edge Transport <br/> Improved DLP along with integration with SharePoint <br/> Improved database resilience <br/> Online document collaboration|
-
-#### Which version should I migrate to?
-
-We recommend that you initially assume that you'll migrate to Exchange 2016. Then, use the following information to confirm your assumption or to rule out Exchange 2016. If you can't migrate to Exchange 2016 for some reason, do the same process with Exchange 2013, and so on.
-
-|Consideration|More Info|
-|||
-|End of support dates| Like Exchange 2007, each version of Exchange has its own end-of-support date: <br/> *Exchange 2010* - January 2020 <br/> *Exchange 2013* - April 2023 <br/> *Exchange 2016* - October 2025 <br/> The earlier the end of support, the sooner you'll need to perform another migration.|
-|Migration path to Exchange 2010 and 2013.|Here are the general phases for migrating to Exchange 2010 or Exchange 2013: <br/> - Install Exchange 2010 or 2013 into your existing Exchange 2007 organization. <br/>- Move services and other infrastructure to Exchange 2010 or 2013.<br/>- Move mailboxes and public folders to Exchange 2010 or 2013.<br/>- Decommission remaining Exchange 2007 servers.|
-|Migration path to Exchange 2016|Here are the general phases for migrating to Exchange 2016: <br/> - Install Exchange 2013 into your existing Exchange 2007 organization.<br/>- Move services and other infrastructure to Exchange 2013.<br/>- Move mailboxes and public folders to Exchange 2013.<br/>- Decommission remaining Exchange 2007 servers.<br/>- Install Exchange 2016 into your existing Exchange 2013 organization.<br/>- Move mailboxes, public folders, services, and other infrastructure to Exchange 2016 (order doesn't matter). Decommission remaining Exchange 2013 servers.<br/><br/> **Note:** Migrating from Exchange 2013 to Exchange 2016 is simple. The two versions have almost the same hardware requirements, and these versions are very compatible. So you can rebuild a server you bought for Exchange 2013 and install Exchange 2016 on it. For online mailbox moves, most users won't even notice that their mailbox was moved off the server and then back after you've rebuilt it with Exchange 2016.|
-|Version coexistence| When migrating to ... <br/> **Exchange 2016:** Exchange 2016 can't be installed in an organization that includes an Exchange 2007 server. You'll first need to migrate to Exchange 2010 or 2013 (we strongly recommend Exchange 2013), remove all Exchange 2007 servers, and then migrate to Exchange 2016. <br/> **Exchange 2010 or Exchange 2013:** You can install Exchange 2010 or Exchange 2013 into an existing Exchange 2007 organization. This enables you to install one or more Exchange 2010 or 2013 servers and perform your migration.|
-|Server hardware| Server hardware requirements have changed from Exchange 2007. Make sure your hardware is compatible. For details, see: <br/> [Exchange 2016 System Requirements](/Exchange/plan-and-deploy/system-requirements) <br/> [Exchange 2013 System Requirements](/exchange/exchange-2013-system-requirements-exchange-2013-help) <br/> [Exchange 2010 System Requirements](/previous-versions/office/exchange-server-2010/aa996719(v=exchg.141)) <br/> You'll find that the significant improvements in Exchange performance and the increased computing power and storage capacity in newer servers mean you'll likely need fewer servers to support the same number of mailboxes.|
-|Operating system version| The minimum supported operating system versions for each version are: <br/> **Exchange 2016** - Windows Server 2012 <br/> **Exchange 2013** - Windows Server 2008 R2 SP1 <br/> **Exchange 2010** - Windows Server 2008 SP2 <br/> Find more information about operating system support at [Exchange Supportability Matrix](/Exchange/plan-and-deploy/supportability-matrix).|
-|Active Directory forest functional level| The minimum supported Active Directory forest functional levels for each version are: <br/> **Exchange 2016** Windows Server 2008 R2 SP1 <br/> **Exchange 2013** Windows Server 2003 <br/> **Exchange 2010** Windows Server 2003 <br/> Find more information about forest functional level support at [Exchange Supportability Matrix](/Exchange/plan-and-deploy/supportability-matrix).|
-|Office client versions| The minimum supported Office client versions for each version are: <br/> **Exchange 2016** - Office 2010 (with the latest updates) <br/> **Exchange 2013** - Office 2007 SP3 <br/> **Exchange 2010** - Office 2003 <br/> Find more information about Office client support at [Exchange Supportability Matrix](/Exchange/plan-and-deploy/supportability-matrix).|
-
-#### How do I migrate?
-
-If you decided to keep your email on-premises, use the following resources to help with your migration:
--- [Exchange Deployment Assistant](/exchange/exchange-deployment-assistant)--- Active Directory schema changes for Exchange [2016](/Exchange/plan-and-deploy/active-directory/ad-schema-changes), [2013](/exchange/exchange-2013-active-directory-schema-changes-exchange-2013-help), [2010](/previous-versions/office/developer/exchange-server-2010/dd877014(v=exchg.140))--- System requirements for Exchange [2016](/Exchange/plan-and-deploy/system-requirements), [2013](/exchange/exchange-2013-system-requirements-exchange-2013-help), [2010](/previous-versions/office/exchange-server-2010/aa996719(v=exchg.141))--- Prerequisites for Exchange [2016](/Exchange/plan-and-deploy/prerequisites), [2013](/exchange/exchange-2013-prerequisites-exchange-2013-help), [2010](/previous-versions/office/exchange-server-2010/bb691354(v=exchg.141))-
-## Get help
-
-If you're migrating to Microsoft 365, you might be eligible to use our Microsoft FastTrack service. FastTrack provides best practices, tools, and resources to make your migration to Microsoft 365 as seamless as possible. Best of all, a support engineer will walk you through your migration, from planning and design all the way to migrating your last mailbox. For more about FastTrack, see [Microsoft FastTrack](https://fasttrack.microsoft.com/).
-
-If you run into problems during your migration to Microsoft 365 and you aren't using FastTrack, or your migration to a newer version of Exchange Server, we're here to help. Here are some resources you can use:
--- [Technical community](https://social.technet.microsoft.com/Forums/office/home?category=exchangeserver)--- [Customer support](https://support.microsoft.com/gp/support-options-for-business)-
-## Related topics
-
-[Resources to help you upgrade your Office 2007 servers and clients](upgrade-from-office-2007-servers-and-products.md)
enterprise Exchange 2010 End Of Support https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/exchange-2010-end-of-support.md
- Title: "Exchange 2010 end of support roadmap"--- Previously updated : 08/10/2020----- scotvorg-- Ent_O365-- NOCSH
-description: "Exchange 2010 has reached end of support. Use this planning roadmap to prepare to upgrade to Exchange Online or a newer version of Exchange Server on-premises."
--
-# Exchange 2010 end of support roadmap
-
-*This article applies to both Microsoft 365 Enterprise and Office 365 Enterprise.*
-
-Exchange Server 2010 reached its end of support on **October 13, 2020**. If you haven't already begun your migration from Exchange 2010 to Microsoft 365, Office 365, or Exchange 2016, now's the time to start planning.
-
-## What does *end of support* mean?
-
-Most Microsoft products have a support lifecycle during which they get new features, bug fixes, security fixes, and so on. This lifecycle typically lasts for 10 years from the product's initial release. The end of this lifecycle is known as the product's end of support. Because Exchange 2010 reached its end of support on October 13, 2020, Microsoft no longer provides:
--- Technical support for problems that may occur.-- Bug fixes for issues that may impact the stability and usability of the server.-- Security fixes for vulnerabilities that may make the server vulnerable to security breaches.-- Time zone updates.-
-Your installation of Exchange 2010 will continue to run after this date. But because of the changes listed above, we strongly recommend that you migrate from Exchange 2010 as soon as possible.
-
-For more information about nearing the end of support, see [Resources to help you upgrade from Office 2010 servers and clients](upgrade-from-office-2010-servers-and-products.md).
-
-## What are my options?
-
-It's a great time to explore your options and prepare a migration plan. You can:
--- Migrate fully to Microsoft 365. Migrate mailboxes using cutover, minimal hybrid, or full hybrid migration. Then remove on-premises Exchange servers and Active Directory.-- Migrate your Exchange 2010 servers to Exchange 2016 on your on-premises servers.-
-> [!IMPORTANT]
-> If your organization chooses to migrate mailboxes to Microsoft 365 but plans to keep DirSync or Microsoft Entra Connect in place to continue managing user accounts from on-premises Active Directory, you need to keep at least one Microsoft Exchange server on-premises. If you remove all Exchange servers, you won't be able to make changes to Exchange recipients in Exchange Online because the source of authority remains in your on-premises Active Directory. Changes need to be made there. In this scenario, you have the following options:
->
-> - *Recommended:* If you migrated your mailboxes to Microsoft 365 and upgraded your servers by October 13, 2020, use Exchange 2010 to connect to Microsoft 365 and migrate mailboxes. Next, migrate Exchange 2010 to Exchange 2016, and decommission any remaining Exchange 2010 servers.
-> - If you didn't complete the mailbox migration and on-premises server upgrade by October 13, 2020, upgrade your on-premises Exchange 2010 servers to Exchange 2016 first. Then use Exchange 2016 to connect to Microsoft 365 and migrate mailboxes.
-
-> [!NOTE]
-> It's little more complicated, but you can also migrate mailboxes to Microsoft 365 while migrating your on-premises Exchange 2010 servers to Exchange 2016.
-
-Here are the three paths you can take to avoid the end of support for Exchange Server 2010.
-
-![Exchange Server 2010 upgrade paths.](../media/exchange-2010-end-of-support/exchange-2010-end-of-support-options.png)
-
-The following sections explore each option in more detail.
-
-## Migrate to Microsoft 365
-
-Migrating your email to Microsoft 365 is the best and simplest option to help you retire your Exchange 2010 deployment. With a migration to Microsoft 365, you can make a single hop from old technology to current features, including:
--- Compliance capabilities such as Retention Policies, In-Place and Litigation Hold, in-place eDiscovery, and more.-- Microsoft Teams.-- Power BI.-- Focused Inbox.-- MyAnalytics.-
-Microsoft 365 also gets new features and experiences first, so your organization can start using them right away. Also, you won't have to worry about:
--- Purchasing and maintaining hardware.-- Paying to heat and cool your servers.-- Keeping up to date on security, product, and time-zone fixes.-- Maintaining storage and software to support compliance requirements.-- Upgrading to a new version of Exchange. You're always on the latest version of Exchange in Microsoft 365.-
-### How should I migrate to Microsoft 365?
-
-Depending on your organization, you have a few options to get to Microsoft 365. First, you need to consider a few things, such as:
--- The number of seats or mailboxes you need to move.-- How long you want the migration to last.-- Whether you need a seamless integration between your on-premises installation and Microsoft 365 during the migration.-
-This table shows your migration options and the most important factors that determine which method to use.
-
-|Migration option|Organization size|Duration|
-||||
-|Cutover migration|Fewer than 150 seats|A week or less|
-|Minimal hybrid migration|Fewer than 150 seats|A few weeks or less|
-|Full hybrid migration|More than 150 seats|A few weeks or more|
-
-The following sections give you an overview of these methods. For more information, see [Decide on a migration path](https://support.office.com/article/Decide-on-a-migration-path-0d4f2396-9cef-43b8-9bd6-306d01df1e27).
-
-### Cutover migration
-
-In a cutover migration, you migrate all your mailboxes, distribution groups, contacts, and so on, to Office 365 at a set date and time. When you're done, you shut down your on-premises Exchange servers and start using Microsoft 365 exclusively.
-
-Cutover migration is great for small organizations that don't have many mailboxes, want to get to Microsoft 365 quickly, and don't want to deal with the complexity of the other methods. But it should be completed in a week or less. And it requires users to reconfigure their Outlook profiles. Cutover migration can migrate up to 2,000 mailboxes, but we recommend you use it for a maximum of 150. If you try to migrate more, you could run out of time to transfer all the mailboxes before your deadline, and your IT support staff may get overwhelmed with requests to help users reconfigure Outlook.
-
-Here are things to consider about cutover migration:
--- Microsoft 365 will need to connect to your Exchange 2010 servers by using Outlook Anywhere over TCP port 443.-- All on-premises mailboxes will be moved to Microsoft 365.-- You'll need an on-premises administrator account that has read access to your users' mailboxes.-- The Exchange 2010 accepted domains that you want to use in Microsoft 365 need to be added as verified domains in the service.-- Between when you start the migration and when you begin the completion phase, Microsoft 365 will periodically synchronize the Microsoft 365 and on-premises mailboxes. This lets you complete the migration without worrying about email being left behind in your on-premises mailboxes.-- Users will receive new temporary passwords for their Microsoft 365 account. They'll need to change those when they sign in to their mailboxes for the first time.-- You'll need a Microsoft 365 license that includes Exchange Online for each user mailbox you migrate.-- Users will need to set up a new Outlook profile on each of their devices and download their email again. The amount of email that Outlook will download can vary. For more information, see [Work offline in Outlook](https://support.microsoft.com/office/f3a1251c-6dd5-4208-aef9-7c8c9522d633).-
-To learn more about cutover migration, see:
--- [What you need to know about a cutover email migration](/Exchange/mailbox-migration/what-to-know-about-a-cutover-migration)-- [Perform a cutover migration of email to Office 365](/Exchange/mailbox-migration/cutover-migration-to-office-365)-
-### Minimal hybrid migration
-
-In a minimal hybrid, or express, migration you move a few hundred mailboxes to Microsoft 365 within a few weeks. This method doesn't support advanced hybrid-migration features like shared free/busy calendar information.
-
-Minimal hybrid migration is great for organizations that need to take more time to migrate their mailboxes to Microsoft 365, but still plan to complete the migration within a few weeks. You get some of the benefits of the more advanced *full-hybrid migration* without much of the complexity. You can control how many and which mailboxes to migrate at a given time. Microsoft 365 mailboxes will be created with the user names and passwords of the on-premises accounts. And, unlike cutover migrations, your users don't have to recreate their Outlook profiles.
-
-Here are things to consider about minimal hybrid migration:
--- You'll need to do a one-time directory synchronization between your on-premises Active Directory servers and Microsoft 365.-- Users will be able to sign in to their Microsoft 365 mailbox with the same user name and password as before their mailbox.-- You'll need a Microsoft 365 license that includes Exchange Online for each user mailbox that you migrate.-- Users won't need to set up a new Outlook profile on most of their devices, though some older Android phones might need a new profile. Users won't need to redownload their email.-
-For more information, see [Use Minimal Hybrid to quickly migrate Exchange mailboxes to Office 365](/Exchange/mailbox-migration/use-minimal-hybrid-to-quickly-migrate).
-
-### Full hybrid
-
-In a full hybrid migration, you have many hundreds, up to tens of thousands, of mailboxes, and you move some or all to Microsoft 365. Because these migrations are typically longer-term, hybrid migrations make it possible to:
--- Show on-premises users the free/busy calendar information for users in Microsoft 365, and vice versa.-- See a unified global address list that contains recipients in both on-premises and Microsoft 365.-- View full Outlook recipient properties for all users, regardless of whether they're on-premises or in Microsoft 365.-- Secure email communication between on-premises Exchange servers and Office 365 using TLS and certificates.-- Treat messages sent between on-premises Exchange servers and Microsoft 365 as internal, enabling them to:
- - Be properly evaluated and processed by transport and compliance agents targeting internal messages.
- - Bypass anti-spam filters.
-
-Full hybrid migrations are best for organizations that expect to stay in a hybrid configuration for many months or more. You get the features listed earlier in this section, plus directory synchronization, better integrated compliance features, and the ability to move mailboxes to and from Microsoft 365 using online mailbox moves. Microsoft 365 becomes an extension of your on-premises organization.
-
-Things to consider about full-hybrid migration:
--- They aren't suited to all organizations. Due to the complexity of full hybrid migrations, organizations with less than a few hundred mailboxes don't typically see benefits that justify the effort and cost involved. In such cases, we recommend that you consider cutover or minimal hybrid migration instead.-- You need to set up directory synchronization using Microsoft Entra Connect between your on-premises Active Directory servers and Microsoft 365.-- Users will be able to sign in to their Microsoft 365 mailbox with same user name and password they use when they sign in to the local network. (This functionality requires Microsoft Entra Connect with password synchronization and/or Active Directory Federation Services).-- You need a Microsoft 365 license that includes Exchange Online for each user mailbox you migrate.-- Users don't need to set up a new Outlook profile on most of their devices, although some older Android phones might need a new profile. Users won't need to redownload their email.-
-> [!IMPORTANT]
-> If your organization chooses to migrate mailboxes to Microsoft 365 but plans to keep DirSync or Microsoft Entra Connect in place to continue managing user accounts from on-premises Active Directory, you need to keep at least one Exchange server on-premises. If all Exchange servers are removed, you won't be able to make changes to Exchange recipients in Exchange Online. This is because the source of authority remains in your on-premises Active Directory and changes need to be made there.
-
-If a full hybrid migration sounds right for you, see the following helpful resources:
--- [Exchange Deployment Assistant](/exchange/exchange-deployment-assistant)-- [Exchange Server Hybrid Deployments](/exchange/exchange-hybrid)-- [Hybrid Configuration wizard](/exchange/hybrid-configuration-wizard)-- [Hybrid Configuration wizard FAQs](/exchange/hybrid-configuration-wizard-faqs)-- [Hybrid deployment prerequisites](/exchange/hybrid-deployment-prerequisites)-
-## Upgrade to a newer version of Exchange Server on-premises
-
-We strongly believe that you get the best value and user experience by migrating fully to Microsoft 365. But we understand that some organizations need to keep some Exchange Servers on-premises. This might be because of regulatory requirements, to guarantee data isn't stored in a foreign datacenter, because you have unique settings or requirements that can't be met in the cloud, or because you need Exchange to manage cloud mailboxes because you still use Active Directory on-premises. In any case, if you keep Exchange on-premises, you should ensure your Exchange 2010 environment is upgraded to at least Exchange 2013 or Exchange 2016.
-
-For the best experience, we recommend that you upgrade your remaining on-premises environment to Exchange 2016. You don't need to install Exchange Server 2013 if you want to go straight from Exchange Server 2010 to Exchange Server 2016.
-
-Exchange 2016 includes all the features of previous releases of Exchange. It most closely matches the experience available with Microsoft 365, although some features are available only in Microsoft 365. Check out just a few of the things you've been missing:
-
-|Exchange release|Features|
-|||
-|**Exchange 2013**|Simplified architecture reduces the number of server roles to three (Mailbox, Client Access, Edge Transport)|
-||Data loss prevention policies (DLP) that help keep sensitive information from leaking|
-||Improved Outlook Web App experience|
-|**Exchange 2016**|*Features from Exchange 2013 and ...*|
-||Further simplified server roles to just Mailbox and Edge Transport|
-||Improved DLP along with integration with SharePoint|
-||Improved database resilience|
-||Online document collaboration|
--
-|Consideration|More information|
-|||
-|End of support dates|Like Exchange 2010, each version of Exchange has its own end-of-support date: <br/><br/> Exchange 2013 - April 2023 <br/><br/> Exchange 2016 - October 2025 <br/><br/> The earlier the end-of-support date, the sooner you'll need to perform another migration. April 2023 is a lot closer than you think!|
-|Migration path to Exchange 2013 or 2016|The migration path from Exchange 2010 to a newer version is the same whether you choose Exchange 2013 or Exchange 2016: <br/><br/> Install Exchange 2013 or 2016 into your existing Exchange 2010 organization. <br/><br/> Move services and other infrastructure to Exchange 2013 or 2016. <br/><br/> Move mailboxes and public folders to Exchange 2013 or 2016 Decommission remaining Exchange 2010 servers.|
-|Version coexistence|When migrating to Exchange 2013 or Exchange 2016, you can install either version into an existing Exchange 2010 organization. This enables you to install one or more Exchange 2013 or Exchange 2016 servers and do your migration.|
-|Server hardware|Server hardware requirements have changed from Exchange 2010. Make sure your hardware is compatible. Find out more about hardware requirements for each version here: <br/><br/> [Exchange 2016 system requirements](/Exchange/plan-and-deploy/system-requirements?view=exchserver-2016&preserve-view=true) <br/><br/> [Exchange 2013 system requirements](/Exchange/exchange-2013-system-requirements-exchange-2013-help) <br/><br/> With the significant improvements in Exchange performance and the increased computing power and storage capacity in newer servers, you'll likely need fewer servers to support the same number of mailboxes.|
-|Operating system version|The minimum supported operating system versions for each version are: <br/><br/> Exchange 2016 - Windows Server 2012 <br/><br/> Exchange 2013 - Windows Server 2008 R2 SP1 <br/><br/> You can find more information about operating system support at [Exchange Supportability Matrix](/exchange/plan-and-deploy/supportability-matrix).|
-|Active Directory forest functional level|The minimum supported Active Directory forest functional levels for each version are: <br/><br/> Exchange 2016 - Windows Server 2008 R2 SP1 <br/><br/> Exchange 2013 - Windows Server 2003 <br/><br/> You can find more information about forest functional level support at [Exchange Supportability Matrix](/exchange/plan-and-deploy/supportability-matrix).|
-|Office client versions|The minimum supported Office client versions for each version are: <br/><br/> Exchange 2016 - Office 2010 (with the latest updates) <br/><br/> Exchange 2013 - Office 2007 SP3 <br/><br/> Find more information about Office client support at [Exchange Supportability Matrix](/exchange/plan-and-deploy/supportability-matrix).|
-
-Use the following resources to help with your migration:
--- [Exchange Deployment Assistant](/exchange/exchange-deployment-assistant)-- Active Directory schema changes for Exchange [2016](/exchange/plan-and-deploy/active-directory/ad-schema-changes?view=exchserver-2016&preserve-view=true), [2013](/Exchange/exchange-2013-active-directory-schema-changes-exchange-2013-help)-- System requirements for Exchange [2016](/exchange/plan-and-deploy/system-requirements?view=exchserver-2016&preserve-view=true), [2013](/Exchange/exchange-2013-system-requirements-exchange-2013-help)-- Prerequisites for Exchange [2016](/exchange/plan-and-deploy/prerequisites?view=exchserver-2016&preserve-view=true), [2013](/Exchange/exchange-2013-prerequisites-exchange-2013-help)-
-## Summary of options for Office 2010 client and servers and Windows 7
-
-For a visual summary of the upgrade, migrate, and move-to-the-cloud options for Office 2010 clients and servers and Windows 7, see the [end of support poster](https://download.microsoft.com/download/2/7/d/27da4118-32ae-4ffe-90d8-a61e7c895ba0/Office2010Windows7EndOfSupport.pdf).
-
-[![End of support for Office 2010 clients and servers and Windows 7 poster.](../media/microsoft-365-overview/office2010-windows7-end-of-support.png)](https://download.microsoft.com/download/2/7/d/27da4118-32ae-4ffe-90d8-a61e7c895ba0/Office2010Windows7EndOfSupport.pdf)
-
-This one-page poster illustrates the various paths you can take to respond to Office 2010 client and server products and Windows 7 reaching end of support, with preferred paths and option support in Microsoft 365 Enterprise highlighted.
-
-You can also [download](https://download.microsoft.com/download/2/7/d/27da4118-32ae-4ffe-90d8-a61e7c895ba0/Office2010Windows7EndOfSupport.pdf) this poster and print it in letter, legal, or tabloid (11 x 17) format.
-
-## What if I need help?
-
-If you're migrating to Microsoft 365, you might be eligible to use our Microsoft FastTrack service. FastTrack provides best practices, tools, and resources to make your migration to Microsoft 365 as seamless as possible. Best of all, you'll have a support engineer walk you through from planning and design to migrating your last mailbox. For more about FastTrack, see [Microsoft FastTrack](https://fasttrack.microsoft.com/).
-
-If you run into problems during your migration to Microsoft 365 and you aren't using FastTrack, or you're migrating to a newer version of Exchange Server, here are some resources you can use:
--- [Technical community](https://social.technet.microsoft.com/Forums/office/home?category=exchangeserver)-- [Customer support](https://support.microsoft.com/gp/support-options-for-business)-
-## Related articles
-
-[Resources to help you upgrade from Office 2010 servers and clients](upgrade-from-office-2010-servers-and-products.md)
enterprise Exchange 2013 End Of Support https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/exchange-2013-end-of-support.md
- Title: "Exchange 2013 end of support roadmap"--- Previously updated : 08/10/2020----- NOCSH
-description: "Exchange 2013 will reach its end of support in April 2023. Use this planning roadmap to prepare to upgrade to Exchange Online or to a later version of Exchange Server on-premises."
--
-# Exchange 2013 end of support roadmap
-
-*This article applies to both Microsoft 365 Enterprise and Office 365 Enterprise.*
-
-Exchange Server 2013 will reach its end of support on **April 11, 2023**. If you haven't already begun your migration from Exchange 2013 to Microsoft 365, Office 365, or Exchange 2019, now's the time to start planning.
-
-## What does *end of support* mean?
-
-Most Microsoft products have a support lifecycle during which they get new features, bug fixes, security fixes, and so on. This lifecycle typically lasts for 10 years from the product's initial release. The end of this lifecycle is known as the product's end of support. Because Exchange 2013 reaches its end of support on April 11, 2023, Microsoft will no longer provide the following after this date:
--- Technical support for problems that may occur.-- Bug fixes for issues that may impact the stability and usability of the server.-- Security fixes for vulnerabilities that may make the server vulnerable to security breaches.-- Time zone updates.-
-Your installation of Exchange 2013 will continue to run after this date. But because of the changes listed above, we strongly recommend that you migrate from Exchange 2013 to Exchange 2019 as soon as possible.
--
-## What are my options?
-
-It's a great time to explore your options and prepare a migration plan. You can:
--- Migrate to Microsoft 365. Migrate mailboxes, public folders, and other data using cutover, minimal hybrid, or full hybrid migration. Then, remove on-premises Exchange servers and Active Directory.-- Upgrade Exchange 2013. Move to Exchange 2019 for your on-premises servers.-
-> [!IMPORTANT]
-> If your organization chooses to migrate mailboxes to Microsoft 365 but plans to keep using Microsoft Entra Connect to manage user accounts in Active Directory, you need to keep at least one Microsoft Exchange server on-premises. If you remove all Exchange servers, you won't be able to make changes to Exchange recipients in Exchange Online because the source of authority is your on-premises Active Directory. In this scenario, you have the following options:
->
->- *Recommended:* Migrate your mailboxes to Microsoft 365 and upgrade your environment to Exchange 2019 by April 11, 2023. Use Exchange 2013 to connect to Microsoft 365 and migrate mailboxes. Next, upgrade from Exchange 2013 to Exchange 2019, and decommission servers running Exchange 2013.
->- If you can't complete a migration to Exchange Online and upgrade your on-premises servers by April 11, 2023, upgrade from Exchange 2013 to Exchange 2019 first and then use Exchange 2019 to migrate mailboxes to Microsoft 365.
-
-Here are the three paths you can take to avoid the end of support for Exchange Server 2013.
-
-## Migrate to Microsoft 365
-
-Migrating to Microsoft 365 is the best and simplest option to help you retire your Exchange 2013 deployment. With a migration to Microsoft 365, you can make a single hop from old technology to current features, including:
--- Larger mailboxes with greater data resilience;-- Security capabilities such as anti-spam and antimalware protection, -- Compliance capabilities such as Data Loss Prevention, Retention Policies, In-Place and Litigation Hold, in-place eDiscovery, and more;-- Integration with SharePoint Online, OneDrive, Teams, Power BI, and other Microsoft 365 services;-- Focused Inbox; and-- Advanced analytics and Viva Insights.-
-Microsoft 365 also gets new features and experiences first, so your organization can start using them right away. Also, you won't have to worry about:
--- Purchasing and maintaining hardware;-- Paying to run and cool your servers;-- Keeping servers up to date on security, product, and time-zone fixes;-- Maintaining server storage and software to support compliance requirements; or-- Upgrading to a new version of Exchange; you're always on the latest version with Microsoft 365.-
-### How should I migrate to Microsoft 365?
-
-Depending on your organization, you have a few options to get to Microsoft 365. First, you need to consider a few things, such as:
--- The number of mailboxes you need to move;-- How long you want the migration to last; and-- Whether you need a seamless integration between your on-premises environment and Microsoft 365 during the migration.-
-This table shows your migration options and the most important factors that determine which method to use.
-
-<br>
-
-****
-
-|Migration option|Organization size|Duration|
-||||
-|Cutover migration|Fewer than 150 mailboxes|A week or less|
-|Minimal hybrid migration|Fewer than 150 mailboxes|A few weeks or less|
-|Full hybrid migration|More than 150 mailboxes|A few weeks or more|
-|
-
-The following sections give you an overview of these methods. For more information, see [Decide on a migration path](https://support.office.com/article/Decide-on-a-migration-path-0d4f2396-9cef-43b8-9bd6-306d01df1e27).
-
-### Cutover migration
-
-In a cutover migration, you migrate all your mailboxes, distribution groups, contacts, and so on, to Office 365 at a set date and time. When you're done, you shut down your on-premises Exchange servers and start using Microsoft 365 exclusively.
-
-Cutover migration is great for small organizations that don't have many mailboxes, want to get to Microsoft 365 quickly, and don't want to deal with the complexity of the other methods. But it should be completed in a week or less. And it requires users to reconfigure their Outlook profiles. Cutover migration can migrate up to 2,000 mailboxes, but we recommend you use it for a maximum of 150. If you try to migrate more, you could run out of time to transfer all the mailboxes before your deadline, and your IT support staff may get overwhelmed with requests to help users reconfigure Outlook.
-
-Here are things to consider about cutover migration:
--- Microsoft 365 will need to connect to your Exchange 2013 servers by using Outlook Anywhere over TCP port 443.-- All on-premises mailboxes will be moved to Microsoft 365.-- You'll need an on-premises administrator account that has read access to your users' mailboxes.-- The Exchange 2013 accepted domains that you want to use in Microsoft 365 need to be added as verified domains in the service.-- Between when you start the migration and when you begin the completion phase, Microsoft 365 will periodically synchronize the Microsoft 365 and on-premises mailboxes. This lets you complete the migration without worrying about email being left behind in your on-premises mailboxes.-- Users will receive new temporary passwords for their Microsoft 365 account. They'll need to change those when they sign in to their mailboxes for the first time.-- You'll need a Microsoft 365 license that includes Exchange Online for each user mailbox you migrate.-- Users will need to set up a new Outlook profile on each of their devices and download their email again. The amount of email that Outlook will download can vary. For more information, see [Work offline in Outlook](https://support.microsoft.com/office/f3a1251c-6dd5-4208-aef9-7c8c9522d633).-
-To learn more about cutover migration, see:
--- [What you need to know about a cutover email migration](/Exchange/mailbox-migration/what-to-know-about-a-cutover-migration)-- [Perform a cutover migration of email to Office 365](/Exchange/mailbox-migration/cutover-migration-to-office-365)-
-### Minimal hybrid migration
-
-In a minimal hybrid, or express, migration you move a few hundred mailboxes to Microsoft 365 within a few weeks. This method doesn't support advanced hybrid-migration features like shared free/busy calendar information.
-
-Minimal hybrid migration is great for organizations that need to take more time to migrate their mailboxes to Microsoft 365, but still plan to complete the migration within a few weeks. You get some of the benefits of the more advanced *full-hybrid migration* without much of the complexity. You can control how many and which mailboxes to migrate at a given time. Microsoft 365 mailboxes will be created with the user names and passwords of the on-premises accounts. And, unlike cutover migrations, your users don't have to recreate their Outlook profiles.
-
-Here are things to consider about minimal hybrid migration:
--- You'll need to do a one-time directory synchronization between your on-premises Active Directory servers and Microsoft 365.-- Users will be able to sign in to their Microsoft 365 mailbox with the same user name and password as before their mailbox.-- You'll need a Microsoft 365 license that includes Exchange Online for each user mailbox that you migrate.-- Users won't need to set up a new Outlook profile on most of their devices, though some older Android phones might need a new profile. Users won't need to redownload their email.-
-For more information, see [Use Minimal Hybrid to quickly migrate Exchange mailboxes to Office 365](/Exchange/mailbox-migration/use-minimal-hybrid-to-quickly-migrate).
-
-### Full hybrid
-
-In a full hybrid migration, you have many hundreds, up to tens of thousands, of mailboxes, and you move some or all to Microsoft 365. Because these migrations are typically longer-term, hybrid migrations make it possible to:
--- Show on-premises users the free/busy calendar information for users in Microsoft 365, and vice versa.-- See a unified global address list that contains recipients in both on-premises and Microsoft 365.-- View full Outlook recipient properties for all users, regardless of whether they're on-premises or in Microsoft 365.-- Secure email communication between on-premises Exchange servers and Office 365 using TLS and certificates.-- Treat messages sent between on-premises Exchange servers and Microsoft 365 as internal, enabling them to:
- - Be properly evaluated and processed by transport and compliance agents targeting internal messages.
- - Bypass anti-spam filters.
-
-Full hybrid migrations are best for organizations that expect to stay in a hybrid configuration for many months or more. You get the features listed earlier in this section, plus directory synchronization, better integrated compliance features, and the ability to move mailboxes to and from Microsoft 365 using online mailbox moves. Microsoft 365 becomes an extension of your on-premises organization.
-
-Things to consider about full-hybrid migration:
--- They aren't suited to all organizations. Due to the complexity of full hybrid migrations, organizations with less than a few hundred mailboxes don't typically see benefits that justify the effort and cost involved. In such cases, we recommend that you consider cutover or minimal hybrid migration instead.-- You need to set up directory synchronization using Microsoft Entra Connect between your on-premises Active Directory servers and Microsoft 365.-- Users will be able to sign in to their Microsoft 365 mailbox with same user name and password they use when they sign in to the local network. (This functionality requires Microsoft Entra Connect with password synchronization and/or Active Directory Federation Services).-- You need a Microsoft 365 license that includes Exchange Online for each user mailbox you migrate.-- Users don't need to set up a new Outlook profile on most of their devices, although some older Android phones might need a new profile. Users won't need to redownload their email.-
-> [!IMPORTANT]
-> If your organization chooses to migrate mailboxes to Microsoft 365 but plans to keep Microsoft Entra Connect to manage user accounts in Active Directory, you need to keep at least one Exchange server on-premises. If all Exchange servers are removed, you won't be able to make changes to Exchange recipients. This is because the source of authority is Active Directory and changes need to be made there.
-
-If a full hybrid migration sounds right for you, see the following helpful resources:
--- [Exchange Deployment Assistant](/exchange/exchange-deployment-assistant)-- [Exchange Server Hybrid Deployments](/exchange/exchange-hybrid)-- [Hybrid Configuration wizard](/exchange/hybrid-configuration-wizard)-- [Hybrid Configuration wizard FAQs](/exchange/hybrid-configuration-wizard-faqs)-- [Hybrid deployment prerequisites](/exchange/hybrid-deployment-prerequisites)-
-## Upgrade to a newer version of Exchange Server on-premises
-
-We strongly believe that you get the best value and user experience by migrating fully to Microsoft 365. But we understand that some organizations need to keep some Exchange servers on-premises. This might be because of regulatory requirements, to guarantee data isn't stored in a foreign datacenter, because you have unique settings or requirements that can't be met in the cloud, or because you need Exchange to manage cloud mailboxes because you still use Active Directory on-premises. In any case, if you keep Exchange on-premises, you should ensure your Exchange 2013 environment is upgraded.
-
-For the best experience, we recommend that you upgrade your remaining on-premises environment to Exchange 2019. You don't need to install Exchange Server 2016 because you can go directly from Exchange Server 2013 to Exchange Server 2019. Exchange 2019 most closely matches the experience available with Microsoft 365, although some features are available only in Microsoft 365.
---
-****
-Below are important things to know about upgrading Exchange 2013:
-
-|Item|More information|
-|||
-|End of support dates|Like Exchange 2013, each version of Exchange has its own end-of-support date: <p> Exchange 2013 - April 2023 <p> April 2023 is a lot closer than you think!|
-|Migration path to Exchange 2019|The migration path from Exchange 2013 to a newer version is simple: <p> Install Exchange 2019 into your existing Exchange 2013 organization. <p> Move services and data from Exchange 2013 to Exchange 2019 and decommission Exchange 2013 servers.|
-|Server hardware|Server hardware requirements have changed from Exchange 2013. Make sure your hardware is compatible. Find out more about hardware requirements here: <p> [Exchange 2019 system requirements](/exchange/plan-and-deploy/system-requirements?view=exchserver-2019&preserve-view=true) <p>With the significant improvements in Exchange performance and the increased computing power and storage capacity in newer servers, you'll likely need fewer servers to support the same number of mailboxes.|
-|Operating system version|The minimum supported operating system version for Exchange 2019 is Windows Server 2019. Windows Server 2022 support is coming soon <p> You can find more information about operating system support at [Exchange Supportability Matrix](/exchange/plan-and-deploy/supportability-matrix).|
-|Active Directory forest functional level|The minimum supported Active Directory forest functional level is Windows Server 2012 R2. You can find more information about forest functional level support at [Exchange Supportability Matrix](/exchange/plan-and-deploy/supportability-matrix).|
-|Office client versions|The minimum supported Office client version is also documented in the [Exchange Supportability Matrix](/exchange/plan-and-deploy/supportability-matrix?view=exchserver-2019#clients&preserve-view=true).|
-|
-
-Use the following resources to help with your migration:
--- [Exchange Deployment Assistant](/exchange/exchange-deployment-assistant)-- Active Directory [schema changes for Exchange 2019](/exchange/plan-and-deploy/active-directory/ad-schema-changes?view=exchserver-2019&preserve-view=true)-- System [requirements for Exchange 2019](/exchange/plan-and-deploy/system-requirements?view=exchserver-2019&preserve-view=true)--
-## What if I need help?
-
-If you're migrating to Microsoft 365, you might be eligible to use our Microsoft FastTrack service. FastTrack provides best practices, tools, and resources to make your migration to Microsoft 365 as seamless as possible. Best of all, you'll have a support engineer walk you through from planning and design to migrating your last mailbox. For more about FastTrack, see [Microsoft FastTrack](https://fasttrack.microsoft.com/).
-
-If you run into problems during your migration to Microsoft 365 and you aren't using FastTrack, or you're migrating to a newer version of Exchange Server, here are some resources you can use:
--- [Technical community](https://social.technet.microsoft.com/Forums/office/home?category=exchangeserver)-- [Customer support](https://support.microsoft.com/gp/support-options-for-business)
enterprise Placeholder https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/placeholder.md
- Title: Placeholder article-- NOCSH--- Previously updated : 09/19/2019----- scotvorg-- M365-subscription-management-
-description: TBD.
--
-# Placeholder article
-
-This article is a placeholder for now.
enterprise Plan Upgrade Previous Versions Office https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/plan-upgrade-previous-versions-office.md
- Title: "Plan your upgrade from Office 2007 or 2010 servers and clients"--- Previously updated : 08/10/2020---- MET150--- scotvorg-- Ent_O365-- NOCSH--- seo-marvel-apr2020
-description: "This article contains resources for users using Office 2007 or Office 2010 to help them plan their upgrade."
--
-# Plan your upgrade from Office 2007 or Office 2010 servers and clients
-
-*This article applies to both Microsoft 365 for Enterprise and Office 365 for Enterprise.*
-
-If your organization uses old versions of Office products and servers, now is a great time to start planning your upgrade. Office 2007 products and services have reached their [end of support](upgrade-from-office-2007-servers-and-products.md). For Office 2010 products and
--- Office 2010 and Exchange 2010 reached their end of support on *October 13, 2020*. -- SharePoint 2010 and Project Server 2010 will reach their end of support on *April 13, 2021*. -
-For more information, see [Upgrade from Office 2010 servers and clients](upgrade-from-office-2010-servers-and-products.md).
-
-Use the resources in this article to get started on your upgrade.
-
-## What is Microsoft 365?
-
-[Microsoft 365](https://www.microsoft.com/microsoft-365) is a combination of innovative Office apps, intelligent cloud services, and world-class security that's designed to help you achieve more.
-
-Microsoft 365 includes the licenses and capabilities to help ensure that your organization is working on the latest Windows operating system. It also ensures that your Windows, iOS, and Android devices are enrolled with and secured by policies that require authentication and data protection. Additionally, Windows 10 and your Microsoft 365 Apps for Enterprise (previously named Office 365 ProPlus) client software is continually updated to include the latest features and security updates.
-
-Microsoft 365 is the way to digitally transform your business with constantly improving devices and productivity experiences that are enabled and secured by the Microsoft cloud.
-
-|Resource|Description|
-|||
-|[Microsoft 365](https://www.microsoft.com/microsoft-365)|Get information about the versions of Microsoft 365.|
-|[Microsoft 365 for Business documentation](../admin/index.yml)|Get detailed information about the version of Microsoft 365 for small and medium businesses.|
-|[Microsoft 365 for Education documentation](/microsoft-365/education/)|Get detailed information about the version of Microsoft 365 for educational organizations.|
-|[Microsoft 365 for Enterprise documentation](./index.yml)|Get detailed information about the version of Microsoft 365 for enterprise organizations.|
-|||
-
-## What happens if I don't upgrade?
-
-You can choose not to upgrade at this time. Your on-premises servers and applications will continue to run. But when you no longer receive security updates or support options, your organization could be vulnerable to security breaches. We strongly recommend that you plan your upgrade soon. You can upgrade to Microsoft 365 or to newer versions of your on-premises servers and applications.
-
-## What upgrade options are available?
-
-Organizations should consider several upgrade options:
--- **Upgrade your on-premises servers and applications.** If you're using Office products and server applications on-premises, see the following planning content:<br/> -
- |Office 2007 products and services|Office 2010 products and services|
- |||
- |[Office 2007](/DeployOffice/office-2007-end-support-roadmap) (Desktop)|[Office 2010](/DeployOffice/office-2010-end-support-roadmap) (Desktop)|
- |[Exchange 2007](exchange-2007-end-of-support.md)|[Exchange 2010](exchange-2010-end-of-support.md)|
- |[SharePoint 2007](sharepoint-2007-end-of-support.md)|[SharePoint 2010](upgrade-from-sharepoint-2010.md)|
- |[Office Communications Server](/skypeforbusiness/plan-your-deployment/upgrade)|[Lync Server 2010](/skypeforbusiness/plan-your-deployment/upgrade)|
- |[Project Server 2007](project-server-2007-end-of-support.md)|[Project Server 2010](project-server-2010-end-of-support.md)|
- |[PerformancePoint Server 2007](pps-2007-end-of-support.md)||
-
-- **Implement a hybrid solution with Microsoft 365 or Office 365.** A hybrid solution uses your on-premises servers and applications and their cloud equivalents. If you're moving to the cloud in phases or you must keep some server and applications on-premises, a hybrid solution might be right for your organization. For more information, see [Microsoft cloud architecture models](../solutions/cloud-architecture-models.md).
-
-- **Move to the cloud with Microsoft 365 or Office 365.** For many customers, moving to the cloud is an efficient and cost-effective solution. A complete move to the cloud makes setup and ongoing management easier. This option seamlessly provides all the latest features and security updates. For more information, see the [What is Microsoft 365?](#what-is-microsoft-365) section in this article.
-
-## Can I get help for my organization?
-
-If you want help with planning your upgrade, consider one or more of the following options:
--- Work with a partner or volume licensing specialist. [Find your Microsoft 365 partner or reseller](https://support.office.com/article/b6c18a9b-2aed-4c84-9d75-af709160258c.aspx). --- If your organization purchases a qualifying number of Microsoft 365 licenses, our FastTrack team can help you through the setup process. For more information, see [FastTrack for Microsoft 365](https://www.microsoft.com/fasttrack/microsoft-365).--- If you're part of a small organization, or if you prefer to handle your organization's Office upgrade yourself, see [Upgrade your Microsoft 365 Business users to the latest Office client](/office365/admin/setup/upgrade-users-to-latest-office-client).
-
-## I'm a home user. What do I do?
-
-If you're using Office 2007 or Office 2010 at home, consider the following upgrade options:
--- **Use Office in a browser for free.** Create, view, and edit Office files in your browser. Get access to those files from just about any device that has internet access. -
- [Office on the web](https://products.office.com/office-online/documents-spreadsheets-presentations-office-online) includes [Word for the web](https://go.microsoft.com/fwlink/p/?linkid=746664), [Excel for the web](https://go.microsoft.com/fwlink/p/?linkid=746665), [PowerPoint for the web](https://go.microsoft.com/fwlink/p/?linkid=746666), [OneNote for the web](https://go.microsoft.com/fwlink/p/?linkid=746674), [Sway](https://go.microsoft.com/fwlink/p/?linkid=746675), [Email](https://go.microsoft.com/fwlink/p/?linkid=746676), [Calendar](https://go.microsoft.com/fwlink/p/?linkid=746678), and [OneDrive](https://go.microsoft.com/fwlink/p/?linkid=746679). To get started, visit [Office.com](https://office.com) and sign in by using your [Microsoft account](https://account.microsoft.com/account). If you don't have a Microsoft account, you can create one at [Office.com](https://office.com).
--- **Try Microsoft 365 Family.** Start a trial of [Microsoft 365 Family](https://www.microsoft.com/microsoft-365/p/microsoft-365-family/cfq7ttc0k5dm?rtc=2&activetab=pivot:overviewtab) to see how it works for you. With Microsoft 365 Family, you'll enjoy cloud storage with OneDrive.-
- Support for Windows 7 [ended on January 14, 2020](https://www.microsoft.com/microsoft-365/windows/end-of-windows-7-support). The versions of Word, Excel, PowerPoint, Outlook, Publisher, and Access that are provided with Office 365 Home or Office 365 Personal and that run on Windows 7 devices receive security updates but not feature updates. To continue receiving feature updates for these applications, [upgrade your Windows 7 devices to Windows 10](https://support.microsoft.com/help/12435/windows-10-upgrade-faq).
-
-- **Purchase Office Home &amp; Student.** If you choose this option, you make a one-time purchase and then install Office on your Windows PC or Mac. This purchase isn't a subscription; it's a one-time, perpetual-use license for one computer. View the [requirements](https://office.com/systemrequirements) and then choose a version.-
- - If your Windows PC is running Windows 10, consider getting [Office Home & Student 2019](https://www.microsoft.com/p/office-home-student-2019/cfq7ttc0k7c8).
-
- - If your Windows PC is running Windows 7, 8, or 8.1 and you're not upgrading to Windows 10 now, consider getting Office Home & Student 2016 or another edition of Microsoft Office. You can get it from an authorized reseller.
-
- Support for Windows 7 [ended on January 14, 2020](https://www.microsoft.com/microsoft-365/windows/end-of-windows-7-support). Microsoft no longer provides security updates for it. Upgrade your Windows 7 devices to Windows 10 for continued security and feature updates and ongoing support.
-
-If you choose not to upgrade now, your Office apps will continue to run according to the [timelines](https://support.microsoft.com/lifecycle/search/13615). However, to get security updates or new and improved features, you need to upgrade.
-
-## Next steps
--- [Upgrade from Office 2007 servers and clients](upgrade-from-office-2007-servers-and-products.md)-- [Upgrade from Office 2010 servers and clients](upgrade-from-office-2010-servers-and-products.md)
-
-## Related topics
-
-[Microsoft Lifecycle Policy](/lifecycle/)
enterprise Powershell Roadmap Microsoft 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/powershell-roadmap-microsoft-365.md
- Title: PowerShell roadmap for Microsoft 365-- NOCSH--- Previously updated : 09/19/2019----- scotvorg-- M365-subscription-management-
-description: The roadmap to use PowerShell for Microsoft 365.
--
-# PowerShell roadmap for Microsoft 365
-
-PowerShell roadmap content
-
-## Next step
-
-TBD
enterprise Pps 2007 End Of Support https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/pps-2007-end-of-support.md
- Title: "PerformancePoint Server 2007 end of support roadmap"--- Previously updated : 08/10/2020----- scotvorg-- Ent_O365-- PSV120-- PDD140-- MET150-- NOCSH
-description: PerformancePoint Server 2007, ProClarity, and SharePoint Server 2007 have reached end of support. Read this article to help plan your BI solution upgrade.
--
-# PerformancePoint Server 2007 end of support roadmap
-
-*This article applies to both Microsoft 365 Enterprise and Office 365 Enterprise.*
-
-Office 2007 servers and applications have reached their end of support, including servers and applications that you might be using as part of your business intelligence (BI) solutions. The following table lists BI applications that are affected:
-
-|**Microsoft BI applications**|**Date support ended**|
-|:--|:--|
-|ProClarity Analytics Server 6.3 Service Pack 3 <br/> ProClarity Desktop Professional 6.3 <br/> ProClarity SharePoint Viewer 6.3 <br/> |July 11, 2017 <br/> |
-|SharePoint Server 2007 Service Pack 3 <br/> |October 10, 2017 <br/> |
-|PerformancePoint Server 2007 Service Pack 3 <br/> |January 9, 2018 <br/> |
-
-For more information, see [Resources to help you upgrade from Office 2007 servers and clients](upgrade-from-office-2007-servers-and-products.md).
-
-## What does *end of support* mean?
-
-Like most Microsoft products, PerformancePoint Server 2007 SP3, ProClarity software, and SharePoint Server 2007 SP3, have a support lifecycle, during which Microsoft provides new features, bug fixes, and security updates. The lifecycle for a product typically lasts for 10 years from the product's initial release. The end of that lifecycle is known as the product's end of support. As ProClarity, PerformancePoint Server, and SharePoint Server 2007 have reached their end of support, Microsoft no longer provides:
-
-- Technical support for problems that may occur.
-
-- Bug fixes for issues that are discovered and that may impact the stability and usability of servers.
-
-- Security fixes for vulnerabilities that are discovered and that may make servers or applications vulnerable to security breaches.
-
-- Time zone updates.
-
-Your installation of ProClarity, SharePoint Server 2007 SP3, and PerformancePoint Server 2007 SP3 will continue to run even though support has ended. However, we strongly recommend that you migrate from these applications as soon as possible.
-
-## What are my options?
-
-There have been lots of changes to Microsoft BI applications since 2007, and you have several options to consider, as summarized in the following table.
-
-|**If you were using this ...**|**Explore these options ...**|**And keep this in mind ...**|
-|:--|:--|:--|
-| PerformancePoint Server 2007 Monitoring &amp; Analytics capabilities, including:<br/>- PerformancePoint Monitoring Server <br/>- PerformancePoint Dashboard Designer<br/>- Dashboard Viewer for SharePoint Services (used for rendering PerformancePoint dashboards, scorecards, and reports)<br/> |**Excel with Excel in a browser** (in the cloud or on-premises). For an overview, see [BI capabilities in Excel and Microsoft 365](https://support.office.com/article/26c0548e-124c-4fd3-aab3-5f64568cb743.aspx).<br/><br/> **Power BI** (in the cloud or on-premises). For an overview, see [What is Power BI?](https://go.microsoft.com/fwlink/?linkid=841341) <br/><br/> **SQL Server Reporting Services** (on-premises). For an overview, see [SQL Server Reporting Services (SSRS): Create, deploy, and manage mobile and paginated reports](/sql/reporting-services/create-deploy-and-manage-mobile-and-paginated-reports). <br/><br/> **PerformancePoint Services** (on-premises). For an overview, see [What's new for PerformancePoint Services (SharePoint Server 2010)](/previous-versions/office/sharepoint-server-2010/ee661741(v=office.14)). <br/> |Excel is available as an online (cloud-based) or on-premises solution. Many reporting and dashboard needs can be met with Excel. <br/><br/> Power BI is available as an online or on-premises solution. Power BI isn't included in Microsoft 365. But you can start using Power BI for free. Later, depending on your data usage and business needs, you can upgrade to Power BI Pro with Microsoft 365 E5.<br/> <br/> Reporting Services and PerformancePoint Services are both on-premises solutions. <br/><br/> PerformancePoint Services is available in SharePoint Server 2010, SharePoint Server 2013, and SharePoint Server 2016. <br/> <br/> Some features and report types that were available in PerformancePoint Server 2007 aren't available in Excel, Power BI, Reporting Services, or PerformancePoint Services. Review the available features to determine the best solution for your business needs. <br/> |
-| ProClarity software, including:<br/>- ProClarity Desktop Professional<br/> - ProClarity Analytics Server<br/>- ProClarity SharePoint Viewer<br/> |**Work with a Microsoft partner** to identify a solution that best meets your needs. Visit the [Microsoft Partner Center](https://go.microsoft.com/fwlink/?linkid=841249). <br/><br/> You can also consider using Excel with Excel in a browser, Power BI, SQL Server Reporting Services, or PerformancePoint Services. <br/> |Several but not all features of ProClarity software are available in other Microsoft offerings, including Excel, Power BI, Reporting Services, and PerformancePoint Services. <br/> |
-|SharePoint Server 2007 KPIs (also called MOSS KPIs) <br/> |**Excel with Excel Services**. For an overview, see [Business intelligence in Excel and Excel Services (SharePoint Server 2013)](https://support.office.com/article/2740f10c-579d-4b40-a1d9-7beb5d38547c.aspx). <br/> |MOSS KPIs that were created using SharePoint Server 2007 can be used in SharePoint Server 2010, SharePoint Server 2013, and SharePoint Server 2016. But you can't create new MOSS KPIs. <br/> |
-|Excel 2007 <br/> |**Excel** (in the cloud or on-premises). For an overview, see [BI capabilities in Excel and Office 365](https://support.office.com/article/26c0548e-124c-4fd3-aab3-5f64568cb743.aspx). <br/><br/> **Power BI** (in the cloud or on-premises). For an overview, see [What is Power BI?](https://go.microsoft.com/fwlink/?linkid=841341) <br/> |Both Excel and Power BI offer your organization cloud-based and on-premises solutions, with support for a wide variety of data sources. <br/> |
-
-### Help selecting a solution
-
-With so many BI choices available, it might seem overwhelming to determine which option is best. We have an online guide available to help. See [Choosing Microsoft Business Intelligence (BI) tools for analysis and reporting](/sql/reporting-services/choosing-microsoft-business-intelligence-bi-tools-for-analysis-and-reporting).
-
-### What if I don't upgrade now?
-
-You can choose to not upgrade immediately. Your existing servers and applications will continue to run. But you won't receive any further updates, including security updates, since support has ended. And if something goes wrong with your server applications you won't be able to get help from Microsoft technical support.
-
-## How do I plan my upgrade?
-
-After you explore your upgrade options, the next step is to prepare an upgrade plan. The following sections include information and additional resources to help. You have four main options, including two that work both in the cloud or on-premises, and two that are on-premises-only:
-
-|**Option**|**In the cloud or on-premises?**|
-|:--|:--|
-|[Excel with SharePoint Server (on-premises)](#excel-with-sharepoint-server-on-premises) <br/> |Both <br/> |
-|[Power BI](#use-power-bi-in-the-cloud-or-on-premises)<br/> |Both <br/> |
-|[Reporting Services](#use-reporting-services-on-premises) <br/> |On-premises only <br/> |
-|[PerformancePoint Services](#use-performancepoint-services-on-premises) <br/> |On-premises only <br/> |
-
-### Use Excel (in the cloud or on-premises)
-
-With Excel, which is also known as *Excel Services* in SharePoint Server, you can view and use workbooks in a browser window, even if Excel isn't installed on the computer. You can use Excel to create reports, scorecards, and dashboards. Then, share your workbooks with others, who can use Excel in a browser, whether they're using SharePoint Online as part of Microsoft 365 or SharePoint Server on-premises. You can use data stored on-premises or in the cloud, which enables you to use a wide variety of data sources.
-
-The following table compares key advantages of using Excel with Microsoft 365 to using Excel with SharePoint Server. More information follows.
-
-|**Excel with Microsoft 365 (in the cloud)**|**Excel with SharePoint Server (on-premises)**|
-|:--|:--|
-|**You get the latest, greatest version of Excel**. With Microsoft 365, you get the latest version of Excel, which includes powerful new chart types, the ability to create charts and tables quickly and easily, and support for more data sources. <br/> <br/> **Setup is much simpler**. Excel is included with Microsoft 365 for business, so there's no heavy lifting on your part. Sign up and sign in, and you'll be up and running faster and more efficiently than if you upgrade your on-premises servers. <br/> <br/> **People have everywhere access to their workbooks**. People can securely view workbooks from wherever they are, using their computer, smart phone, and tablet. <br/> <br/> **There's more!** See [BI capabilities in Excel and Office 365](https://support.office.com/article/26c0548e-124c-4fd3-aab3-5f64568cb743.aspx). <br/> |**You manage your global settings**. As a SharePoint administrator, you can specify global settings, such as security, load balancing, session management, workbook caching, and external data connections. <br/> <br/> **You can use Excel Services with PerformancePoint Services**. You can configure Excel Services and PerformancePoint Services as part of your SharePoint Server installation, and include Excel Services reports in your PerformancePoint dashboards. <br/> <br/> **There's more!** See [Business intelligence in Excel and Excel Services (SharePoint Server 2013)](https://support.office.com/article/2740f10c-579d-4b40-a1d9-7beb5d38547c.aspx). <br/> |
-
-#### Excel with Microsoft 365 (in the cloud)
-
-If you move to Microsoft 365, you'll have the most up-to-date services and applications, including Excel 2016. PerformancePoint Services isn't available in Microsoft 365, so you'll be replacing your PerformancePoint dashboard content with Excel workbooks or other reports. The good news is that Excel 2016 has lots of new chart types, and it's easier than ever to create impressive dashboards in Excel. And new features are added regularly. To learn more, see [What's New in Excel 2016 for Windows](https://support.office.com/article/5fdb9208-ff33-45b6-9e08-1f5cdb3a6c73.aspx).
-
-Also, if you purchase 50 seats or more of Microsoft 365, the Microsoft FastTrack team can help you get set up. To learn more, visit [FastTrack](https://www.microsoft.com/fasttrack/microsoft-365).
-
-#### Excel with SharePoint Server (on-premises)
-
-If you upgrade to a newer version of SharePoint, you can use Excel with Excel Services or in a browser, as follows:
-
-- Excel Services in SharePoint Server 2010
-
-- Excel Services in SharePoint Server 2013
-
-- Excel, which is part of Office Online Server, installed separately from SharePoint Server 2016
-
-You can configure PerformancePoint Services in your new version of SharePoint Server as well, and use that together with Excel.
-
-To learn more about your SharePoint upgrade options, see [SharePoint Server 2007 end of support Roadmap](sharepoint-2007-end-of-support.md).
-
-To learn more about Excel Services, see [Excel Services overview (SharePoint Server 2010)](/previous-versions/office/sharepoint-server-2010/ee424405(v=office.14)).
-
-### Use Power BI (in the cloud or on-premises)
-
-Power BI is a suite of business analytics tools to analyze data and share insights. With Power BI, you can use on-premises or online data sources to create interactive reports and dashboards. People can view and use your reports and dashboards on their computers or mobile devices.
-
-Power BI isn't part of Microsoft 365 or SharePoint Server. It's a separate offering that includes Power BI Desktop, Power BI gateways, and the Power BI service. Power BI also integrates with SharePoint Online. You can get started with Power BI for free. Based on your data usage and business needs, you can later upgrade to Power BI Pro with Microsoft 365 E5. To learn more, see [What is Power BI?](https://go.microsoft.com/fwlink/?linkid=841341)
-
-### Use Reporting Services (on-premises)
-
-SQL Server Reporting Services provides a robust reporting solution. You can configure Reporting Services in either native mode or SharePoint-integrated mode. You can use several different tools to author reports, including Report Designer, Report Builder, and Power View. With the latest release of SQL Server, you can also use SQL Server Mobile Report Publisher to deliver reports that scale to any screen size. This lets viewers consume reports on their mobile devices. To learn more, see [SQL Server Reporting Services (SSRS): Create, deploy, and manage mobile and paginated reports](/sql/reporting-services/create-deploy-and-manage-mobile-and-paginated-reports).
-
-### Use PerformancePoint Services (on-premises)
-
-PerformancePoint Server 2007 was sold separately from SharePoint Server 2007. Beginning with SharePoint Server 2010, PerformancePoint Services is a service application in SharePoint Server. So, you don't have to purchase separate server licenses or hardware to use PerformancePoint Services.
-
-To move from PerformancePoint Server 2007 to PerformancePoint Services, you move to a more recent version of SharePoint Server and configure PerformancePoint Services. The version of SharePoint Server that you move to determines whether you can import your existing dashboard content from PerformancePoint Server 2007 to PerformancePoint Services.
-
-- If you upgrade to SharePoint Server 2010, you can import your PerformancePoint dashboard content from PerformancePoint Server 2007 to PerformancePoint Services in SharePoint Server 2010. To learn more, see [Import Wizard: PerformancePoint Server 2007 content to SharePoint Server 2010](/previous-versions/office/sharepoint-server-2010/ee681485(v=office.14)).
-
-- If you move to SharePoint Server 2013 or SharePoint Server 2016, you'll most likely need to create new dashboard content (data sources, reports, scorecards, and dashboard pages).
-
-To get started on your PerformancePoint Services upgrade plan, see the following resources:
-
-- [SharePoint Server 2007 end of support Roadmap](sharepoint-2007-end-of-support.md)
-
-- When you know which version of SharePoint you're moving to, see the corresponding article for PerformancePoint
-
- - [Plan for PerformancePoint Services (SharePoint Server 2010)](/previous-versions/office/sharepoint-server-2010/ee681486(v=office.14))
-
- - [PerformancePoint Services in SharePoint Server 2013 overview](/sharepoint/administration/performancepoint-services-overview)
-
- - [PerformancePoint Services in SharePoint Server 2016 overview](/sharepoint/administration/performancepoint-services-overview)
-
-When you upgrade to PerformancePoint Services, you get several new features and enhancements. PerformancePoint Services offers improved scorecards; new visualizations, such as the Decomposition Tree and KPI Details report; more chart types; better Time Intelligence filtering capabilities; and improved accessibility compliance. To learn more, see [What's new for PerformancePoint Services (SharePoint Server 2010)](/previous-versions/office/sharepoint-server-2010/ee661741(v=office.14)).
-
-## Where can I get help with my upgrade?
-
-Whether you upgrade on-premises or move to Microsoft 365, we recommend that you work with a Microsoft partner. A qualified partner can help you identify the solution that best meets your business needs and help with your deployment. Visit the [Microsoft Partner Center](https://go.microsoft.com/fwlink/?linkid=841249), and use the search filters to find a solution provider.
-
-## Related topics
-
-[Resources to help you upgrade from Office 2007 servers and clients](upgrade-from-office-2007-servers-and-products.md)
enterprise Project Server 2007 End Of Support https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/project-server-2007-end-of-support.md
- Title: Project Server 2007 end of support roadmap--- Previously updated : 1/31/2018----- scotvorg-- Ent_O365-- CSH--- MET150-- ZPJ120-- PJU120-- PJW120
-description: On October 10, 2017, support ended for Project Server 2007, Project Portfolio Server, and Project 2007. Use this article to plan your upgrade now.
--
-# Project Server 2007 end of support roadmap
-
-*This article applies to both Microsoft 365 Enterprise and Office 365 Enterprise.*
-
-Support ended for Office 2007 servers and applications in 2017, and you need to consider plans for migration. If you're currently using Project Server 2007 and related products, note the following end-of-support dates:
-
-|**Product**|**End of support date**|
-|:--|:--|
-|Project Server 2007 <br/> |October 10, 2017 <br/> |
-|Project Portfolio Server 2007 <br/> |October 10, 2017 <br/> |
-|Project 2007 Standard <br/> |October 10, 2017 <br/> |
-|Project 2007 Professional <br/> |October 10, 2017 <br/> |
-
-For more information about Office 2007 servers reaching retirement, see [Upgrade from Office 2007 servers and client products](upgrade-from-office-2007-servers-and-products.md).
-
-## What does *end of support* mean?
-
-Most Microsoft products have a support lifecycle during which they get new features, bug fixes, security fixes, and so on. This lifecycle typically lasts for 10 years from the product's initial release. The end of this lifecycle is known as the product's end of support. Because Project Server 2007 reached its end of support on October 10, 2017, Microsoft no longer provides:
-
-- Technical support for problems that may occur.
-
-- Bug fixes for issues that may impact the stability and usability of the server.
-
-- Security fixes for vulnerabilities that may make the server vulnerable to security breaches.
-
-- Time zone updates.
-
-Your installation of Project Server 2007 will continue to run after this date. But because of the changes listed previously, we strongly recommend that you migrate from Project Server 2007 as soon as practical.
-
-## What are my options?
-
-If you're using Project Server 2007, you need to explore your migration options, which are:
-
-- Migrate to Project Online
-
-- Migrate to a newer on-premises version of Project Server (preferably Project Server 2016)
-
-|**Why would I prefer to migrate to Project Online**|**Why would I prefer to migrate to Project Server 2016**|
-|:--|:--|
-| I have mobile users. <br/> <br/>Costs to migrate are a significant concern (hardware, software, hours, and effort to implement). <br/><br/> After migration, costs to maintain my environment are a major concern (for example, automatic updates, guaranteed uptime, and so on). <br/> | Business rules restrict me from operating my business in the cloud.<br/><br/> I need control of updates to my environment. |
-
-> [!NOTE]
-> For more information about options for moving from your Office 2007 servers, see [Resources to help you upgrade from Office 2007 servers and clients](upgrade-from-office-2007-servers-and-products.md). Note that Project Server doesn't support a hybrid configuration, because Project Server and Project Online can't share the same resource pool.
-
-## Important considerations when you migrate from Project Server 2007
-
-Consider the following when you plan to migrate from Project Server 2007:
-
-- **Get help from a Microsoft Partner** - Upgrading from Project Server 2007 can be challenging and requires much preparation and planning. It might be especially challenging if you weren't the person who set up Project Server 2007 originally. Fortunately, there are Microsoft Partners who can help, whether you plan to migrate to Project Server 2016 or to Project Online. Search for a Microsoft Partner to help with your migration on the [Microsoft Partner Center](https://go.microsoft.com/fwlink/p/?linkid=841249). Search on the term *Gold Project and Portfolio Management* to view a list of all Microsoft Partners who have expertise in Project.
-
-- **Plan for your customizations** - Many of the customizations you made in your Project Server 2007 environment might not work when you migrate to Project Server 2016 or Project Online. There are significant differences in Project Server architecture between versions. The required operating systems, database servers, and client web browsers that are supported also differ. Plan how to test or rebuild your customizations for the new environment. Planning also provides a good opportunity to consider whether each customization is still needed. For more information, see [Create a plan for current customizations during upgrade to SharePoint 2013](/SharePoint/upgrade-and-update/create-a-communication-plan-for-the-upgrade-to-sharepoint-2013).
-
-- **Time and patience** - Upgrade planning, execution, and testing will take time and effort, especially if you upgrade to Project Server 2016. For example, if you migrate from Project Server 2007 to Project Server 2016, you first need to migrate to Project Server 2010, check your data, and then do the same thing when you migrate to each successive version. You might want to check with a Microsoft Partner to get estimates of how long it will take and what it will cost.
-
-## Migrate to Project Online
-
-If you choose to migrate from Project Server 2007 to Project Online, you can do the following to manually migrate your project plan data:
-
-1. Save your project plans from Project Server 2003 to .mpp format.
-
-2. In Project Professional 2013, Project Professional 2016, or the Project Online Desktop Client, open each .mpp file, and then save and publish it to Project Online.
-
-You can manually create your Microsoft Project Web App (PWA) configuration in Project Online. For example, recreate any needed custom fields or enterprise calendars. Microsoft Partners can also help with this process.
-
-Key resources:
-
-|**Resource**|**Description**|
-|:--|:--|
-|[Get started with Project Online](https://support.office.com/article/e3e5f64f-ada5-4f9d-a578-130b2d4e5f11) <br/> |How to set up and use Project Online <br/> |
-|[Project Online Service Descriptions](/office365/servicedescriptions/project-online-service-description/project-online-service-description) <br/> |Information about the different Project Online plans that are available to you <br/> |
-
-## Migrate to a newer on-premises version of Project Server
-
-We strongly believe that you get the best value and user experience by migrating to Project Online. But we also understand that some organizations need to keep project data in an on-premises environment. If you choose to keep your project data on-premises, you can migrate your Project Server 2007 environment to Project Server 2010, Project Server 2013, or Project Server 2016.
-
-If you can't migrate to Project Online, we recommend that you migrate to Project Server 2016. Project Server 2016 includes all the features of previous releases of Project Server. It most closely matches the experience available with Project Online, although some features are available only in Project Online.
-
-After each migration, you should check that your data migrated successfully.
-
-> [!NOTE]
->
-
-### How do I migrate to Project Server 2016?
-
-Architectural differences between Project Server 2007 and Project Server 2016 prevent a direct migration path. So you have to migrate your Project Server 2007 data to each successive version of Project Server until you reach Project Server 2016.
-
-Follow these steps to Project Server 2016:
-
-1. Migrate from Project Server 2007 to Project Server 2010.
-
-2. Migrate from Project Serve 2010 to Project Server 2013.
-
-3. Migrate from Project Server 2013 to Project Server 2016.
-
-After each migration, make sure that your data migrated successfully.
-
-### Step 1: Migrate from Project Server 2007 to Project Server 2010
-
-For a comprehensive description of what you need to do to upgrade from Project Server 2007 to Project Server 2010, see [Upgrade to Project Server 2010](/previous-versions/office/project-server-2010/gg502590(v=office.14)).
-
-Key resources:
-
-|**Resource**|**Description**|
-|:--|:--|
-|[Project Server 2010 upgrade overview](/previous-versions/office/project-server-2010/ee662496(v=office.14)) <br/> |A high-level view of what you need to do to upgrade from Project Server 2007 to Project Server 2010 <br/> |
-|[Plan to Upgrade to Project Server 2010](/previous-versions/office/project-server-2010/ff603505(v=office.14)) <br/> |Planning considerations when you upgrade from Project Server 2007 to Project Server 2010, including System Requirements <br/> |
-
-#### How do I upgrade?
-
-For details, see [Upgrade to Project Server 2010](/previous-versions/office/project-server-2010/gg502590(v=office.14)). But it's important to understand that there are two distinct methods you can use to upgrade:
-
-- **Database-attach upgrade:** This method only upgrades the content for your environment, not the configuration settings. It's required if you're upgrading from Office Project Server 2007 deployed on hardware that only supports a 32-bit server operating system. There are two types of database-attach upgrade methods:
-
- - **Database-attach *full upgrade*** - Migrates the project data stored in the Office Project Server 2007 databases, plus the Microsoft Project Web App site data stored in a SharePoint content database.
-
- - **Database-attach *core upgrade*** - Migrates only the project data stored in the Project Server databases.
-
-- **In-place upgrade**: The configuration data for the farm and all content on the farm is upgraded on the existing hardware in a fixed order. When you start the upgrade process, setup takes the entire farm offline. The web sites and Microsoft Project Web App sites are unavailable until the upgrade is finished, and then setup restarts the server. After you begin an in-place upgrade, you can't pause the upgrade or roll back to the previous version. It's best to make a mirrored image of your production environment and do the in-place upgrade to this environment, not in your production environment.
-
-Additional resources:
-
-- [SuperFlow for Microsoft Project Server 2010 Upgrade](/samples/browse/?redirectedfrom=TechNet-Gallery)
-
-- [Migration from Project Server 2007 to Project Server 2010](/samples/browse/?redirectedfrom=TechNet-Gallery)
-
-- [Upgrade considerations for Project Web App Web Parts](/previous-versions/office/project-server-2010/gg314581(v=office.14))
-
-- [Project Software Development Kit (SDK)](/previous-versions/office/developer/office-2010/ms481966(v=office.14))
-
-### Step 2: Migrate to Project Server 2013
-
-After you verify that your data migrated successfully, the next step is to migrate to Project Server 2013.
-
-For a comprehensive description of what you need to do to upgrade from Project Server 2010 to Project Server 2013, see [Upgrade to Project Server 2013](/project/upgrade-to-project-server-2016).
-
-Key resources:
-
-|**Resource**|**Description**|
-|:--|:--|
-|[Overview of the Project Server 2013 upgrade process](/project/upgrade-to-project-server-2016) <br/> |Overview of what you need to do to upgrade from Project Server 2010 to Project Server 2013 <br/> |
-|[Plan to upgrade to Project Server 2013](/project/plan-for-upgrade-to-project-server-2016) <br/> |Planning considerations when you upgrade from Project Server 2010 to Project Server 2013, including System Requirements <br/> |
-
-#### Things to know about upgrading to this version
-
-[What's new in Project Server 2013 upgrade](/project/what-s-new-in-project-server-2013-upgrade) describes important changes for upgrade for this version. The most notable are:
-
-- There's no in-place upgrade to Project Server 2013. The database-attach method is the only supported method for upgrading from Project Server 2010 to Project Server 2013.
-
-- The upgrade process will not only convert your Project Server 2010 data to Project Server 2013 format but will also consolidate the four Project Server 2010 databases into a single Project Web App database.
-
-- In the 2013 versions, both SharePoint Server and Project Server changed to claims-based authentication. If you're using classic authentication, you need to consider this factor for your upgrade. For more information, see [Migrate from classic-mode to claims-based authentication in SharePoint 2013](/sharepoint/security-for-sharepoint-server/security-for-sharepoint-server).
-
-Additional resources:
-
-- [Overview of the upgrade process to Project Server 2013](/project/overview-of-the-project-server-2016-upgrade-process)
-
-- [Upgrade your databases and Project Web App site collections (Project Server 2013)](/project/upgrading-to-project-server-2016)
-
-- [Microsoft Project Server upgrade process diagram](https://go.microsoft.com/fwlink/p/?linkid=841270)
-
-- [The Great Database Consolidation, Project Server 2010 to 2013 Migration in 8 Easy Steps](https://go.microsoft.com/fwlink/p/?linkid=841271)
-
-### Step 3: Migrate to Project Server 2016
-
-After you verify that your data migrated successfully, the next step is to migrate to Project Server 2016.
-
-For a comprehensive description of what you need to do to upgrade from Project Server 2013 to Project Server 2016, see [Upgrade to Project Server 2016](/project/upgrading-to-project-server-2016).
-
-Key resources:
-
-|**Resource**|**Description**|
-|:--|:--|
-|[Overview of the Project Server 2016 upgrade process](/previous-versions/office/project-server-2010/ee662104(v=office.14)) <br/> |Overview of what you need to do to upgrade from Project Server 2013 to Project Server 2016 <br/> |
-|[Plan for upgrade to Project Server 2016](/project/plan-for-upgrade-to-project-server-2016) <br/> |Planning considerations you upgrade from Project Server 2013 to Project Server 2016 <br/> |
-
-#### Things to know about upgrading to this version
-
-[Things you need to know about Project Server 2016 upgrade](/project/plan-for-upgrade-to-project-server-2016) tells you some important changes for upgrade for this version, which include:
-
-- When you create your Project Server 2016 environment to which you'll migrate your Project Server 2013 data, the Project Server 2016 installation files are included in SharePoint Server 2016. For more information, see [Deploy Project Server 2016](/project/deploy-project-server-2016).
-
-- Resource plans are deprecated in Project Server 2016. Your Project Server 2013 resource plans will be migrated to Resource Engagements in Project Server 2016 and in Project Online. See [Overview: Resource engagements](https://support.office.com/article/73eefb5a-81fe-42bf-980e-9532b1bdc870) for more information.
-
-## Migrate from Portfolio Server 2007
-
-Project Portfolio Server 2007 was used with Project Server 2007 for portfolio strategy, prioritization, and optimization. No additional versions of Project Portfolio Server were created after this version. However, portfolio management features are available in Project Server 2016 and the Premium version of Project Online. But data from Project Portfolio Server 2007 can't be migrated to either. Data such as business drivers will have to be recreated.
-
-Other resources:
-
-- [Project Online Service Descriptions:](/office365/servicedescriptions/project-online-service-description/project-online-service-description) See the portfolio management features that are included with Project Server 2016 and Project Online Premium.
-
-- [Microsoft Office Project Portfolio Server 2007 migration guide.](https://go.microsoft.com/fwlink/p/?linkid=841279)
-
-## Related topics
-
-[SharePoint Server 2007 end of support Roadmap](sharepoint-2007-end-of-support.md)
-
-[Resources to help you upgrade from Office 2007 servers and clients](upgrade-from-office-2007-servers-and-products.md)
enterprise Project Server 2010 End Of Support https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/project-server-2010-end-of-support.md
- Title: "Project Server 2010 end-of-support roadmap"--- Previously updated : 04/14/2020----- CSH--- MET150-- ZPJ120-- PJU120-- PJW120
-description: "Support ends for Project Server 2010 ends on April 13, 2021. Use this article as a guide to upgrade to Project Online or a newer version of Project Server on-premises."
--
-# Project Server 2010 end of support roadmap
-
-*This article applies to both Microsoft 365 Enterprise and Office 365 Enterprise.*
-
-Project Server 2010 will reach end of support on **April 13, 2021**. This date was extended from the previous end-of-support date of October 13, 2020. If you're currently using Project Server 2010, note that these related products have the following end-of-support dates:
-
-|Product |End of support date|
-|||
-|Project 2010 Standard|October 13, 2020|
-|Project 2010 Professional|October 13, 2020|
-
-For more information about reaching end of support, see [Upgrade from Office 2010 servers and client products](plan-upgrade-previous-versions-office.md).
-
-## What does *end of support* mean?
-
-Almost all Microsoft products have a support lifecycle, during which they get new features, bug fixes, and security updates. This lifecycle typically lasts for 10 years from the product's initial release. The end of this lifecycle is known as the product's end of support. After Project Server 2010 reaches its end of support on April 13, 2021, Microsoft will no longer provide:
--- Technical support for problems that may occur.--- Bug fixes for issues that are discovered and that may impact the stability and usability of the server.--- Security fixes for vulnerabilities that are discovered and that may make the server vulnerable to security breaches.--- Time zone updates.-
-Your installation of Project Server 2010 will continue to run after this date. But, because of the changes listed previously, we strongly recommend that you migrate from Project Server 2010 as soon as possible.
-
-## What are my options?
-
-Your migration options are:
--- Migrate to Project Online--- Migrate to a newer on-premises version of Project Server (preferably Project Server 2019)-
-Here are the two paths you can take to avoid the end of support for Project Server 2010.
-
-![Project Server 2010 upgrade paths.](../media/project-server-2010-end-of-support/project-server-2010-end-of-support-timeline.png)
-
-|Why would I prefer to migrate to Project Server 2019?|Why would I prefer to migrate to Project Online?|
-|||
-|Business rules restrict me from operating my business in the cloud. <br/><br/> I need control of updates to my environment.|I have mobile or remote users.<br/><br/> Costs to migrate on-premises servers are a significant concern (hardware, software, time and effort to implement, and so on.). <br/><br/> After migration, costs to maintain my environment are a concern (for example, automatic updates, guaranteed uptime, and so on).|
-
-> [!NOTE]
-> For more information about your migration options, see [Resources to help you upgrade from Office 2010 servers and clients](upgrade-from-office-2010-servers-and-products.md). Note that Project Server doesn't support hybrid configuration because Project Server and Project Online can't share the same resource pool.
-
-### What are my options for Project client?
-
-If you're using Project Professional 2010 or Project Standard 2010, your options are:
--- Move to a newer version of Project Professional or Project Standard-- Move to an online solution, such as Project Online or Project for the web-
-#### Move to a newer version of Project client
-
-If you're migrating from Project Standard 2010, you can move to a newer version of Project Standard (Project Standard 2016 or Project Standard 2019). We recommend you move to the newest version to take advantage of the latest features. Migrating to a less-current version (Project Standard 2016) also means you'll need to migrate again sooner.
-
-Similarly, if you're migrating from Project Professional 2010, you can move to a newer version (Project Professional 2019 or Project Professional 2016). Again, move to the newest version if possible. If you use Project Professional to connect to Project Server, make sure you migrate to a version of Project Professional that connects with the version of Project Server that you use.
-
-Project Professional 2010 users can also migrate to the Project Online Desktop client, which is a subscription-based version of Project Professional 2019. It's included in Project Plan 3 and Project Plan 5 subscriptions.
-
-#### Move to an online solution
-
-You can also migrate from Project Professional 2010 or Project Standard 2010 to a Project subscription-based online solution. Both Project Plan 3 and Plan 5 include Project Online and the latest cloud offering, [Project for the web](https://support.office.com/article/what-can-you-do-with-project-for-the-web-b30f5442-be5f-43d2-9072-c95bff778ea1). Both offer new features and benefits that are worth exploring.
-
-For more information about features and licenses, see [Microsoft Project service description](/office365/servicedescriptions/project-online-service-description/project-online-service-description).
-
-## Important considerations for migrating from Project Server 2010
-
-Consider the following when you plan to migrate from Project Server 2010:
--- **Get help from a Microsoft solution provider** - An upgrade from Project Server 2010 can be a challenge. It requires much preparation and planning. It can be especially challenging if you weren't the person who originally set up Project Server 2010. Microsoft solution providers are available to help, whether you plan to migrate to Project Server 2019 or to Project Online. Search for a solution provider in the [Microsoft solution provider center](https://go.microsoft.com/fwlink/p/?linkid=841249).--- **Plan for your customizations** - Customizations in your Project Server 2010 environment might not work when you migrate to Project Server 2019 or Project Online. There are significant differences in Project Server architecture between versions. Also, the required operating systems, database servers, and web browsers that work with the versions differ. Have a plan on how to test or rebuild your customizations in the new environment. Take this opportunity to determine if specific customizations are still needed. For more information, see [Create a plan for current customizations during upgrade to SharePoint 2013](/SharePoint/upgrade-and-update/create-a-plan-for-current-customizations-during-upgrade-to-sharepoint-2013).--- **Time and patience** - Upgrade planning, execution, and testing will take considerable time and effort, especially for an upgrade to Project Server 2019. If you're migrating from Project Server 2010 to Project Server 2019, you must first migrate to Project Server 2013, check your data, then migrate to Project Server 2016, and then to Project Server 2019. You might want to check with a Microsoft solution provider for a time frame and estimated cost for them to assist.-
-## Migrate to Project Online
-
-If you choose to migrate from Project Server 2010 to Project Online, you can follow these steps to manually migrate your project plan data:
-
-1. Save your project plans from Project Server 2010 to .mpp format.
-
-2. Using Project Professional 2016, Project Professional 2019, or the Project Online Desktop Client, open each .mpp file, and then save and publish it to Project Online.
-
-You can manually create your PWA configuration in Project Online (for example, recreate any needed custom fields or enterprise calendars). Microsoft solution providers can also help with this process.
-
-Key resources:
-
-|Resource|Description|
-|||
-|[Get started with Project Online](https://support.office.com/article/e3e5f64f-ada5-4f9d-a578-130b2d4e5f11)|How to set up and use Project Online|
-|[Project Online Service Description](/office365/servicedescriptions/project-online-service-description/project-online-service-description)|Information about the different Project Online plans available|
-
-## Migrate to a newer on-premises version of Project Server
-
-We strongly believe that you get the best value and user experience by migrating to Project Online. But we also understand some organizations need to keep project data on-premises. If you choose to keep your project data on-premises, you can migrate your Project Server 2010 environment to Project Server 2013, Project Server 2016, or Project Server 2019.
-
-If you can't migrate to Project Online, we recommend that you migrate to Project Server 2019. Project Server 2019 includes most of the key features in previous releases of Project Server. And it most closely matches the experience available with Project Online, although some features are available only in Project Online.
-
-After you complete each migration, make sure that your data migrated successfully.
-
-> [!NOTE]
-> If you're limited to an on-premises solution and considering only migrating to Project Server 2013, beware that this version only has a few more years of support left. The end of support date for Project Server 2013 with Service Pack 2 October 13, 2023. For more information about end-of-support dates, see [Microsoft Product Lifecycle Policy](/lifecycle/).
-
-### How do I migrate to Project Server 2019?
-
-The architectural differences between Project Server 2010 and Project Server 2019 prevent a direct migration path. So you'll need to migrate your Project Server 2010 data to each successive version of Project Server until you reach Project Server 2019. Steps to upgrade Project Server 2010 to Project Server 2019:
-
-1. Migrate to Project Server 2013.
-
-2. Migrate from Project Serve 2013 to Project Server 2016.
-
-3. Migrate from Project Server 2016 to Project Server 2019.
-
-After you complete each migration, make sure that your data migrated successfully.
-
-### Step 1: Migrate to Project Server 2013
-
-For a comprehensive information about upgrading from Project Server 2010 to Project Server 2013, see [Upgrade to Project Server 2013](/project/upgrade-to-project-server-2016).
-
-Key resources:
--- [Overview of the Project Server 2013 upgrade process](/project/upgrade-to-project-server-2016)-
- Get a high-level overview of how to upgrade from Project Server 2010 to Project Server 2013.
-- [Plan to upgrade to Project Server 2013](/project/plan-for-upgrade-to-project-server-2016)-
- Look at planning considerations when upgrading from Project Server 2010 to Project Server 2013, including system requirements.
--- [What's new in Project Server 2013 upgrade](/project/what-s-new-in-project-server-2013-upgrade) covers important changes for this version, including:-
- - There's no in-place upgrade to Project Server 2013. The database-attach method is the only supported way to upgrade from Project Server 2010 to Project Server 2013.
-
- - The upgrade process will not only convert your Project Server 2010 data to Project Server 2013 format but will also consolidate the four Project Server 2010 databases into a single Project Web App database.
-
- - Both SharePoint Server 2013 and Project Server 2013 changed to claims-based authentication from the previous version. If you're using classic authentication, you'll need to consider this when you upgrade. For more information, see [Migrate from classic-mode to claims-based authentication in SharePoint 2013](/sharepoint/upgrade-and-update/migrate-from-classic-mode-to-claims-based-authentication-in-sharepoint-2013).
-
-Key resources:
--- [Overview of the upgrade process to Project Server 2013](/project/overview-of-the-project-server-2016-upgrade-process)--- [Upgrade your databases and Project Web App site collections (Project Server 2013)](/project/upgrading-to-project-server-2016)--- [Microsoft Project Server upgrade process diagram](https://go.microsoft.com/fwlink/p/?linkid=841270)--- [The Great Database Consolidation, Project Server 2010 to 2013 Migration in 8 Easy Steps](https://go.microsoft.com/fwlink/p/?linkid=841271)-
-### Step 2: Migrate to Project Server 2016
-
-After you move to Project Server 2013 and verify that your data has migrated successfully, the next step is to migrate to Project Server 2016.
-
-For more information, see [Upgrade to Project Server 2016](/Project/upgrade-to-project-server-2016).
-
-Key resources:
--- [Overview of the Project Server 2016 upgrade process](/Project/overview-of-the-project-server-2016-upgrade-process)-
- Understand what you need to do to upgrade from Project Server 2013 to Project Server 2016.
--- [Plan for upgrade to Project Server 2016](/Project/plan-for-upgrade-to-project-server-2016)-
- Look at the planning considerations to make when upgrading from Project Server 2013 to Project Server 2016.
-
-[Things you need to know about Project Server 2016 upgrade](/project/plan-for-upgrade-to-project-server-2016#thingknow) covers important changes for upgrading to this version, which include:
--- When you create your Project Server 2016 environment, note that the Project Server 2016 installation files are included in SharePoint Server 2016. For more information, see [Deploy Project Server 2016](/project/deploy-project-server-2016).--- Resource plans are deprecated in Project Server 2016. Your Project Server 2013 resource plans will be migrated to Resource Engagements in Project Server 2016 and in Project Online. See [Overview: Resource engagements](https://support.office.com/article/73eefb5a-81fe-42bf-980e-9532b1bdc870) for more information.-
-### Step 3: Migrate to Project Server 2019
-
-After you migrate to Project Server 2016 and verify that your data migrated successfully, the next step is to migrate your data to Project Server 2019.
-
-To learn what you need to do to upgrade from Project Server 2016 to Project Server 2019, see [Upgrade to Project Server 2019](/Project/upgrade-to-project-server-2016).
-
-Key resources:
--- [Overview of the Project Server 2019 upgrade process](/project/overview-of-the-project-server-2019-upgrade-process)-
- Get a high-level understanding of what you need to do to upgrade from Project Server 2013 to Project Server 2016.
--- [Plan for upgrade to Project Server 2019](/project/plan-for-upgrade-to-project-server-2019)-
- Look at planning considerations for upgrading from Project Server 2016 to Project Server 2019.
--- [Things you need to know about Project Server 2019 upgrade](/project/plan-for-upgrade-to-project-server-2016)<br/><br/>Learn about important changes for upgrading to this version, which include:-
- - The upgrade process will migrate your data from your Project Server 2016 database to the SharePoint Server 2019 Content database. Project Server 2019 will no longer create its own Project Server database in the SharePoint Server farm.
-
- - After the upgrade, be aware of several changes in Project Web App. For details, see [What's new in Project Server 2019](/project/what-s-new-for-it-pros-in-project-server-2019#PWAChanges).
-
-**Other resources**:
--- [Project Online Service Descriptions](/office365/servicedescriptions/project-online-service-description/project-online-service-description): See the portfolio management features included with Project Server 2016 and Project Online Premium.--- [Microsoft Office Project Portfolio Server 2010 migration guide](https://go.microsoft.com/fwlink/p/?linkid=841279)-
-## Summary of options for Office 2010 client and servers and Windows 7
-
-For a visual summary of the upgrade, migrate, and move-to-the-cloud options for Office 2010 clients and servers and Windows 7, see the [end of support poster](https://download.microsoft.com/download/2/7/d/27da4118-32ae-4ffe-90d8-a61e7c895ba0/Office2010Windows7EndOfSupport.pdf).
-
-[![End of support for Office 2010 clients and servers and Windows 7 poster.](../media/upgrade-from-office-2010-servers-and-products/office2010-windows7-end-of-support.png)](https://download.microsoft.com/download/2/7/d/27da4118-32ae-4ffe-90d8-a61e7c895ba0/Office2010Windows7EndOfSupport.pdf)
-
-This poster illustrates the various paths you can take to avoid end of support for Office 2010 client and server products and Windows 7, with preferred paths and option support in Microsoft 365 Enterprise highlighted.
-
-You can also [download](https://download.microsoft.com/download/2/7/d/27da4118-32ae-4ffe-90d8-a61e7c895ba0/Office2010Windows7EndOfSupport.pdf) this poster and print it in letter, legal, or tabloid (11 x 17) format.
-
-## Related topics
-
-[Upgrading from SharePoint 2010](upgrade-from-sharepoint-2010.md)
-
-[Upgrade from Office 2010 servers and clients](upgrade-from-office-2010-servers-and-products.md)
enterprise Project Server 2013 End Of Support https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/project-server-2013-end-of-support.md
- Title: "Project Server 2013 end-of-support roadmap"--- Previously updated : 10/11/2021----- CSH--- MET150
-description: "Support ends for Project Server 2013 on April 11, 2023. Use this article as a guide to upgrade to Project Online or a newer version of Project Server on-premises."
--
-# Project Server 2013 end of support roadmap
-
-Project Server 2013 will reach end of support on **April 11, 2023**. If you're currently using Project Server 2013, note that Project 2013 desktop app also has the same end-of-support dates.
-
-## What does *end of support* mean?
-
-Almost all Microsoft products have a support lifecycle, during which they get new features, bug fixes, and security updates. This lifecycle typically lasts for 10 years from the product's initial release. The end of this lifecycle is known as the product's end of support. After Project Server 2013 reaches its end of support on April 11, 2023, Microsoft will no longer provide:
--- Technical support for problems that may occur.--- Bug fixes for issues that are discovered and that may impact the stability and usability of the server.--- Security fixes for vulnerabilities that are discovered and that may make the server vulnerable to security breaches.--- Time zone updates.-
-Your installation of Project Server 2013 will continue to run after this date. But, because of the changes listed previously, we strongly recommend that you migrate from Project Server 2013 as soon as possible.
-
-## What are my options?
-
-Your migration options are:
--- Migrate to Project Online--- Migrate to a newer on-premises version of Project Server (preferably Project Server Subscription Edition)-
-|Why would I prefer to migrate to Project Server 2019?|Why would I prefer to migrate to Project Online?|
-|||
-|Business rules restrict me from operating my business in the cloud. <br/><br/> I need control of updates to my environment.|I have mobile or remote users.<br/><br/> Costs to migrate on-premises servers are a significant concern (hardware, software, time and effort to implement, and so on.). <br/><br/> After migration, costs to maintain my environment are a concern (for example, automatic updates, guaranteed uptime, and so on).|
-
-> [!NOTE]
-> Project Server doesn't support hybrid configuration because Project Server and Project Online can't share the same resource pool.
-
-## Important considerations for migrating from Project Server 2013
-
-Consider the following when you plan to migrate from Project Server 2013:
--- **Get help from a Microsoft solution provider** - An upgrade from Project Server 2013 can be a challenge. It requires much preparation and planning. It can be especially challenging if you weren't the person who originally set up Project Server 2013. Microsoft solution providers are available to help, whether you plan to migrate to Project Server Subscription Edition or to Project Online. Search for a solution provider in the [Microsoft solution provider center](https://go.microsoft.com/fwlink/p/?linkid=841249).--- **Time and patience** - Upgrade planning, execution, and testing will take considerable time and effort, especially for an upgrade to Project Server Subscription Edition. If you're migrating from Project Server 2013 to Project Server Subscription Edition, you must first migrate to Project Server 2016, check your data, and then to Project Server Subscription Edition. You might want to check with a Microsoft solution provider for a time frame and estimated cost for them to assist.-
-## Migrate to Project Online
-
-If you choose to migrate from Project Server 2013 to Project Online, you can follow these steps to manually migrate your project plan data:
-
-1. Save your project plans from Project Server 2013 to .mpp format.
-
-2. Using Project Professional 2016, Project Professional 2019, or the Project Online Desktop Client, open each .mpp file, and then save and publish it to Project Online.
-
-You can manually create your PWA configuration in Project Online (for example, recreate any needed custom fields or enterprise calendars). Microsoft solution providers can also help with this process.
-
-Key resources:
-
-|Resource|Description|
-|||
-|[Get started with Project Online](https://support.office.com/article/e3e5f64f-ada5-4f9d-a578-130b2d4e5f11)|How to set up and use Project Online|
-|[Project Online Service Description](/office365/servicedescriptions/project-online-service-description/project-online-service-description)|Information about the different Project Online plans available|
-
-## Migrate to a newer on-premises version of Project Server
-
-We strongly believe that you get the best value and user experience by migrating to Project Online. But we also understand some organizations need to keep project data on-premises. If you choose to keep your project data on-premises, you can migrate your Project Server 2013 environment to Project Server 2016, Project Server 2019, or Project Server Subscription Edition.
-
-If you can't migrate to Project Online, we recommend that you migrate to Project Server Subscription Edition which includes most of the key features in previous releases of Project Server. And it most closely matches the experience available with Project Online, although some features are available only in Project Online. Additional factors to consider are:
--- Project Server Subscription Edition introduces a continuous update model that eliminates the need to release new major versions of Project Server going forward.-- Both Project Server 2016 and 2019 will reach end of support on July 14, 2026. If you migrate to either version, you will need to plan for another upgrade within three years. For more information, see the support lifecycle pages for both [2016](/lifecycle/products/project-server-2016) and [2019](/lifecycle/products/project-server-2019).-
-After you complete each migration, make sure that your data migrated successfully.
-
-### How do I migrate to Project Server Subscription Edition?
-
-The architectural differences between Project Server 2013 and Project Server Subscription Edition prevent a direct migration path. So you'll need to migrate your Project Server 2013 data first to Project Server 2016, and then to Project Server Subscription Edition.
-
-1. Migrate to Project Server 2016.
-
-2. Migrate from Project Server 2016 to Project Server Subscription Edition.
-
-After you complete each migration, make sure that your data migrated successfully.
-
-### Step 1: Migrate to Project Server 2016
-
-For a comprehensive information about upgrading from Project Server 2013 to Project Server 2016, see [Upgrade to Project Server 2016](/project/upgrade-to-project-server-2016).
-
-Key resources:
--- [Overview of the Project Server 2016 upgrade process](/project/upgrade-to-project-server-2016): Get a high-level overview of how to upgrade from Project Server 2013 to Project Server 2016.-- [Plan to upgrade to Project Server 2016](/project/plan-for-upgrade-to-project-server-2016): Look at planning considerations when upgrading from Project Server 2013 to Project Server 2016, including system requirements.-- [Upgrading to Project Server 2016](/project/upgrading-to-project-server-2016): See the detailed instructions on the upgrade process.-
-### Step 2: Migrate to Project Server Subscription Edition
-
-After you move to Project Server 2016 and verify that your data has migrated successfully, the next step is to migrate to Project Server Subscription Edition.
-
-For more information, see [Upgrade to Project Server Subscription Edition](/project/upgrade-project-server-subscription-edition).
-
-Key resources:
--- [Overview of the Project Server Subscription Edition upgrade process](/project/overview-project-server-subscription-edition-upgrade-process): Understand what you need to do to upgrade from Project Server 2013 to Project Server 2016.-- [Plan for upgrade to Project Server Subscription Edition](/Project/plan-upgrade-project-server-subscription-edition): Look at the planning considerations to make when upgrading from Project Server 2013 to Project Server 2016.-- [Upgrading to Project Server Subscription Edition](/project/how-to-upgrade-project-server-subscription-edition): See the detailed instructions on the upgrade process.--
enterprise Sharepoint 2007 End Of Support https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/sharepoint-2007-end-of-support.md
- Title: SharePoint Server 2007 end of support roadmap--- Previously updated : 01/28/2019--- CSH--- 'vsemail'-- 'MS_WSS_DirectoryManagement'-- 'MS_WSS_ConfigEmail'-- 'globalemailconfig'-- 'configssc'-- 'AppDefToBDC'-- seo-marvel-apr2020---- scotvorg-- Ent_O365-- SPO_Content-- MET150-- OFU120-- SPS150-- OSU140-- WSU120-- OSR120-- SPO160-- PJW120-- SPB160-- OSI150-- OSI160-- BSA160-- OSU160
-description: Support for SharePoint Server 2007 ended in October 2017. In this article, learn about your upgrade, migration, and support options.
--
-# SharePoint Server 2007 end of support roadmap
-
-*This article applies to both Microsoft 365 Enterprise and Office 365 Enterprise.*
-
-On **October 10, 2017**, Microsoft Office SharePoint Server 2007 reached end of support. If you haven't migrated from SharePoint Server 2007 to Microsoft 365 or a newer version of SharePoint Server on-premises, now's the time to start planning. This article provides resources to help you migrate data to SharePoint Online or upgrade your SharePoint Server on-premises.
-
-## What does *end of support* mean?
-
-SharePoint Server, like most Microsoft products, has a support lifecycle, during which Microsoft provides new features, bug fixes, security fixes, and so on. This lifecycle typically lasts for 10 years from the product's initial release. The end of this lifecycle is known as the product's end of support. After the end of support, Microsoft no longer provides:
-
-- Technical support for problems that may occur.
-
-- Bug fixes for issues that may impact the stability and usability of the server.
-
-- Security fixes for vulnerabilities that may make the server vulnerable to security breaches.
-
-- Time zone updates.
-
-Your SharePoint Server 2007 farm will still be operational after October 10, 2017, but no further updates, patches, or fixes will be released for the product, including security patches/fixes. Microsoft Support has fully shifted its support efforts to more-recent versions of the product. Because your installation is no longer supported or patched, you should upgrade the product or migrate important data.
-
-> [!TIP]
-> If you haven't already planned for upgrade or migration, see: [SharePoint 2007 migration options to consider](sharepoint-2007-migration-options.md) for some examples of where to begin. You can also search for [Microsoft Partners](https://go.microsoft.com/fwlink/?linkid=841249) who can help with upgrade or Microsoft 365 migration (or both).
-
-For more information about Office 2007 servers and the end of support, see [Resources to help you upgrade from Office 2007 servers and clients](upgrade-from-office-2007-servers-and-products.md).
-
-## What are my options?
-
-Your first stop should be the [Product Lifecycle site](/lifecycle/products/?alpha=Microsoft+Office+SharePoint+Server+2007). If you have an on-premises Microsoft product that's aging, check its end of support date so that you have a year or so to schedule an upgrade or migration. When you choose the next step, consider what product features would be good enough, better, and best. Here's an example:
-
-|**Good**|**Better**|**Best**|
-|:--|:--|:--|
-|SharePoint Server 2010 <br/> |SharePoint Server 2013 <br/> |SharePoint Online <br/> |
-||SharePoint Hybrid <br/> |SharePoint Server 2016 <br/> |
-| | |SharePoint Hybrid <br/> |
-
-If you choose a "good enough" option, you'll soon need to begin planning for another upgrade after migration from SharePoint Server 2007 is completed.
-
->[!NOTE]
->End-of-support dates are subject to change. Check the [Product Lifecycle site](https://support.microsoft.com/lifecycle).
-
-## Where can I go next?
-
-SharePoint Server can be installed on-premises on your own servers. Or you can use SharePoint Online, which is an online service that's part of Microsoft 365. Your options are:
-
-- Migrate to SharePoint Online.
-
-- Upgrade SharePoint Server on-premises.
-
-- Do both of the above.
-
-- Implement a [SharePoint hybrid](https://support.office.com/article/4c89a95a-a58c-4fc1-974a-389d4f195383.aspx) solution.
-
-Be aware of hidden costs associated with maintaining a server farm, maintaining or migrating customizations, and upgrading the hardware that SharePoint Server needs. Having an on-premises SharePoint Server farm is rewarding if it's necessary. But if you run your farm on legacy SharePoint Servers without heavy customization, you can benefit from migration to SharePoint Online.
-
-> [!IMPORTANT]
-> There's another option if the content in SharePoint 2007 is infrequently used. Some SharePoint Administrators choose to create a Microsoft 365 subscription, set up a new SharePoint Online site, and then cut away from SharePoint 2007 cleanly, taking only essential documents to the fresh SharePoint Online sites. Data can then be drained from the SharePoint 2007 site into archives. Consider how your users work with data from your SharePoint 2007 installation. There may be creative ways to manage your needs.
-
-|**SharePoint Online (SPO)**|**SharePoint Server on-premises**|
-|:--|:--|
-|High cost in time (plan / execution/verification) <br/> |High cost in time (plan / execution/verification) <br/> |
-|Lower cost in funds (no hardware purchases) <br/> |Higher cost in funds (hardware + devs/admins) <br/> |
-|One-time cost in migration <br/> |One-time cost repeated per future migration <br/> |
-|Low total cost of ownership/maintenance <br/> |High total cost of ownership/maintenance <br/> |
-
-When you migrate to Microsoft 365, the one-time move will have a heavier cost up-front, while you organize data and decide what to take to the cloud and what to leave behind. But future upgrades will be automatic, and you'll no longer need to manage hardware and software updates. Also, the up time of your farm will be backed by a Microsoft Service Level Agreement ([SLA](/office365/servicedescriptions/office-365-platform-service-description/service-level-agreement)).
-
-### Migrate to SharePoint Online
-
-Make sure that SharePoint Online has all the features you need. See [Microsoft 365 and Office 365 service descriptions](/office365/servicedescriptions/office-365-service-descriptions-technet-library).
-
-You can't migrate directly from SharePoint 2007 to SharePoint Online. Your move to SharePoint Online would be done manually. If you upgrade to SharePoint Server 2013 or SharePoint Server 2016, you might use the SharePoint Migration API (to migrate information into OneDrive for Business, for example).
-
-|**Online pro**|**Online con**|
-|:--|:--|
-|Microsoft supplies SPO hardware and all hardware administration. <br/> |Available features may differ between SharePoint Server on-premises and SPO. <br/> |
-|You're the SharePoint admin or global admin of your subscription and can assign administrators to SPO sites. <br/> |Some actions available to a farm administrator in SharePoint Server on-premises don't exist or aren't necessarily included in the SharePoint Administrator role in Microsoft 365. <br/> |
-|Microsoft applies patches, fixes, and updates to underlying hardware and software. <br/> |Because there's no access to the underlying file system in the service, customization is limited. <br/> |
-|Microsoft publishes [Service level agreements](/office365/servicedescriptions/office-365-platform-service-description/service-level-agreement) and moves quickly to resolve service-level incidents. <br/> |Backup and restore and other recovery options are automated by the service in SharePoint Online. Backups are overwritten if not used. <br/> |
-|Security testing and server performance tuning are carried out on an ongoing basis in the service by Microsoft. <br/> |Changes to the user interface and other SharePoint features are installed by the service and may need to be toggled on or off. <br/> |
-|Microsoft 365 meets many industry standards: [Microsoft compliance offerings](/compliance/regulatory/offering-home). <br/> |[FastTrack](https://www.microsoft.com/fasttrack/microsoft-365) assistance for migration is limited. <br/> Much of the upgrade will be manual or via the SPO Migration API described in the [SharePoint Online and OneDrive Migration Content Roadmap](/sharepointmigration/upload-on-premises-content-to-sharepoint-online-using-powershell-cmdlets). <br/> |
-|Microsoft Support engineers and datacenter employees won't have unrestricted admin access to your subscription. <br/> |There can be additional costs if hardware needs to be upgraded to support the newer version of SharePoint, or if a secondary farm is required for upgrade. <br/> |
-|Partners can assist with the one-time job of migrating your data to SharePoint Online. <br/> ||
-|Online products are updated automatically. Although features may deprecate, there's no true end of support. <br/> ||
-
-If you've decided to create a new Microsoft 365 site and will manually migrate data to it as is needed, check your [Microsoft 365 options](https://www.microsoft.com/microsoft-365/).
-
-### Upgrade SharePoint Server on-premises
-
-There's no way to skip versions in SharePoint Upgrades. Upgrades go serially:
-
-- SharePoint 2007 \> SharePoint Server 2010 \> SharePoint Server 2013 \> SharePoint Server 2016
-
-To go from SharePoint 2007 to SharePoint Server 2016 means a significant investment of time and will involve costs in hardware (SQL servers must also be upgraded), software, and administration. Customizations will need to be upgraded or abandoned.
-
-> [!NOTE]
-> It's possible to maintain your end-of-life SharePoint 2007 farm, install a SharePoint Server 2016 farm on new hardware (so the separate farms run side-by-side), and then plan and execute a manual migration of content (for downloading and re-uploading content, for example). But beware of some of the pitfalls of manual moves, such as moves of documents replacing the last-modified account with the alias of the account doing the manual move. Also consider the work that must be done ahead of time, such as recreating sites, subsites, permissions, and list structures. Consider in advance what data you can move into storage or delete to reduce the impact of migration.
-
-It's important to clean up your environment before you upgrade. Be certain your existing farm is functional before you upgrade, and certainly before you decommission!
-
-Remember to review the *supported and unsupported upgrade paths*:
-
-- [SharePoint Server 2007](/previous-versions/office/sharepoint-2007-products-and-technologies/cc262747(v=office.12))
-
-- [SharePoint Server 2010](/previous-versions/office/sharepoint-2007-products-and-technologies/cc262747(v=office.12))
-
-- [SharePoint Server 2013](/SharePoint/upgrade-and-update/review-supported-editions-and-products-for-upgrading-to-sharepoint-2013)
-
-If you have customizations, it's critical to have a plan for each step in the migration path:
-
-- [SharePoint 2007](/previous-versions/office/sharepoint-2007-products-and-technologies/cc263203(v=office.12))
-
-- [SharePoint Server 2010](/previous-versions/office/sharepoint-server-2010/cc263203(v=office.14))
-
-- [SharePoint Server 2013](/SharePoint/upgrade-and-update/create-a-communication-plan-for-the-upgrade-to-sharepoint-2013)
-
-|**On-premises pro**|**On-premises con**|
-|:--|:--|
-|Full control of all aspects of your SharePoint Farm, from the server hardware up. <br/> |All breaks and fixes are the responsibility of your company (you can engage paid Microsoft Support if your product is not past end of support). <br/> |
-|Full feature set of SharePoint Server on-premises with the option to connect your on-premises farm to a SharePoint Online subscription via hybrid. <br/> |Upgrade, patches, security fixes, and all maintenance of SharePoint Server managed on-premises. <br/> |
-|Full access for greater customization. <br/> |[Microsoft compliance offerings](/compliance/regulatory/offering-home) must be manually configured on-premises. <br/> |
-|Security testing, and server performance tuning is carried out on your premises (under your control). <br/> |Microsoft 365 may make features available to SharePoint Online that don't interoperate with SharePoint Server on-premises. <br/> |
-|Partners can assist with migrating data to the next version of SharePoint Server (and beyond). <br/> |Your SharePoint Server sites won't automatically use [SSL/TLS](/SharePoint/security-for-sharepoint-server/enable-tls-1-1-and-tls-1-2-support-in-sharepoint-server-2016) certificates as is seen in SharePoint Online. <br/> |
-|Full control of naming conventions, back up and restore, and other recovery options in SharePoint Server on-premises. <br/> |SharePoint Server on-premises is sensitive to product lifecycles. <br/> |
-
-### Upgrade resources
-
-Make sure your environment meets hardware and software requirements, and then follow supported upgrade methods.
-
-- **Hardware/software requirements for**:
-
- [SharePoint Server 2010](/previous-versions/office/sharepoint-server-2010/cc262485(v=office.14)) | [SharePoint Server 2010](/previous-versions/office/sharepoint-server-2010/cc262485(v=office.14)) | [SharePoint Server 2013](/sharepoint/install/hardware-software-requirements-2013) | [SharePoint Server 2016](/SharePoint/install/hardware-and-software-requirements)
-
-- **Software boundaries and limits for**:
-
- [SharePoint Server 2007](/previous-versions/office/sharepoint-2007-products-and-technologies/cc262787(v=office.12)) | [SharePoint Server 2010](/previous-versions/office/sharepoint-server-2010/cc262787(v=office.14)) | [SharePoint Server 2013](/SharePoint/install/software-boundaries-and-limits) | [SharePoint Server 2016](/sharepoint/install/software-boundaries-limits-2019)
-
-- **The upgrade process overview for**:
-
- [SharePoint Server 2007](/previous-versions/office/sharepoint-2007-products-and-technologies/cc303420(v=office.12)) | [SharePoint Server 2010](/previous-versions/office/sharepoint-server-2010/cc303420(v=office.14)) | [SharePoint Server 2013](/SharePoint/upgrade-and-update/upgrade-to-sharepoint-server-2016) | [SharePoint Server 2016](/SharePoint/upgrade-and-update/upgrade-to-sharepoint-server-2016)
-
-### Create a SharePoint hybrid solution between SharePoint Online and on-premises
-
-If the answer to your migration needs is somewhere between the self-control offered by on-premises and the lower cost of ownership offered by SharePoint Online, you can connect SharePoint Server 2013 or 2016 farms to SharePoint Online through hybrids. [Learn about SharePoint hybrid solutions](https://support.office.com/article/4c89a95a-a58c-4fc1-974a-389d4f195383.aspx).
-
-If you decide that a hybrid SharePoint Server farm will benefit your business, familiarize yourself with the existing types of hybrids and how to configure the connection between your on-premises SharePoint farm and your Microsoft 365 subscription.
-
-| Option | Description |
-|:--|:--|
-[Microsoft compliance offerings](/compliance/regulatory/offering-home) <br/> |[FastTrack](https://www.microsoft.com/fasttrack/microsoft-365) assistance for migration is limited. <br/> Much of the upgrade will be manual, or via the SPO Migration API described in the [SharePoint Online and OneDrive Migration Content Roadmap](/sharepointmigration/upload-on-premises-content-to-sharepoint-online-using-powershell-cmdlets). <br/> |
-|Microsoft Support engineers and data center employees don't have unrestricted admin access to your subscription.<br/> |There can be additional costs if hardware infrastructure needs to be upgraded to support the newer version of SharePoint, or if a secondary farm is required for upgrade. <br/> |
-|Partners can assist with the one-time job of migrating your data to SharePoint Online. <br/> ||
-|Online products are updated automatically across the service. Though features may deprecate, there's no true end of support.<br/> ||
-
-If you've decided to create a new Microsoft 365 site and will manually migrate data to it as is needed, check your [Microsoft 365 options](https://www.microsoft.com/microsoft-365/).
-
-### Upgrade SharePoint Server on-premises
-
-There's no way to skip versions in SharePoint Upgrades. Upgrades go serially:
-
-- SharePoint 2007 \> SharePoint Server 2010 \> SharePoint Server 2013 \> SharePoint Server 2016
-
-To go from SharePoint 2007 to SharePoint Server 2016 will mean a significant investment of time and will involve costs for hardware (SQL servers must also be upgraded), software, and administration. Customizations will need to be upgraded or abandoned.
-
-> [!NOTE]
-> It's possible to maintain your end-of-life SharePoint 2007 farm, install a SharePoint Server 2016 farm on new hardware (so the separate farms run side-by-side), and then plan and execute a manual migration of content (for downloading and re-uploading content, for example). But beware of potential pitfalls of manual moves, such as moves of documents replacing the last-modified account with the alias of the account doing the manual move, and the work that must be done ahead of time, such as recreating sites, subsites, permissions and list structures. Consider what data you can move into storage or delete to reduce the impact of migration.
-
-Clean your environment prior to upgrade. Be certain your existing farm is functional before you upgrade and certainly before you decommission!
-
-Remember to review the *supported and unsupported upgrade paths*:
-
-- [SharePoint Server 2007](/previous-versions/office/sharepoint-2007-products-and-technologies/cc262747(v=office.12))
-
-- [SharePoint Server 2010](/previous-versions/office/sharepoint-2007-products-and-technologies/cc262747(v=office.12))
-
-- [SharePoint Server 2013](/SharePoint/upgrade-and-update/review-supported-editions-and-products-for-upgrading-to-sharepoint-2013)
-
-If you have *customizations*, it's critical you have a plan your upgrade for each step in the migration path:
-
-- [SharePoint 2007](/previous-versions/office/sharepoint-2007-products-and-technologies/cc263203(v=office.12))
-
-- [SharePoint Server 2010](/previous-versions/office/sharepoint-server-2010/cc263203(v=office.14))
-
-- [SharePoint Server 2013](/SharePoint/upgrade-and-update/create-a-communication-plan-for-the-upgrade-to-sharepoint-2013)
-
-|**On-premises Pro**|**On-premises Con**|
-|:--|:--|
-|Full control of all aspects of your SharePoint Farm, from the server hardware up. <br/> |All breaks and fixes are the responsibility of your company. (You can engage paid Microsoft Support if your product isn't past end of support.) <br/> |
-|Full feature set of SharePoint Server on-premises with the option to connect your on-premises farm to a SharePoint Online subscription via hybrid. <br/> |Upgrade, patches, security fixes, and all maintenance of SharePoint Server managed on-premises. <br/> |
-|Full access for greater customization. <br/> |[Microsoft compliance offerings](/compliance/regulatory/offering-home) must be manually configured on-premises. <br/> |
-|Security testing and server performance tuning are carried out on your premises under your control. <br/> |Microsoft 365 may make features available to SharePoint Online that don't interoperate with SharePoint Server on-premises <br/> |
-|Partners can help migrate data to the next version of SharePoint Server (and beyond). <br/> |Your SharePoint Server sites will not automatically use [SSL/TLS](/SharePoint/security-for-sharepoint-server/enable-tls-1-1-and-tls-1-2-support-in-sharepoint-server-2016) certificates as is seen in SharePoint Online. <br/> |
-|Full control of naming conventions, back up and restore, and other recovery options in SharePoint Server on-premises. <br/> |SharePoint Server on-premises is sensitive to product lifecycles. <br/> |
-
-### Upgrade resources
-
-Make sure that your environment meets hardware and software requirements. Then follow the supported upgrade methods.
-
-- **Hardware/software requirements for:**
-
- [SharePoint Server 2010](/previous-versions/office/sharepoint-server-2010/cc262485(v=office.14)) | [SharePoint Server 2010](/previous-versions/office/sharepoint-server-2010/cc262485(v=office.14)) | [SharePoint Server 2013](/sharepoint/install/hardware-software-requirements-2013) | [SharePoint Server 2016](/SharePoint/install/hardware-and-software-requirements)
-
-- **Software boundaries and limits for:**
-
- [SharePoint Server 2007](/previous-versions/office/sharepoint-2007-products-and-technologies/cc262787(v=office.12)) | [SharePoint Server 2010](/previous-versions/office/sharepoint-server-2010/cc262787(v=office.14)) | [SharePoint Server 2013](/SharePoint/install/software-boundaries-and-limits) | [SharePoint Server 2016](/sharepoint/install/software-boundaries-limits-2019)
-
-- **The upgrade process overview for:**
-
- [SharePoint Server 2007](/previous-versions/office/sharepoint-2007-products-and-technologies/cc303420(v=office.12)) | [SharePoint Server 2010](/previous-versions/office/sharepoint-server-2010/cc303420(v=office.14)) | [SharePoint Server 2013](/SharePoint/upgrade-and-update/upgrade-to-sharepoint-server-2016) | [SharePoint Server 2016](/SharePoint/upgrade-and-update/upgrade-to-sharepoint-server-2016)
-
-### Create a SharePoint hybrid solution between SharePoint Online and on-premises
-
-If the answer to your migration needs is somewhere between the self-control offered by on-premises and the lower cost of ownership offered by SharePoint Online, you can connect SharePoint Server 2013 or 2016 farms to SharePoint Online through hybrids. [Learn about SharePoint hybrid solutions](https://support.office.com/article/4c89a95a-a58c-4fc1-974a-389d4f195383.aspx)
-
-If you decide that a hybrid SharePoint Server farm will benefit your business, familiarize yourself with the existing types of hybrids and how to configure the connection between your on-premises SharePoint farm and your Microsoft 365 subscription.
-
-One good way to see how this works is to create a Microsoft 365 dev/test environment, which you can set up with [Test Lab Guides](m365-enterprise-test-lab-guides.md). After you get a trial or purchased Microsoft 365 subscription, you can create the site collections, webs, and document libraries in SharePoint Online to which you can migrate data. You can migrate manually, by use of the Migration API, or, if you want to migrate My Site content to OneDrive for Business, through the hybrid wizard.
-
-> [!NOTE]
-> Remember that to use the hybrid option, your SharePoint 2007 farm will need to be upgraded, on-premises, to either SharePoint Server 2013 or SharePoint Server 2016.
-
-## Related topics
-
-[Troubleshoot and resume upgrade (Office SharePoint Server 2007)](/previous-versions/office/sharepoint-2007-products-and-technologies/cc262967(v=office.12))
-
-[Troubleshoot upgrade issues (SharePoint Server 2010)](/previous-versions/office/sharepoint-server-2010/cc262967(v=office.14))
-
-[Troubleshoot database upgrade issues in SharePoint 2013](/SharePoint/upgrade-and-update/troubleshoot-database-upgrade-issues-in-sharepoint-2013)
-
-[Search for Microsoft Partners to help with Upgrade](https://go.microsoft.com/fwlink/?linkid=841249)
-
-[Resources to help you upgrade from Office 2007 servers and clients](upgrade-from-office-2007-servers-and-products.md)
enterprise Sharepoint 2007 Migration Options https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/sharepoint-2007-migration-options.md
- Title: "SharePoint 2007 migration options to consider"--- Previously updated : 1/31/2018----- scotvorg-- Ent_O365-- SPO_Content-- MET150-- SPS150-- OSU140-- SPO160-- SPB160-- OSI150-- OSI160-- BSA160-- OSU160-- NOCSH--- seo-marvel-apr2020
-description: "This article contains information for users using SharePoint Server 2007 to help them plan their upgrade."
--
-# SharePoint 2007 migration options to consider
-
-*This article applies to both Microsoft 365 Enterprise and Office 365 Enterprise.*
-
-Microsoft SharePoint 2007 and SharePoint Server 2007 have reached end of support. It's time to upgrade! This article provides information about your migration options.
-
-## Common upgrade strategies for SharePoint
-
-There are multiple methods to upgrade a SharePoint Server environment. If you have a Microsoft Office SharePoint Server 2007 farm, here are some examples of the upgrade methods:
-
-- Database attach
-
-- Side by side upgrade
-
-- In-place upgrade
-
-- Hybrid upgrade (in-place with detached databases / separate database attach)
-
-- SharePoint hybrids (connect online to on-premises SharePoint)
-
-- Manually move data between site collections or libraries
-
-- FastTrack Wizard upgrade to Microsoft 365 ([SharePoint Online deployment advisor](https://aka.ms/spoguidance))
-
-- Migration API to SharePoint Online (SPO) in Microsoft 365
-
-What works best for you?
-
-Your knowledge of what your farm does and is used for is a tactical strength when it comes to upgrade. The way people use the SharePoint Farm will help you choose from your options.
-
-> [!TIP]
-> Microsoft Office SharePoint Server 2007 also has a gradual upgrade not covered here. To see a list of step-specific upgrade articles see the [SharePoint Server 2007 end of support Roadmap](sharepoint-2007-end-of-support.md).
-
-Remember to check the [Product Lifecycle](https://support.microsoft.com/lifecycle/search) and System Requirements for whatever version of SharePoint you're upgrading to. This is so you'll be aware when the next upgrade will be necessary (for example, if you pause at a legacy product like SharePoint Server 2010 to plan for more upgrades, be sure you know its end of support date), and to be certain you have hardware that supports your plan.
-
-If you're planning to transition some, or all, of your SharePoint sites to Microsoft 365 in the Cloud, this is a time to bookmark a link to the [Microsoft 365 and Office 365 service descriptions](/office365/servicedescriptions/office-365-service-descriptions-technet-library). You'll need the Service Descriptions to learn about SharePoint Online features and how they might differ from on-premises SharePoint Server. Upgrade functional Microsoft Office SharePoint Server 2007 farms. If your installation has sites that are broken, fix them prior to upgrade.
-
-## A note about managing risk
-
-Methods like 'side-by-side' are important in the scheme of upgrade logic. When you upgrade side by side, you maintain your Microsoft Office SharePoint Server 2007 farm, but build up a farm the next version from it (SharePoint Server 2010) on new hardware. This helps in three ways:
-
-1. You have a place to take backups of your Microsoft Office SharePoint Server 2007 databases to upgrade them separately, by using database attach.
-
-2. If you figure out that only a few critical document libraries and other information are in use on your Microsoft Office SharePoint Server 2007 farm, you can choose to manually move data from Microsoft Office SharePoint Server 2007 to SharePoint Server 2010, or take only specific sites and webs to the next version (which can make your job easier).
-
-3. The less you do to the Microsoft Office SharePoint Server 2007 server farm, directly, the safer the data that farm contains as you upgrade.
-
-Methods like In-Place upgrade will act directly on your Microsoft Office SharePoint Server 2007 farm, giving you fewer easy options to abandon a path and begin again with your pristine environment. As much as possible, build in some safety measures (like taking and testing backups of the original environment). For example, if your Microsoft Office SharePoint Server 2007 farm is virtual, and is duplicated for the purposes of backup and restore, then back-up and restore the most current databases prior to your service window for the upgrade. Knowing that you have the option to restore database backups will not only give you a failsafe, it can give you peace of mind.
-
-> [!TIP]
-> Best practices documents for upgrade exist for [Microsoft Office SharePoint Server 2007](/previous-versions/office/sharepoint-2007-products-and-technologies/cc261992(v=office.12)), [SharePoint Server 2010](/previous-versions/office/sharepoint-server-2010/cc261992(v=office.14)), [SharePoint Server 2013](/SharePoint/upgrade-and-update/best-practices-for-upgrading-from-sharepoint-2010-to-sharepoint-2013), and [SharePoint Server 2016](/SharePoint/upgrade-and-update/best-practices-for-upgrade). You can also search for [Microsoft Partners](https://partnercenter.microsoft.com/pcv/search) who have experience with upgrades or Microsoft 365 migrations.
-
-## Make your plan
-
-If you need to upgrade, you need a plan, and one-size doesn't fit all in these cases. Your plan may be as simple as 'Create a Microsoft 365 subscription with SharePoint Online, register a domain, and redirect people to save their files there'. And it may not be. That decision is yours, and it's down to what you and your users really need.
-
-> [!NOTE]
-> It's risky to run on software whose lifecycle has ended. Products that are out of support are no longer patched when issues are found. This also means that if new security threats arise, there will be no security patches or fixes because the end-of-lifecycle products are no longer supported. Please avoid that situation!
-
-### First, know your farm
-
-When upgrading, your decision-making should be based on what your farm does for your organization. What need does it satisfy? What's its role? Each farm in your company may have a different role. Some of your SharePoint farms may be *critical*, some may be file archives--there for safe-keeping. Or, if your farm fills many roles at once, then you may need to know what site collections, webs, or even document libraries do, any customizations, and how important they are. Analyzing your data at this level may seem like much work, but it saves time and effort to master your domain before you upgrade, or migrate, it. Once you know all the moving parts, and the most important bits, you'll also know what you've outgrown and can leave behind. That knowledge will only benefit you going forward.
-
-So, what are users saying is most important about your SharePoint Server farm?
-
-- Built-in SharePoint features
-
-- The large data corpus (such as an archive of files)
-
-- Availability
-
-- Critical apps, web parts, or docs in the farm (Mission critical farm)
-
-- The Compliance standards met
-
-- Customizations
-
-If you run something essential to your business from your SharePoint farm, say it acts like a large catalog of critical data about client service requirements, you may put a tick beside 'Critical apps', but also 'Availability'--that is, your business would be impacted if you couldn't use SharePoint for a while. Likewise, you might check 'Customizations' because the critical services your farm offers are based on custom code, site definitions, or many customizations that work together.
-
-If SharePoint met those needs without your involvement outside of using what's built in to the software, and you generally update it and carry out normal administration and maintenance, you may have chosen 'Built-in SharePoint'--this may also be your reason for sitting on an older version of SharePoint. In other words, it already does what you need it to and you haven't needed to upgrade until now, at Microsoft Office SharePoint Server 2007 end of support.
-
-When you bullet-list these things, you create criteria for your upgrade. In other words, any upgrade would have to meet this bar to be considered. This gives you a way to rule out methods that don't currently fit your needs.
-
-### A simple sample plan
-
-There may need to be wider consensus with leadership and other admins on the path your SharePoint Upgrade will take. SharePoint Server Administrators often cooperate with Microsoft SQL Server admins, work with Networking and Security teams, and more. Where there are many stakeholders, you may need to build agreement for, or adjust, your upgrade and migration plan. For example, if you migrate data so that part of your company uses SharePoint Online in Microsoft 365, there will likely need to be performance tuning or testing inside your network. Affected teams should be informed ahead of time.
-
-In my simple sample, I show a SharePoint administrator's proposal and then list out the plan that all the stakeholders agreed upon. For clarity, document your agreements and decisions.
-
-The plan starts after an in-depth analysis of a farm, and tries to identify the role of the farm, pain points, and other important information that will lead to narrowing down some upgrade options. Afterward, an upgrade proposal is made by SharePoint administrator, and stakeholders agree on an action plan.
-
-My 'most important' bullet list:
-
-- Availability, features built-in to SharePoint, and Compliance standards.
-
-- Most of the data is on three site collections, with one Meeting Workspace used by a Dev team important and in heavy use in multiple time-zones worldwide.
-
-- There are 17 other sites that are widely used.
-
-- Two document libraries (Meeting Workspace and Documents on the root site collection) are largest (over 8000 docs each). We have a large number of archived docs and list with spreadsheet attachments.
-
-- There are 14 lists of libraries that have sensitive data that MUST stay in Compliance.
-
-- We MUST have the ability to do holds and e-discovery wherever we go.
-
-- Some of this data MUST stay on-premises, due to InfoSec rules.
-
- **My upgrade and migration choices:**
-
-| Yes | No |
-|:--|:--|
-|Upgrade databases with database attach <br/> |In-place upgrade <br/> |
-|Upgrade with farms side by side <br/> |Hybrid Upgrade <br/> |
-|Migration API to SPO in Microsoft 365 (for personal site data) <br/> |SharePoint Hybrid (not needed yet) <br/> |
-|Some manual data migrations to SharePoint Online for critical data <br/> |FastTrack wizard upgrade to Microsoft 365 <br/> |
-
- **My proposed plan:**
-
-Upgrade on-premises, with versions of SharePoint side-by-side, some virtualized, so that we can upgrade the databases first. Go from SharePoint 2007 to SharePoint 2010. Admins and Devs test the resulting farm. Users test the resulting farm. Fix any show-stopping issues during this time. Again, side-by-side, upgrade SharePoint 2010 databases to SharePoint 2013. Test. User test/pilot. Fix any show-stopping issues during this time.
-
-- Consider if a Search Federated Hybrid with SPO meets your needs.
-
-- Consider [FastTrack assistance](https://fasttrack.microsoft.com) if you would like to upgrade to SharePoint Online from here.
-
-- Determine if any site collections can be offloaded to a Microsoft 365 Subscription. (Microsoft 365 meets many [Compliance standards](/compliance/regulatory/offering-home). Microsoft 365 has [eDiscovery](https://support.office.com/article/edea80d6-20a7-40fb-b8c4-5e8c8395f6da) and can do [Holds](https://support.office.com/article/A18F8975-AA7F-43B4-A7D6-001D14744D8E) through the Compliance Centre.)
-
-Otherwise, continue with a side-by-side upgrade to SharePoint Server 2016.
-
-> [!NOTE]
-> In between recommendations made by the administrators planning the upgrade and the actual process are the conversations that happen with other stakeholders on which the upgrade relies. For example, sometimes economics force administrators to change their plans. Whatever the final decision is, you should document what the agreed-upon plan is, going forward. It might look something like this:
-
- **My action plan:**
-
-On-premises, we use a virtual environment to build default SharePoint Server 2010, and 2013. SharePoint Server 2016 will be built on new hardware that meets system requirements for 2016. We will do database attaches to upgrade databases from SharePoint 2007 through all versions between it and SharePoint Server 2016. Core customizations are being recreated for and tested in the SharePoint Server 2016 environment at this time, if native features don't already meet our needs. If we are successful, we will have an on-premises farm on new hardware with upgraded databases, and fewer customizations. We'll attach the upgraded content databases to new site collections in SharePoint Server 2013, test, user test/pilot, and then do a DNS cut-over to the new SharePoint Server 2016 environment for live use.
-
-- We will not consider Federated Hybrid between SharePoint Server 2016 and SharePoint Online right now.
-
-- An estimated 35% of our sites can be turned into new SPO sites with vanity domains, or, ultimately, become OneDrive for Business storage. Looking for other opportunities to convert sites, or route new sites to SPO.
-
-- Some of this part of the migration will be manual, by drag-and-drop to OneDrive for Business personal sites, and some by migration API.
-
-More detailed steps, or a number of links to specific upgrade directions should follow a plan. The MOSS 2007 computer should not be decommissioned, and virtual environments should be maintained for the sake of comparison; however, the upgrade will be complete when users are redirected to SharePoint Server 2016.
-
-Often major factors in choosing a method are the total cost of the upgrade and the cost in time (you'll see more on this in the SharePoint Migration Roadmap article). However, planning ahead will benefit you greatly in setting expectations, choosing wisely, and framing what success will look like.
-
-## Related links
-
-[Resources to help you upgrade from Office 2007 servers and clients](upgrade-from-office-2007-servers-and-products.md)
-
-[Microsoft Lifecycle Policy and Lifecycle search](https://support.microsoft.com/lifecycle)
-
-[Search for Microsoft Partners who can help with upgrade or migration](https://partnercenter.microsoft.com/pcv/search)
enterprise Skype For Business Online https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/skype-for-business-online.md
- Title: "Skype for Business Online in Office 365 - Admin Help"--- Previously updated : 6/29/2018---- CSH--- Adm_O365-- 'ms.lync.lac.ProviderManagedFeature'-- seo-marvel-apr2020--- MET150-- MOE150-- SAC150-- MSO150-- BCS160
-description: As an admin, find help to set up parts of Skype for Business Online, including your network, meetings and IM, and external access for users.
--
-# Skype for Business Online in Office 365 - Admin Help
-
-## We're here to help!
-
-As an admin for Office 365 for business, you get free access to our knowledgeable support agents. If you don't find the information you need on this web site, **[Contact support for business products - Admin Help](https://support.office.com/article/32a17ca7-6fa0-4870-8a8d-e25ba4ccfd4b)**
-
-## Let your users contact external Skype or Skype for Business users
-
-You can let people who are using Skype for Business contact users from outside your organization and add them to their list of Skype for Business contacts. After they add them to their contact list, they can see if they are online and IM with them, hold meetings and share desktops. For instructions see:
-
-- [Allow users to contact external Skype for Business users](https://support.office.com/article/b414873a-0059-4cd5-aea1-e5d0857dbc94)
-
-- [Let Skype for Business users add Skype contacts](https://support.office.com/article/08666236-1894-42ae-8846-e49232bbc460)
-
-## Improve call and video quality
-
-Are your users experiencing dropped calls? Is the quality of audio, video, and application sharing poor? Skype for Business is greatly impacted by the quality of end-to-end network connectivity. For the best experience, it is important to make sure there is a high-quality connection between your company network and Skype for Business Online. To learn more, see **[Tune Skype for Business Online performance](tune-skype-for-business-online-performance.md)**.
-
-Also see:
-
-- [Troubleshoot connection issues in Skype for Business](https://support.office.com/article/ca302828-783f-425c-bbe2-356348583771)
-
-- [Troubleshoot audio and video in Skype for Business](https://support.office.com/article/62777bc6-c52b-47ae-84ba-a8905c3b71dc)
-
-## Set up Skype for Business Online
--- [Skype for Business add-on licensing](https://support.office.com/article/3ed752b1-5983-43f9-bcfd-760619ab40a7)
-
-- [Set up Skype for Business Online](https://support.office.com/article/40296968-e779-4259-980b-c2de1c044c6e)
-
-- [Here's what you get with Cloud PBX](https://support.office.com/article/bc9756d1-8a2f-42c4-98f6-afb17c29231c)
-
-- [Allow users to contact external Skype for Business users](https://support.office.com/article/b414873a-0059-4cd5-aea1-e5d0857dbc94)
-
-## Fix problems for your users
--- [Set Personal options in Skype for Business](https://support.office.com/article/68bacc31-71d3-44c3-a4d4-64da78c447aa#bkmk-stop-automatic-startup)
-
-- [Need help signing in to Skype for Business?](https://support.office.com/article/448b8ea7-5b33-444a-afd4-175fc9930d05)
-
-- [Video: Sign in and out of Skype for Business](https://support.office.com/article/8abed4b3-ac48-493e-9d76-0e10140e9451)
-
-- [Set Audio Device options in Skype for Business](https://support.office.com/article/2533d929-9814-4349-8ae4-fca29246e2ff)
-
-- [Join a Skype for Business meeting](https://support.office.com/article/3862be6d-758a-4064-a016-67c0febf3cd5)
-
-- [Uninstall Skype for Business](https://support.office.com/article/28C4A036-7F22-406C-B7F4-87894CBAF902)
-
-## Help your users get started quickly!
--- [Discover Skype for Business](https://support.office.com/article/8a3491a3-c095-4718-80cf-cbbe4afe4eba): Training resources for your users
-
-- [Install Skype for Business](https://support.office.com/article/8a0d4da8-9d58-44f9-9759-5c8f340cb3fb)
-
-- [Video: Presence and IM in Skype for Business](https://support.office.com/article/c873b869-4ce0-4375-9bea-5de150eaf081)
-
-- [Set up a Skype for Business meeting in Outlook](https://support.office.com/article/b8305620-d16e-4667-989d-4a977aad6556)
-
-- [Start a Skype for Business conference call](https://support.office.com/article/8dc8ac52-91ac-4db9-8672-11551fdaf997)
-
- **For more articles for users, see [Skype for Business help](https://support.office.com/article/4fbe07ce-6b15-4a06-bcf0-baea57890410).**
-
-
enterprise Tune Skype For Business Online Performance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/tune-skype-for-business-online-performance.md
- Title: "Tune Skype for Business Online performance"--- Previously updated : 08/10/2020----- scotvorg-- Ent_O365-- CSH--- MET150-- MOE150-- MSO150-- BCS160
-description: This article provides links for system administrators planning for network bandwidth requirements or improving the performance of Skype for Business Online.
--
-# Tune Skype for Business Online performance
-
-This article provides links for system administrators who want to plan for network bandwidth requirements, or who need to improve the performance of Skype for Business Online.
-
-## Fine tuning Skype for Business Online performance
--- **To learn about the settings and metrics for maintaining call quality for your organization**, it's important to read [Media Quality and Network Connectivity Performance in Skype for Business Online](/skypeforbusiness/optimizing-your-network/media-quality-and-network-connectivity-performance). This article gives you information about the deployment types and other information that you will need.-- **For on-premises and Hybrid deployments**, you can see the bandwidth requirements for Skype for Business Server dial-in conferencing, see [Plan for dial-in conferencing in Skype for Business Server 2015](/skypeforbusiness/plan-your-deployment/conferencing/dial-in-conferencing).-
-## More ways to improve Skype for Business Online performance
--- [Turning on and using Call Quality Dashboard in Skype for Business Online](/SkypeForBusiness/using-call-quality-in-your-organization/turning-on-and-using-call-quality-dashboard): The Call Quality Dashboard (CQD) allows you to monitor and gain insights into the quality of calls made using Skype for Business services.-
-## Articles on setting up Skype for Business Online
--- [Set up Skype for Business Online](/skypeforbusiness/set-up-skype-for-business-online/set-up-skype-for-business-online)-- [Set up Audio Conferencing for Skype for Business and Microsoft Teams](/skypeforbusiness/audio-conferencing-in-office-365/set-up-audio-conferencing)-- [Set up Calling Plans (Skype for Business)](/SkypeForBusiness/what-are-calling-plans-in-office-365/set-up-calling-plans)-- [Here's what you get with Phone System in Office 365](/skypeforbusiness/what-is-phone-system-in-office-365/here-s-what-you-get-with-phone-system)-
-## See also
-
-[Network planning and performance tuning for Office 365](network-planning-and-performance.md)
-
-[Optimizing your network for Skype for Business Online](/skypeforbusiness/optimizing-your-network/optimizing-your-network)
enterprise Upgrade From Lync 2013 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/upgrade-from-lync-2013.md
- Title: "Upgrading from Lync Server 2013"--- Previously updated : 11/10/2021----- Ent_O365-- MET150-- NOCSH
-description: Find information and resources to upgrade from Lync Server 2013. Support ends April 11, 2023.
--
-# Upgrading from Lync Server 2013
-
-Microsoft Lync Server 2013 will reach end of support on **April 11, 2023**. This article provides resources to help you upgrade your existing Lync Server deployment to Microsoft Teams or Skype for Business on-premises.
-
-## What is *end of support*?
-
-Most Microsoft products have a support lifecycle, during which they get new features, bug fixes, security fixes, and so on. After the end-of-support date, the product doesn't stop working, but Microsoft no longer provides:
--- Technical support for problems that may occur.--- Bug fixes for issues that may impact the stability and usability of the server.--- Security fixes for vulnerabilities that may make the server vulnerable to security breaches.--- Time zone updates.-
-That means there will be no further updates, patches, or fixes for the product (including security patches/fixes). Microsoft Support will have fully shifted its support efforts to more recent versions.
-
-## Plan ahead
-
-Check the dates that support ends on the [Product Lifecycle site](/lifecycle/products/microsoft-lync-server-2013). Plan your upgrades or migrations with these dates in mind. Remember that your product *won't stop working* at the date listed. But because your installation will no longer be patched after that date, you'll want to plan a smooth transition to the next version of the product. The table below lists the options available to you.
-
-|End of support product|Supported|Recommended|
-||||
-|Lync Server 2013|Upgrade to Skype for Business Server 2015 or 2019|Upgrade to Microsoft Teams
-
-## What's next?
-
-We recommend upgrading to Microsoft Teams. Microsoft Teams extends the capabilities of Lync Server, bringing together chat, meetings, calling, collaboration, app integration, and file storage into a single interface. Teams helps streamline the way users get things done, improving user satisfaction and accelerating business outcomes. WeΓÇÖre continually expanding TeamsΓÇÖ capabilities to enable you to communicate and collaborate in new ways, break down organizational and geographical barriers, and drive efficiency in process and decision making.
-
-If you can't upgrade to Microsoft Teams, you can upgrade to Skype for Business Server 2015 or 2019. A key planning consideration to know is that both of these products will reach end of support on October 14, 2025. For more information, see the following support lifecycle pages:
--- [Skype for Business Server 2015 support lifecycle information](/lifecycle/products/skype-for-business-server-2015)-- [Skype for Business Server 2019 support lifecycle information](/lifecycle/products/skype-for-business-server-2019)-
-### Upgrade to Microsoft Teams
-
-We have detailed guidance on upgrading to Microsoft Teams from your on-premises deployment. First, let's cover some key technical requirements. You will need to establish hybrid connectivity, which will enable you to move your users to Teams. [Plan hybrid connectivity](/SkypeForBusiness/hybrid/plan-hybrid-connectivity) gives an overview of setting up a hybrid environment. Even though the article is focused on Skype for Business, all the concepts apply to Lync Server 2013 as well. See the [server version requirements](/SkypeForBusiness/hybrid/plan-hybrid-connectivity#server-version-requirements) section for Lync Server 2013-specific details.
-
-You also need to ensure that your Lync Server 2013 deployment is fully up to date. We publish a [list of all the latest updates for Lync Server 2013](https://support.microsoft.com/topic/updates-for-lync-server-2013-a2a042ac-79f0-2665-7453-0a541fb25164) However, the following update is a pre-requisite for an upgrade to Microsoft Teams:
--- [September 2021 cumulative update 5.0.8308.1149 for Lync Server 2013, Core Components](https://support.microsoft.com/topic/september-2021-cumulative-update-5-0-8308-1149-for-lync-server-2013-core-components-6755903a-fc9a-44d2-b835-2a6d01f14043): This update replaces the Live ID authentication with OAuth authentication protocol for the `Move-CSUser` cmdlet, which is used for moving on-premises users to Microsoft Teams.-
-Even though the user experience in Microsoft Teams is far richer and superior to Lync, it is also dramatically different. Therefore, you'll also need to prepare your organization and your users to ensure a rapid adoption of Microsoft Teams. We have a wealth of information available on how to prepare your organization, plan your upgrade to Teams, and ensure a successful rollout.
-
-**We recommend that you start at our [Teams upgrade portal](/MicrosoftTeams/upgrade-skype-teams)** where you can find technical information, training resources, links to Ignite sessions, available help resources, case studies and more.
--
-### Upgrade to Skype for Business Server
-
-The path to Skype for Business Server is going to be different depending on the version you choose to upgrade to. Skype for Business Server 2015 supports an in-place upgrade from Lync Server 2013. On the other hand, in order to upgrade to Skype for Business Server 2019, you first will need to introduce Skype for Business Server 2019 to your Lync Server 2013 installation via adding one or more new servers, and then transfer operations to the new 2019 servers you've added.
-
-One important point to consider is that the current support phase for each product: Skype for Business 2019 is in mainstream support and Skype for Business 2015 is currently in extended support. Therefore, we recommend upgrading to Skype for Business Server 2019. To learn more about the difference between mainstream and extended support, see [Fixed Lifecycle Policy](/lifecycle/policies/fixed).
-
-See the following resources for detailed information about each upgrade scenario.
--- [Upgrade to Skype for Business Server 2019](/skypeforbusiness/migration/migration-to-skype-for-business-server-2019)-- [Upgrade to Skype for Business Server 2015](/skypeforbusiness/deploy/upgrade-to-skype-for-business-server)
enterprise Upgrade From Office 2007 Servers And Products https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/upgrade-from-office-2007-servers-and-products.md
- Title: "Resources to help you upgrade from Office 2007 servers and clients"--- Previously updated : 11/01/2018----- scotvorg-- Ent_O365-- MET150-- LCC120-- OFF120-- OFF140-- WSU140-- OSU140-- LCC125-- PJU120-- PSV120-- NOCSH
-description: This article provides resources to help you upgrade from Office 2007 servers and clients, as support for Office 2007 has ended.
---
-# Resources to help you upgrade from Office 2007 servers and clients
-
-*This article applies to both Microsoft 365 Enterprise and Office 365 Enterprise.*
-
-If you're using Office 2007 products and services, be aware that support for these applications has ended. Consider moving to the Microsoft cloud, starting with Microsoft 365. Use this article as a starting point to review your options and plan your upgrade.
-
-## Office 2007 planning roadmaps
-
-Support has ended for Office 2007 products and services. The following roadmaps can help you plan your upgrade now.
-
-|**Planning content**|**Date support ended**|
-|:--|:--|
-|[Office 2007 end of support roadmap](/DeployOffice/office-2007-end-support-roadmap) <br/> |October 10, 2017 <br/> |
-|[Exchange 2007 end of support roadmap](exchange-2007-end-of-support.md) <br/> |April 11, 2017 <br/> |
-|[SharePoint Server 2007 end of support roadmap](sharepoint-2007-end-of-support.md) <br/> |October 10, 2017 <br/> |
-|[Project Server 2007 end of support roadmap](project-server-2007-end-of-support.md) <br/> |October 10, 2017 <br/> |
-|[Upgrade from Office Communications Server](/SkypeForBusiness/plan-your-deployment/upgrade) <br/> |January 8, 2018 <br/> |
-|[PerformancePoint Server 2007 end of support roadmap](pps-2007-end-of-support.md) <br/> |January 9, 2018 <br/> |
-
-After support ends for a Microsoft product, there are no more:
-- New security updates-- New non-security updates-- Free or paid assisted support options available (including custom support agreements)-- New online technical content updates-
-Whether you're an enterprise organization or an individual home user, you have several options to consider.
-
-## I'm a home user. What do I do?
-
-If you're using Office 2007 products and applications at home, see [this information](plan-upgrade-previous-versions-office.md#im-a-home-user-what-do-i-do).
-
-## Related topics
-
-[Video: What is Microsoft 365?](https://support.office.com/article/847caf12-2589-452c-8aca-1c009797678b.aspx)
-
-[Microsoft Lifecycle Policy](/lifecycle/)
-
-[Plan your upgrade from Office 2007 or Office 2010 servers and clients](plan-upgrade-previous-versions-office.md)
enterprise Upgrade From Office 2010 Servers And Products https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/upgrade-from-office-2010-servers-and-products.md
- Title: "Resources to help you upgrade from Office 2010 servers and clients"--- Previously updated : 08/10/2020----- scotvorg-- Ent_O365-- MET150-- LCC120-- OFF120-- OFF140-- WSU140-- OSU140-- LCC125-- PJU120-- PSV120-- NOCSH
-description: Start planning your upgrade from Office 2010 servers and client applications, as support is ending soon and custom support agreements aren't available.
---
-# Resources to help you upgrade from Office 2010 servers and clients
-
-*This article applies to both Microsoft 365 Enterprise and Office 365 Enterprise.*
-
-Office 2010 and Exchange 2010 reached their end of support on **October 13, 2020**.
-
-SharePoint 2010 and Project Server 2010 will reach their end of support on **April 13, 2021**.
-
-While you plan your upgrade, consider moving to Microsoft 365.
--- Microsoft 365 has cloud-based services for Office 2010 server products, such as Exchange Server and SharePoint Server, and services, such as Teams and OneDrive for Business.--- Microsoft 365 Apps for enterprise (previously named *Office 365 ProPlus*), which is included with Microsoft 365 E3 and E5, is the set of Office client apps that you install on your local device. They're updated with new productivity and security features regularly from the Microsoft cloud.-
-For a visual summary of the upgrade, migration, and move-to-the-cloud options for Office 2010 clients and servers and Windows 7, see the [end of support poster](https://download.microsoft.com/download/2/7/d/27da4118-32ae-4ffe-90d8-a61e7c895ba0/Office2010Windows7EndOfSupport.pdf).
-
-[![End of support for Office 2010 clients and servers and Windows 7 poster.](../media/upgrade-from-office-2010-servers-and-products/office2010-windows7-end-of-support.png)](https://download.microsoft.com/download/2/7/d/27da4118-32ae-4ffe-90d8-a61e7c895ba0/Office2010Windows7EndOfSupport.pdf)
-
-This one-page poster summarizes the various paths you can take to handle Office 2010 client and server products and Windows 7 from reaching end of support. Preferred paths and option support in Microsoft 365 Enterprise are highlighted.
-
-You can also [download](https://download.microsoft.com/download/2/7/d/27da4118-32ae-4ffe-90d8-a61e7c895ba0/Office2010Windows7EndOfSupport.pdf) this poster and print it in letter, legal, or tabloid (11 x 17) format.
-
-## Office 2010 client and server upgrade planning
-
-|For this product|With this end of support date|See this resource|
-||||
-|Office 2010 (including Word 2010, Excel 2010, PowerPoint 2010, and Outlook 2010)|October 13, 2020 |[Office 2010 end of support roadmap](/DeployOffice/office-2010-end-support-roadmap)|
-|Exchange Server 2010|October 13, 2020|[Exchange 2010 end of support roadmap](exchange-2010-end-of-support.md)|
-|SharePoint 2010 or SharePoint Server 2010|April 13, 2021|[Upgrading from SharePoint 2010](upgrade-from-sharepoint-2010.md)|
-|Project Server 2010|April 13, 2021|[Project Server 2010 end of support roadmap](project-server-2010-end-of-support.md)|
-|Lync Server 2010|April 13, 2021|[Plan to upgrade to Skype for Business Server](/skypeforbusiness/plan-your-deployment/upgrade)|
-
-## I'm a home user. What do I do?
-
-If you use Office 2010 products and applications at home, see [this information](plan-upgrade-previous-versions-office.md#im-a-home-user-what-do-i-do).
-
-## Related topics
-
-[Video: What is Microsoft 365?](https://support.office.com/article/847caf12-2589-452c-8aca-1c009797678b.aspx)
-
-[Microsoft Lifecycle Policy](/lifecycle/)
-
-[Plan your upgrade from Office 2007 or Office 2010 servers and clients](plan-upgrade-previous-versions-office.md)
enterprise Upgrade From Sharepoint 2010 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/upgrade-from-sharepoint-2010.md
- Title: "Upgrading from SharePoint 2010"--- Previously updated : 04/13/2020----- scotvorg-- Ent_O365-- SPO_Content-- MET150-- WSU140-- OSU140-- NOCSH
-description: Find information and resources to upgrade from SharePoint 2010 and SharePoint Server 2010. Support for both ends April 13, 2021.
---
-# Upgrading from SharePoint 2010
-
-*This article applies to both Microsoft 365 Enterprise and Office 365 Enterprise.*
-
-Microsoft SharePoint 2010 and SharePoint Server 2010 will reach end of support on **April 13, 2021**. This article provides resources to help you migrate your existing SharePoint Server 2010 data to SharePoint Online in Microsoft 365 or upgrade your on-premises SharePoint Server 2010 environment.
-
-## What is *end of support*?
-
-Most Microsoft products have a support lifecycle, during which they get new features, bug fixes, security fixes, and so on. After the end-of-support date, the product doesn't stop working, but Microsoft no longer provides:
--- Technical support for problems that may occur.--- Bug fixes for issues that may impact the stability and usability of the server.--- Security fixes for vulnerabilities that may make the server vulnerable to security breaches.--- Time zone updates.-
-That means there will be no further updates, patches, or fixes for the product (including security patches/fixes). Microsoft Support will have fully shifted its support efforts to more recent versions.
-
-As the end of support of SharePoint Server 2010 approaches, delete data you no longer need before you upgrade the product and migrate your important data.
-
-> [!NOTE]
-> A software lifecycle typically lasts for ten years from the initial release. [Microsoft solution providers](https://go.microsoft.com/fwlink/?linkid=841249) can help you upgrade to the next version of the software or migrate to Microsoft 365 migration (or both). Make sure you're aware of end-of-support dates for critical underlying technologies as well, particularly for the version of Microsoft SQL Server you're using with SharePoint. For more information, see [Fixed Lifecycle Policy](https://support.microsoft.com/help/14085).
-
-## Plan ahead
-
-Check the dates that support ends on the [Product Lifecycle site](https://support.microsoft.com/lifecycle/search?alpha=SharePoint%20Server%202010). Plan your upgrades or migrations with these dates in mind. Remember that your product *won't stop working* at the date listed. But because your installation will no longer be patched after that date, you'll want to plan a smooth transition to the next version of the product.
-
-This matrix helps plot a course among migration options:
-
-|End of support product|Good |Best|
-||||
-|SharePoint Server 2010|SharePoint Server 2013 (on-premises)|SharePoint Online|
-||SharePoint Server 2013 hybrid with SharePoint Online|SharePoint Server 2016 (on-premises)|
-|||SharePoint Cloud Hybrid Search|
-
-If you choose an option on the low end of the scale (good), you'll need to start planning for another upgrade soon after your migration from SharePoint Server 2010.
-
-Here are the three paths you can take to avoid the end of support for SharePoint Server 2010.
-
-![SharePoint Server 2010 upgrade paths.](../media/upgrade-from-sharepoint-2010/upgrade-from-sharepoint-2010-paths.png)
-
-> [!NOTE]
-> End of support for SharePoint Server 2010 and SharePoint Foundation 2010 is currently scheduled for April 13, 2021. But make sure to check the [Product Lifecycle site](https://support.microsoft.com/lifecycle) for the most-current dates.
-
-## What's next?
-
-SharePoint Server 2013 and SharePoint Foundation 2013 can be installed on-premises on your own servers. Or you can use SharePoint Online, which is an online service that's part of Microsoft 365. You can choose to:
--- Migrate to SharePoint Online.--- Upgrade SharePoint Server or SharePoint Foundation on-premises.--- Do both of the above.--- Implement a [SharePoint hybrid](/sharepoint/hybrid/hybrid) solution.-
-Consider the hidden costs of maintaining a server farm, including maintaining or migrating customizations and upgrading hardware. If you've accounted for these factors, it will be easier to upgrade on-premises. If you run your farm on legacy SharePoint Servers without heavy customization, you could benefit from a planned migration to SharePoint Online. For an on-premises SharePoint Server environment, you can also consider moving some data in SharePoint Online to reduce hardware management overhead.
-
-> [!NOTE]
-> SharePoint administrators can create a Microsoft 365 Subscription, set up new SharePoint Online sites, and then cut away from SharePoint Server 2010 cleanly, taking only essential documents to the fresh sites. Then, any remaining data can be drained from the SharePoint Server 2010 site into on-premises archives.
-
-|SharePoint Online|SharePoint Server on-premises|
-|||
-|High cost in time (plan/execution/verification)|High cost in time (plan/execution/verification)|
-|Lower cost in funds (no hardware purchases)|Higher cost in funds (hardware purchases)|
-|One-time cost in migration|One-time cost repeated per future migration|
-|Low total cost of ownership/maintenance|High total cost of ownership/maintenance|
-
-A one-time move to Microsoft 365 will have a higher cost while you organize data and decide what to take to the cloud and what to leave behind. But after your data is migrated, future upgrades will be automatic, as you'll no longer need to manage hardware and software updates. And the up time of your farm will be backed by a [Microsoft service level agreement (SLA)](/office365/servicedescriptions/office-365-platform-service-description/service-level-agreement).
-
-### Migrate to SharePoint Online
-
-Make sure SharePoint Online offers all the features you need. See [SharePoint service description](/office365/servicedescriptions/sharepoint-online-service-description/sharepoint-online-service-description).
-
-You can't migrate directly from SharePoint Server 2010 (or SharePoint Foundation 2010) to SharePoint Online. So much of the migration work is manual. But this stage gives you the opportunity to prune data and sites that are no longer needed before the move. You can archive other data into storage.
-
-Remember that SharePoint Server 2010 and SharePoint Foundation 2010 won't stop working at end of support. So administrators can have a period when SharePoint is still running if their customers forget to move some of their data.
-
-If you upgrade to SharePoint Server 2013 or SharePoint Server 2016 and decide to put data into SharePoint Online, you might use the [SharePoint Migration API](https://support.office.com/article/Upload-on-premises-content-to-SharePoint-Online-using-PowerShell-cmdlets-555049c6-15ef-45a6-9a1f-a1ef673b867c?ui=en-US&amp;rs=en-US&amp;ad=US) to migrate information into OneDrive for Business.
-
-|SharePoint Online advantage|SharePoint Online disadvantage|
-|||
-|Microsoft supplies SPO hardware and all hardware administration.|Available features may differ between SharePoint Server on-premises and SPO.|
-|You're the SharePoint admin or global admin of your subscription and can assign administrators to SPO sites.|Some actions available to a farm administrator in SharePoint Server on-premises don't exist (or aren't necessary) in the SharePoint Administrator role in Microsoft 365. But SharePoint Administration, Site Collection Administration, and Site Ownership are local to your org.|
-|Microsoft applies patches, fixes, and updates to underlying hardware and software, including SQL servers on which SharePoint Online runs.|Because there's no access to the underlying file system in the service, customization is limited.|
-|Microsoft publishes [service level agreements](/office365/servicedescriptions/office-365-platform-service-description/service-level-agreement) and moves quickly to resolve service-level incidents.|Backup and restore and other recovery options are automated by the service in SharePoint Online. Backups are overwritten if not used.|
-|Security testing and server performance tuning are carried out continuously in the service by Microsoft.|Changes to the user interface and other SharePoint features are installed by the service and may need to be toggled on or off.|
-|Microsoft 365 meets many industry standards: [Microsoft compliance offerings](/compliance/regulatory/offering-home).|[FastTrack](https://go.microsoft.com/fwlink/?linkid=518597) assistance for migration is limited. <br/> Much of the upgrade will be manual or via the SPO Migration API described in the [SharePoint Online and OneDrive Migration Content Roadmap](/sharepointmigration/upload-on-premises-content-to-sharepoint-online-using-powershell-cmdlets).|
-|Microsoft Support engineers and datacenter employees don't have unrestricted admin access to your subscription.|There can be additional costs if hardware infrastructure needs to be upgraded to support the newer version of SharePoint or if a secondary farm is required for upgrade.|
-|Solution providers can help with the one-time job of migrating your data to SharePoint Online.|Not all changes to SharePoint Online are within your control. After migration, design differences in menus, libraries, and other features may temporarily affect usability.|
-|Online products are updated automatically across the service. Features may deprecate, but there's no true end of support lifecycle.|There's an end-of-support lifecycle for SharePoint Server or SharePoint Foundation as well as underlying SQL servers.|
-
-If you've decided to create a new Microsoft 365 site and will manually migrate data to it as is needed, check your [Microsoft 365 options](https://www.microsoft.com/microsoft-365/).
-
-### Upgrade SharePoint Server on-premises
-
-As of SharePoint Server 2019, upgrades must go *serially*. There's no way to upgrade from SharePoint Server 2010 to SharePoint Server 2016 or to SharePoint 2019 directly. Serial upgrade path:
--- SharePoint Server 2010 \> SharePoint Server 2013 \> SharePoint Server 2016-
-It will take time and planning to follow the entire path from SharePoint 2010 to SharePoint Server 2016. Upgrades involve costs for hardware (SQL servers must also be upgraded), software, and administration. Also, customizations may need to be upgraded or even abandoned. Be sure that you document critical customizations before you upgrade your SharePoint Server farm.
-
-> [!NOTE]
-> It's possible to maintain your end-of-support SharePoint 2010 farm, install a SharePoint Server 2016 farm on new hardware (so the separate farms run side-by-side), and then plan and execute a manual migration of content (for downloading and re-uploading content, for example). But there are potential pitfalls to these manual moves, such as documents coming from 2010 having a current last-modified account with the alias of the account that does the manual move. And some work must be done ahead of time, such as recreating sites, subsites, permissions, and list structures. Be sure to clean your environment prior to upgrade. Consider what data you can move into storage or no longer need. This can reduce the impact of migration. Be certain your existing farm is functional before you upgrade, and (certainly) before you decommission!
-
-Remember to review the *supported and unsupported upgrade paths*:
--- [SharePoint Server 2010](/previous-versions/office/sharepoint-2007-products-and-technologies/cc262747(v=office.12))--- [SharePoint Server 2013](/SharePoint/upgrade-and-update/review-supported-editions-and-products-for-upgrading-to-sharepoint-2013)-
-If you have *customizations*, it's critical that you plan for each step in the migration path:
--- [SharePoint Server 2010](/previous-versions/office/sharepoint-server-2010/cc263203(v=office.14))--- [SharePoint Server 2013](/SharePoint/upgrade-and-update/create-a-communication-plan-for-the-upgrade-to-sharepoint-2013)-
-|On-premises advantage|On-premises disadvantage|
-|||
-|Full control of all aspects of your SharePoint Farm (and its SQL), from the server hardware up.|All breaks and fixes are the responsibility of your company. But you can engage paid Microsoft Support if your product isn't past end of support.|
-|Full feature set of SharePoint Server on-premises with the option to connect your on-premises farm to a SharePoint Online subscription via hybrid.|Upgrade, patches, security fixes, hardware upgrades, and all maintenance of SharePoint Server and its SQL farm are managed on-premises.|
-|Full access for greater customization options than with SharePoint Online.|[Microsoft compliance offerings](/compliance/regulatory/offering-home) must be manually configured on-premises.|
-|Security testing and server performance tuning are carried out on your premises under your control.|Microsoft 365 may make features available to SharePoint Online that don't interoperate with SharePoint Server on-premise.|
-|Solution providers can help migrate data to the next version of SharePoint Server (and beyond).|Your SharePoint Server sites will not automatically use [SSL/TLS](/SharePoint/security-for-sharepoint-server/enable-tls-1-1-and-tls-1-2-support-in-sharepoint-server-2016) certificates as is seen in SharePoint Online.|
-|Full control of naming conventions and backup and restore and other recovery options in SharePoint Server on-premises.|SharePoint Server on-premises is sensitive to product lifecycles.|
-
-### Upgrade resources
-
-Begin by comparing hardware and software requirements. If your current environment doesn't meet basic requirements, you may have to upgrade the hardware in the farm or the SQL servers first.
-
-You may decide to move some of your sites to the "evergreen" hardware of SharePoint Online. Once you've made your assessment, follow supported upgrade paths and methods.
--- *Hardware/software requirements for:*-
- [SharePoint Server 2010](/previous-versions/office/sharepoint-server-2010/cc262485(v=office.14)) | [SharePoint Server 2013](/sharepoint/install/hardware-software-requirements-2013) | [SharePoint Server 2016](/SharePoint/install/hardware-and-software-requirements)
--- *Software boundaries and limits for:*-
- [SharePoint Server 2010](/previous-versions/office/sharepoint-server-2010/cc262787(v=office.14)) | [SharePoint Server 2013](/SharePoint/install/software-boundaries-and-limits) | [SharePoint Server 2016](/sharepoint/install/software-boundaries-limits-2019)
--- *The upgrade process overview for:*-
- [SharePoint Server 2010](/previous-versions/office/sharepoint-server-2010/cc303420(v=office.14)) | [SharePoint Server 2013](/SharePoint/upgrade-and-update/upgrade-to-sharepoint-server-2016) | [SharePoint Server 2016](/SharePoint/upgrade-and-update/upgrade-to-sharepoint-server-2016)
-
-### Create a hybrid solution with SharePoint Online and SharePoint Server on-premises
-
-A hybrid setup provides the best of both on-premises and online for some migration needs. You can connect SharePoint Server 2013, 2016, or 2019 farms to SharePoint Online to create a SharePoint hybrid: [Learn about SharePoint hybrid solutions](https://support.office.com/article/4c89a95a-a58c-4fc1-974a-389d4f195383.aspx).
-
-If a hybrid SharePoint Server farm is your migration goal, figure what sites and users to move online and which need to remain on-premises. Ranking your SharePoint Server farm content as high, medium, or low impact to your company can help with this decision. You may only need to share user accounts for login and the SharePoint Server search index with SharePoint Online. But this factor may not be clear until you look at how your sites are used. If your company later decides to migrate all your content to SharePoint Online, you can move all remaining accounts and data online and decommission your on-premises farm. Management/administration of the SharePoint farm will be done through Microsoft 365 consoles from that point on.
-
-Be sure to familiarize yourself with the existing types of hybrids and how to configure the connection between your on-premises SharePoint farm and your Microsoft 365 subscription.
-
-|Option|Description|
-|||
-|[Microsoft compliance offerings](/compliance/regulatory/offering-home).|[FastTrack](https://www.microsoft.com/fasttrack/microsoft-365) assistance for migration is limited.<br/><br/> Much of the upgrade will be manual or via the SPO Migration API described in the [SharePoint Online and OneDrive Migration Content Roadmap](/sharepointmigration/upload-on-premises-content-to-sharepoint-online-using-powershell-cmdlets).|
-|Microsoft Support engineers and datacenter employees don't have unrestricted admin access to your subscription.|There may be additional costs if hardware infrastructure needs to be upgraded to support the newer version of SharePoint, or if a secondary farm is required.|
-|Partners can assist with the one-time job of migrating your data to SharePoint Online.||
-|Online products are updated automatically across the service. Features may deprecate, but there's no true end of support.||
-
-If you've decided to create a new Microsoft 365 site and manually migrate data to it as is needed, check your [Microsoft 365 options](https://www.microsoft.com/microsoft-365/).
-
-### Upgrade SharePoint Server on-premises
-
-There's no way to skip versions in SharePoint Upgrades. That means upgrades go serially:
--- SharePoint 2007 \> SharePoint Server 2010 \> SharePoint Server 2013 \> SharePoint Server 2016-
-To take the entire path from SharePoint 2007 to SharePoint Server 2016 will mean a significant investment of time and will involve hardware (SQL servers must also be upgraded), software, and administration costs. Customizations will need to be upgraded or abandoned, according to the criticality of the feature.
-
-> [!NOTE]
-> It's possible to maintain your end-of-life SharePoint 2007 farm, install a SharePoint Server 2016 farm on new hardware (so the separate farms run side-by-side), and then plan and execute a manual migration of content (for downloading and re-uploading content, for example). But there are some drawbacks to these manual moves, such as moves of documents replacing the last modified account with the alias of the account that does the manual move. And much work must be done ahead of time, such as recreating sites, subsites, permissions, and list structures. In any case, consider what data you can move into storage or no longer need to reduce the impact of migration.
-
-Make sure to clean your environment prior to upgrade. Be certain your existing farm is functional before you upgrade, and certainly before you decommission!
-
-Remember to review the *supported and unsupported upgrade paths*:
--- [SharePoint Server 2007](/previous-versions/office/sharepoint-2007-products-and-technologies/cc262747(v=office.12))--- [SharePoint Server 2010](/previous-versions/office/sharepoint-2007-products-and-technologies/cc262747(v=office.12))--- [SharePoint Server 2013](/SharePoint/upgrade-and-update/review-supported-editions-and-products-for-upgrading-to-sharepoint-2013)-
-If you have *customizations*, it's critical to plan your upgrade for each step in the migration path:
--- [SharePoint 2007](/previous-versions/office/sharepoint-2007-products-and-technologies/cc263203(v=office.12))--- [SharePoint Server 2010](/previous-versions/office/sharepoint-server-2010/cc263203(v=office.14))--- [SharePoint Server 2013](/SharePoint/upgrade-and-update/create-a-communication-plan-for-the-upgrade-to-sharepoint-2013)-
-|On-premises pro|On-premises con|
-|||
-|Full control of all aspects of your SharePoint Farm, from the server hardware up.|All breaks and fixes are the responsibility of your company. (But you can engage paid Microsoft Support if your product isn't past end of support.)|
-|Full feature set of SharePoint Server on-premises with the option to connect your on-premises farm to a SharePoint Online subscription via hybrid.|Upgrade, patches, security fixes, and all maintenance of SharePoint Server managed on-premises.|
-|Full access for greater customization.|[Microsoft compliance offerings](/compliance/regulatory/offering-home) must be manually configured on-premises.|
-|Security testing and server performance tuning is carried out on your premises under your control.|Microsoft 365 may make features available to SharePoint Online that don't interoperate with SharePoint Server on-premises.|
-|Partners can help migrate data to the next version of SharePoint Server (and beyond).|Your SharePoint Server sites will not automatically use [SSL/TLS](/SharePoint/security-for-sharepoint-server/enable-tls-1-1-and-tls-1-2-support-in-sharepoint-server-2016) certificates as is seen in SharePoint Online.|
-|Full control of naming conventions and backup and restore and other recovery options in SharePoint Server on-premises.|SharePoint Server on-premises is sensitive to product lifecycles.|
-
-### Upgrade resources
-
-Begin by knowing that you meet hardware and software requirements, then follow supported upgrade methods.
--- *Hardware/software requirements for*:-
- [SharePoint Server 2010](/previous-versions/office/sharepoint-server-2010/cc262485(v=office.14)) | [SharePoint Server 2010](/previous-versions/office/sharepoint-server-2010/cc262485(v=office.14)) | [SharePoint Server 2013](/sharepoint/install/hardware-software-requirements-2013) | [SharePoint Server 2016](/SharePoint/install/hardware-and-software-requirements)
--- *Software boundaries and limits for*:-
- [SharePoint Server 2007](/previous-versions/office/sharepoint-2007-products-and-technologies/cc262787(v=office.12)) | [SharePoint Server 2010](/previous-versions/office/sharepoint-server-2010/cc262787(v=office.14)) | [SharePoint Server 2013](/SharePoint/install/software-boundaries-and-limits) | [SharePoint Server 2016](/sharepoint/install/software-boundaries-limits-2019)
--- *The upgrade process overview for*:-
- [SharePoint Server 2007](/previous-versions/office/sharepoint-2007-products-and-technologies/cc303420(v=office.12)) | [SharePoint Server 2010](/previous-versions/office/sharepoint-server-2010/cc303420(v=office.14)) | [SharePoint Server 2013](/SharePoint/upgrade-and-update/upgrade-to-sharepoint-server-2016) | [SharePoint Server 2016](/SharePoint/upgrade-and-update/upgrade-to-sharepoint-server-2016)
-
-### Create a SharePoint hybrid solution between SharePoint Online and on-premises
-
-If the answer to your migration needs is somewhere between the control offered by on-premises and the lower cost of ownership offered by SharePoint Online, you can connect SharePoint Server 2013 or 2016 farms to SharePoint Online through hybrids. [Learn about SharePoint hybrid solutions](https://support.office.com/article/4c89a95a-a58c-4fc1-974a-389d4f195383.aspx)
-
-If you decide that a hybrid SharePoint Server farm will benefit your business, familiarize yourself with the existing types of hybrids and how to configure the connection between your on-premises SharePoint farm and your Microsoft 365 subscription.
-
-You may want to create a Microsoft 365 dev/test environment, which you can set up with [Test Lab Guides](m365-enterprise-test-lab-guides.md). After you get a trial or purchased Microsoft 365 subscription, you can create the site collections, webs, and document libraries in SharePoint Online to which you can migrate data. You can migrate manually, by use of the Migration API, or, if you want to migrate My Site content to OneDrive for Business, through the hybrid wizard.
-
-> [!NOTE]
-> To use the hybrid option, your SharePoint Server 2010 farm must first be upgraded on-premises to SharePoint Server 2013 or 2016. SharePoint Foundation 2010 and SharePoint Foundation 2013 don't support hybrid connections with SharePoint Online.
-
-## Summary of options for Office 2010 client and servers and Windows 7
-
-For a visual summary of the upgrade, migrate, and move-to-the-cloud options for Office 2010 clients and servers and Windows 7, see the [end of support poster](https://download.microsoft.com/download/2/7/d/27da4118-32ae-4ffe-90d8-a61e7c895ba0/Office2010Windows7EndOfSupport.pdf).
-
-[![End of support for Office 2010 clients and servers and Windows 7 poster.](../media/upgrade-from-office-2010-servers-and-products/office2010-windows7-end-of-support.png)](https://download.microsoft.com/download/2/7/d/27da4118-32ae-4ffe-90d8-a61e7c895ba0/Office2010Windows7EndOfSupport.pdf)
-
-This poster illustrates the various paths you can take to avoid Office 2010 client and server products and Windows 7 end of support, with preferred paths and option supports in Microsoft 365 Enterprise highlighted.
-
-You can also [download](https://download.microsoft.com/download/2/7/d/27da4118-32ae-4ffe-90d8-a61e7c895ba0/Office2010Windows7EndOfSupport.pdf) this poster and print it in letter, legal, or tabloid (11 x 17) format.
-
-## Related articles
-
-[Resources to help you upgrade from Office 2007 or 2010 servers and clients](upgrade-from-office-2010-servers-and-products.md)
-
-[Overview of the upgrade process from SharePoint 2010 to SharePoint 2013](/SharePoint/upgrade-and-update/overview-of-the-upgrade-process-from-sharepoint-2010-to-sharepoint-2013)
-
-[Best practices for upgrading from SharePoint 2010 to SharePoint 2013](/SharePoint/upgrade-and-update/best-practices-for-upgrading-from-sharepoint-2010-to-sharepoint-2013)
-
-[Troubleshoot database upgrade issues in SharePoint 2013](/SharePoint/upgrade-and-update/troubleshoot-database-upgrade-issues-in-sharepoint-2013)
-
-[Search for Microsoft solution providers to help with your upgrade](https://go.microsoft.com/fwlink/?linkid=841249)
-
-[Updated Product Servicing Policy for SharePoint 2013](/SharePoint/product-servicing-policy/updated-product-servicing-policy-for-sharepoint-2013)
-
-[Updated Product Servicing Policy for SharePoint Server 2016](/SharePoint/product-servicing-policy/updated-product-servicing-policy-for-sharepoint-server-2016)
enterprise Upgrade From Sharepoint 2013 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/upgrade-from-sharepoint-2013.md
- Title: "Upgrading from SharePoint 2013"--- Previously updated : 11/10/2021----- scotvorg-- Ent_O365-- MET150-- NOCSH
-description: Find information and resources to upgrade from SharePoint Server 2013 and SharePoint Foundation 2013. Support for both ends April 11, 2023.
--
-# Upgrading from SharePoint 2013
-
-Both Microsoft SharePoint Server 2013 and SharePoint Foundation 2013 will reach end of support on **April 11, 2023**. This article provides resources to help you migrate your existing SharePoint Server data to SharePoint Online in Microsoft 365 or upgrade your on-premises SharePoint 2013 environment. For the rest of this article, we'll use SharePoint 2013 to refer to both SharePoint Server 2013 and SharePoint Foundation 2013.
-
-## What is *end of support*?
-
-Most Microsoft products have a support lifecycle, during which they get new features, bug fixes, security fixes, and so on. After the end-of-support date, the product doesn't stop working, but Microsoft no longer provides:
--- Technical support for problems that may occur.--- Bug fixes for issues that may impact the stability and usability of the server.--- Security fixes for vulnerabilities that may make the server vulnerable to security breaches.--- Time zone updates.-
-That means there will be no further updates, patches, or fixes for the product (including security patches/fixes). Microsoft Support will have fully shifted its support efforts to more recent versions.
-
-> [!NOTE]
-> A software lifecycle typically lasts for five years of mainstream support from the initial release, and potentially up to an additional 5 years of extended support. [Microsoft solution providers](https://go.microsoft.com/fwlink/?linkid=841249) can help you upgrade to the next version of the software or migrate to Microsoft 365 (or both). Make sure you're aware of end-of-support dates for critical underlying technologies as well, particularly for the version of Microsoft SQL Server you're using with SharePoint. For more information, see [Fixed Lifecycle Policy](https://support.microsoft.com/help/14085).
-
-## Plan ahead
-
-Check the dates that support ends on the Product Lifecycle site for [SharePoint Server 2013](/lifecycle/products/sharepoint-server-2013) and [SharePoint Foundation 2013](/lifecycle/products/sharepoint-foundation-2013). Plan your upgrades or migrations with these dates in mind. Remember that your product *won't stop working* at the date listed. But because your installation will no longer be patched after that date, you'll want to plan a smooth transition to the next version of the product. The table below lists the options available to you.
-
-|End of support product|Good|Better|Best|
-|||||
-|SharePoint Server 2013<BR>SharePoint Foundation 2013|Upgrade to SharePoint Server 2016 or 2019|Upgrade to SharePoint Server Subscription Edition|Migrate to SharePoint in Microsoft 365
-
-## What's next?
-
-We recommend migrating to SharePoint in Microsoft 365 to take advantage of the latest collaboration, intelligence, and security solutions in Microsoft 365. The modern experience features in Microsoft 365 are designed to be compelling, flexible, and performant.
-
-If you have a need to maintain an on-premises SharePoint deployment, we recommend a hybrid deployment that will enable you to migrate as much of SharePoint functionality as you can to SharePoint in Microsoft 365. See [SharePoint hybrid](/sharepoint/hybrid/hybrid) to learn about and plan for a hybrid implementation.
-
-### Migrate to SharePoint in Microsoft 365
-
-You can use the SharePoint Migration Tool (SPMT) to migrate your sites and content to SharePoint in Microsoft 365. We have an extensive library of content that can help you plan ahead, perform your migration, and troubleshoot any issues you may come across. [Overview of the SharePoint Migration Tool](/sharepointmigration/introducing-the-sharepoint-migration-tool) is a good place to start.
-
-### Upgrade to SharePoint Server Subscription Edition
-
-Even though there isn't a direct path to upgrade from SharePoint 2013 to the Subscription Edition, this still is the second best option. The primary reason is that SharePoint Server Subscription Edition introduces a continuous update model that eliminates the need to release new major versions of SharePoint Server going forward.
-
-To upgrade to Subscription Edition, you must be running SharePoint Server 2016 or 2019. Since there also isn't a direct path from SharePoint 2013 to 2019 either, your best option is to upgrade to 2016 first and then upgrade to Subscription Edition. See the links below to learn more about and plan your upgrade to Subscription Edition:
--- [Upgrade to SharePoint Server 2016](/sharepoint/upgrade-and-update/upgrade-to-sharepoint-server-2016)-- [Upgrade to SharePoint Server Subscription Edition](/sharepoint/upgrade-and-update/upgrade-to-sharepoint-server-subscription-edition)-
-Even if you have a need to maintain an on-premises SharePoint deployment, we recommend that you migrate parts of your sites or content to Microsoft 365 with [SharePoint hybrid](/sharepoint/hybrid/hybrid) implementation to start taking advantage of the modern collaboration experiences, security and compliance features in Microsoft 365.
-
-### Upgrade to SharePoint Server 2016 or 2019
-
-Both SharePoint Server 2016 and 2019 are supported platforms if you plan to maintain your on-premises SharePoint deployment beyond the end of support for 2013. However, **both versions will reach end of support on July 14, 2026**. This means that you will need to plan another upgrade within 3 years after the end of support date for 2013. Here are the support lifecycle pages for both products:
--- [SharePoint Server 2016 support lifecycle dates](/lifecycle/products/sharepoint-server-2016)-- [SharePoint Server 2019 support lifecycle dates](/lifecycle/products/sharepoint-server-2019)-
-To learn more and plan your upgrade, see the following articles:
--- [Upgrade to SharePoint Server 2016](/sharepoint/upgrade-and-update/upgrade-to-sharepoint-server-2016)-- [Upgrade to SharePoint Server 2019](/sharepoint/upgrade-and-update/upgrade-to-sharepoint-server-2019)-
-Even if you have a need to maintain an on-premises SharePoint deployment, we recommend that you migrate parts of your sites or content to Microsoft 365 with [SharePoint hybrid](/sharepoint/hybrid/hybrid) implementation to start taking advantage of the modern collaboration experiences, security and compliance features in Microsoft 365.
enterprise Upgrade Office 2013 Clients Servers https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/upgrade-office-2013-clients-servers.md
- Title: "Resources to help you upgrade from Office 2013 clients and servers"--- Previously updated : 04/05/2022---
-description: Plan your upgrade from Office 2013 clients and servers, because support ends on April 11, 2023.
--
-# Resources to help you upgrade from Office 2013 clients and servers
-
-If you're using Office 2013 clients and servers, be aware that ***support ends on April 11, 2023***. If you haven't already begun to upgrade from them to newer versions, we recommend you start now.
-
-As you plan your upgrade, consider moving to Microsoft 365.
--- Microsoft 365 has cloud-based services, such as Exchange Online, SharePoint, and Teams.--- Microsoft 365 Apps for enterprise provides Office client apps that you can install on local devices. The apps are updated regularly from the Microsoft cloud with new productivity and security features.-
-## Upgrade planning resources
-
-The following table provides links to planning resources to help you upgrade from these Office 2013 clients and servers.
-
-|Product|Planning resource|
-|||
-|Office 2013 (desktop apps)<br/>Project 2013<br/>Visio 2013|[Plan an upgrade from older versions of Office to Microsoft 365 Apps](/deployoffice/endofsupport/plan-upgrade-older-versions-office)|
-|Exchange Server 2013|[Exchange 2013 end of support roadmap](exchange-2013-end-of-support.md)|
-|SharePoint Server 2013 <br/> SharePoint Foundation 2013|[Upgrading from SharePoint 2013](upgrade-from-sharepoint-2013.md)|
-|Project Server 2013|[Project Server 2013 end of support roadmap](project-server-2013-end-of-support.md)|
-|Lync Server 2013|[Upgrading from Lync Server 2013](upgrade-from-lync-2013.md)|
-
-We also recommend business and enterprise customers use the deployment benefits provided by Microsoft and Microsoft Certified Partners, including [Microsoft FastTrack](https://www.microsoft.com/fasttrack) for cloud migrations.
-
-> [!NOTE]
-> If you use Office 2013 products and applications at home, [review this information](plan-upgrade-previous-versions-office.md#im-a-home-user-what-do-i-do) for your upgrade choices.
-
-## Related articles
--- [Microsoft Lifecycle Policy](/lifecycle/)-- [Plan your upgrade from Office 2007 or Office 2010 servers and clients](plan-upgrade-previous-versions-office.md)
enterprise Use Lean Popouts To Reduce Memory Used When Reading Mail Messages https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/use-lean-popouts-to-reduce-memory-used-when-reading-mail-messages.md
- Title: "Use lean popouts to reduce memory used when reading mail messages"--- Previously updated : 12/3/2019---- MET150-- NOCSH
-description: This article contains information for using lean popouts to improve message download performance in Outlook on the web.
----
-# Use lean popouts to reduce memory used when reading mail messages
-
-This article contains information for improving message download performance in Outlook on the web. This article is part of the [Network planning and performance tuning for Office 365](./network-planning-and-performance.md) project.
-
-As an Office 365 **Application Admin**, **Global admin**, or **User Admin**, you can configure Outlook on the web to deliver _lean popouts_, a smaller, less memory-intensive version of certain email messages in Microsoft Edge or Internet Explorer. When lean popouts are configured for Outlook on the web, server-side rendered components are loaded that optimize performance.
-
-> [!NOTE]
-> As of March 2018, lean popouts are not available for messages that specify usage rights restrictions, such as Information Rights Management (IRM).
-
-These features will continue to work in the main window but are not available in lean popouts:
-
-- Outlook add-ins
-
-- Skype for Business presence
-
-## To configure lean popouts for all users within your Office 365 organization
-
-1. [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell).
-
-2. Run the [Set-OrganizationConfig](/powershell/module/exchange/set-organizationconfig) cmdlet with the LeanPopoutEnabled parameter as follows:
-
- ```powershell
- Set-OrganizationConfig -LeanPopoutEnabled <$true |$false >
- ```
-
- For example, to enable lean popouts for all users in your organization:
-
- ```powershell
- Set-OrganizationConfig -LeanPopoutEnabled $true
- ```
-
- To disable lean popouts for all users in your organization:
-
- ```powershell
- Set-OrganizationConfig -LeanPopoutEnabled $false
- ```
loop Loop Compliance Summary https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/loop/loop-compliance-summary.md
Where the loop content was originally created determines its storage location:
|Admin Management: Loop workspaces |n/a|See [Admin Management of Loop workspaces](#admin-management-of-loop-workspaces) for a list of capabilities that are available and also not yet available.| |Admin Management: Recycle bin |End user Recycle bin for deleted content.|End user Recycle bin for deleted content. <br><br>**Not Yet Available**: <br>End user Recycle bin for deleted Loop workspaces.| |Audit: Version history |**Version History** [export in Purview](/purview/ediscovery-export-search-results#step-1-prepare-search-results-for-export) or via [Graph API](/graph/api/driveitem-get-content-format).|**Version History** [export in Purview](/purview/ediscovery-export-search-results#step-1-prepare-search-results-for-export). <br><br>**Not Yet Available**: <br>API access to Loop workspace containers - this impacts third party export and eDiscovery tools.|
-|Audit: logs and events |**Audit** logs for all events: search and export Microsoft 365 service events for security and compliance investigations <ol><li>use the [compliance admin center](https://compliance.microsoft.com/auditlogsearch)<li>search audit logs for "loop" or "fluid"<li>further filter exported results by "SourceFileExtension":"loop" or "SourceFileExtension":"fluid"|**Audit** logs for all events: search and export Microsoft 365 service events for security and compliance investigations <ol><li>use the [compliance admin center](https://compliance.microsoft.com/auditlogsearch)<li>search audit logs for Loop ApplicationID `a187e399-0c36-4b98-8f04-1edc167a0996`|
+|Audit: logs and events |**Audit** logs for all events: search and export Microsoft 365 service events for security and compliance investigations <ol><li>use the [compliance admin center](https://compliance.microsoft.com/auditlogsearch)<li>search audit logs for "loop" or "loot" or "fluid"<li>further filter exported results by "SourceFileExtension":"loop" or "SourceFileExtension":"loot" (templates) or "SourceFileExtension":"fluid" (deprecated)|**Audit** logs for all events: search and export Microsoft 365 service events for security and compliance investigations <ol><li>use the [compliance admin center](https://compliance.microsoft.com/auditlogsearch)<li>search audit logs for Loop ApplicationID `a187e399-0c36-4b98-8f04-1edc167a0996`</ol>Note: Loop workspaces create and update .pod files to manage content in the workspace.|
|Audit: log access |**Audit** logs are retained, can be exported, and can be streamed to third party tools|**Audit** logs are retained, can be exported, and can be streamed to third party tools| |Legal Hold and eDiscovery: Purview |Microsoft **[Purview eDiscovery](/microsoft-365/loop/loop-components-teams#do-loop-and-fluid-files-support-ediscovery)** supports search and collection, review (premium only), and export (premium only) as HTML or original. You can also download and re-upload the files to any OneDrive to view them in their native format.|Microsoft **[Purview eDiscovery](/microsoft-365/loop/loop-components-teams#do-loop-and-fluid-files-support-ediscovery)** supports search and collection, review (premium only), and export (premium only) as HTML or original. You can also download and re-upload the files to any OneDrive to view them in their native format.| |Legal Hold and eDiscovery: Export |Microsoft **[Graph API](/graph/api/driveitem-get-content-format)** export support.|**Not Yet Available**: <br>API access to Loop workspace containers - this impacts third party export and eDiscovery tools.|
security Alerts Queue https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/alerts-queue.md
On the top navigation you can:
- Export the alerts list to excel - Manage Alerts ## Sort and filter alerts
security Analyzer Feedback https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/analyzer-feedback.md
If you have feedback or suggestions that would help us improve the Microsoft Def
1. Microsoft Defender portal (security.microsoft.com): 2. Microsoft Defender portal (security.microsoft.com): [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../../includes/defender-mde-techcommunity.md)]
security Analyzer Report https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/analyzer-report.md
Use the following example to understand the report.
Example output from the analyzer on a machine onboarded to expired Org ID and failing to reach one of the required Microsoft Defender for Endpoint URLs: - On top, the script version and script runtime are listed for reference - The **Device Information** section provides basic OS and device identifiers to uniquely identify the device on which the analyzer has run. - The **Endpoint Security Details** provides general information about Microsoft Defender for Endpoint-related processes including Microsoft Defender Antivirus and the sensor process. If important processes aren't online as expected, the color will change to red.
- :::image type="content" source="images/85f56004dc6bd1679c3d2c063e36cb80.png" alt-text="The Check Results Summary page" lightbox="images/85f56004dc6bd1679c3d2c063e36cb80.png":::
+ :::image type="content" source="media/85f56004dc6bd1679c3d2c063e36cb80.png" alt-text="The Check Results Summary page" lightbox="media/85f56004dc6bd1679c3d2c063e36cb80.png":::
- On **Check Results Summary**, you'll have an aggregated count for error, warning, or informational events detected by the analyzer.
Use the following example to understand the report.
To include analyzer result files [when opening a support ticket](contact-support.md#open-a-service-request), make sure you use the **Attachments** section and include the `MDEClientAnalyzerResult.zip` file: > [!NOTE] > If the file size is larger than 25 MB, the support engineer assigned to your case will provide a dedicated secure workspace to upload large files for analysis.
security Android Configure Mam https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/android-configure-mam.md
End users also need to take steps to install Microsoft Defender for Endpoint on
c. Select **Save**.
- :::image type="content" source="images/app-settings.png" alt-text="The application settings pane in the Microsoft Defender portal." lightbox="images/app-settings.png":::
+ :::image type="content" source="media/app-settings.png" alt-text="The application settings pane in the Microsoft Defender portal." lightbox="media/app-settings.png":::
- **Create an app protection policy**.
security Android Configure https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/android-configure.md
Network protection in Microsoft Defender for endpoint is disabled by default. Ad
1. In the Microsoft Intune admin center, navigate to Apps > App configuration policies. Create a new App configuration policy. > [!div class="mx-imgBorder"]
- > ![Image of how to create a policy.](images/android-mem.png)
+ > ![Image of how to create a policy.](media/android-mem.png)
1. Provide a name and description to uniquely identify the policy. Select **'Android Enterprise'** as the platform and **'Personally-owned work profile only'** as the profile type and **'Microsoft Defender'** as the Targeted app. > [!div class="mx-imgBorder"]
- > ![Image of policy details.](images/appconfigdetails.png)
+ > ![Image of policy details.](media/appconfigdetails.png)
1. In Settings page, select **'Use configuration designer'** and add **'Enable Network Protection in Microsoft Defender'** as the key and value as **'1'** to enable Network Protection. (Network protection is disabled by default)
security Android Intune https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/android-intune.md
Learn how to deploy Defender for Endpoint on Android with Microsoft Intune Compa
> [!NOTE] > The selected user group should consist of Intune enrolled users. >
- > :::image type="content" source="images/363bf30f7d69a94db578e8af0ddd044b.png" alt-text="The Add group pane in the Add App page in the Microsoft Intune admin center portal" lightbox="images/363bf30f7d69a94db578e8af0ddd044b.png":::
+ > :::image type="content" source="media/363bf30f7d69a94db578e8af0ddd044b.png" alt-text="The Add group pane in the Add App page in the Microsoft Intune admin center portal" lightbox="media/363bf30f7d69a94db578e8af0ddd044b.png":::
4. In the **Review+Create** section, verify that all the information entered is correct and then select **Create**. In a few moments, the Defender for Endpoint app would be created successfully, and a notification would show up at the top-right corner of the page.
- :::image type="content" source="images/86cbe56f88bb6e93e9c63303397fc24f.png" alt-text="The application status pane in the Microsoft Intune admin center portal" lightbox="images/86cbe56f88bb6e93e9c63303397fc24f.png":::
+ :::image type="content" source="media/86cbe56f88bb6e93e9c63303397fc24f.png" alt-text="The application status pane in the Microsoft Intune admin center portal" lightbox="media/86cbe56f88bb6e93e9c63303397fc24f.png":::
5. In the app information page that is displayed, in the **Monitor** section, select **Device install status** to verify that the device installation has completed successfully.
- :::image type="content" source="images/513cf5d59eaaef5d2b5bc122715b5844.png" alt-text="The Device install status page in the Microsoft Defender 365 portal" lightbox="images/513cf5d59eaaef5d2b5bc122715b5844.png":::
+ :::image type="content" source="media/513cf5d59eaaef5d2b5bc122715b5844.png" alt-text="The Device install status page in the Microsoft Defender 365 portal" lightbox="media/513cf5d59eaaef5d2b5bc122715b5844.png":::
### Complete onboarding and check status 1. Once Defender for Endpoint on Android has been installed on the device, you'll see the app icon.
- :::image type="content" source="images/7cf9311ad676ec5142002a4d0c2323ca.jpg" alt-text="The Microsoft Defender ATP icon listed in the Search pane" lightbox="images/7cf9311ad676ec5142002a4d0c2323ca.jpg":::
+ :::image type="content" source="media/7cf9311ad676ec5142002a4d0c2323ca.jpg" alt-text="The Microsoft Defender ATP icon listed in the Search pane" lightbox="media/7cf9311ad676ec5142002a4d0c2323ca.jpg":::
2. Tap the Microsoft Defender for Endpoint app icon and follow the on-screen instructions to complete onboarding the app. The details include end-user acceptance of Android permissions required by Defender for Endpoint on Android. 3. Upon successful onboarding, the device will start showing up on the Devices list in the Microsoft Defender portal.
- :::image type="content" source="images/9fe378a1dce0f143005c3aa53d8c4f51.png" alt-text="A device in the Microsoft Defender for Endpoint portal" lightbox="images/9fe378a1dce0f143005c3aa53d8c4f51.png":::
+ :::image type="content" source="media/9fe378a1dce0f143005c3aa53d8c4f51.png" alt-text="A device in the Microsoft Defender for Endpoint portal" lightbox="media/9fe378a1dce0f143005c3aa53d8c4f51.png":::
## Deploy on Android Enterprise enrolled devices
Follow the steps below to add Microsoft Defender for Endpoint app into your mana
1. In [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \> **Android Apps** \> **Add** and select **Managed Google Play app**.
- :::image type="content" source="images/579ff59f31f599414cedf63051628b2e.png" alt-text="The application-adding pane in the Microsoft Intune admin center portal" lightbox="images/579ff59f31f599414cedf63051628b2e.png":::
+ :::image type="content" source="media/579ff59f31f599414cedf63051628b2e.png" alt-text="The application-adding pane in the Microsoft Intune admin center portal" lightbox="media/579ff59f31f599414cedf63051628b2e.png":::
2. On your managed Google Play page that loads subsequently, go to the search box and enter `Microsoft Defender`. Your search should display the Microsoft Defender for Endpoint app in your Managed Google Play. Click on the Microsoft Defender for Endpoint app from the Apps search result.
- :::image type="content" source="images/0f79cb37900b57c3e2bb0effad1c19cb.png" alt-text="The Managed Google Play page in the Microsoft Intune admin center portal" lightbox="images/0f79cb37900b57c3e2bb0effad1c19cb.png":::
+ :::image type="content" source="media/0f79cb37900b57c3e2bb0effad1c19cb.png" alt-text="The Managed Google Play page in the Microsoft Intune admin center portal" lightbox="media/0f79cb37900b57c3e2bb0effad1c19cb.png":::
3. In the App description page that comes up next, you should be able to see app details on Defender for Endpoint. Review the information on the page and then select **Approve**. > [!div class="mx-imgBorder"]
- > :::image type="content" source="images/07e6d4119f265037e3b80a20a73b856f.png" alt-text="The page of Managed Google Play in the Microsoft Intune admin center portal" lightbox="images/07e6d4119f265037e3b80a20a73b856f.png":::
+ > :::image type="content" source="media/07e6d4119f265037e3b80a20a73b856f.png" alt-text="The page of Managed Google Play in the Microsoft Intune admin center portal" lightbox="media/07e6d4119f265037e3b80a20a73b856f.png":::
4. You'll be presented with the permissions that Defender for Endpoint obtains for it to work. Review them and then select **Approve**.
- :::image type="content" source="images/206b3d954f06cc58b3466fb7a0bd9f74.png" alt-text="The permissions approval page in the Microsoft Defender 365 portal" lightbox="images/206b3d954f06cc58b3466fb7a0bd9f74.png":::
+ :::image type="content" source="media/206b3d954f06cc58b3466fb7a0bd9f74.png" alt-text="The permissions approval page in the Microsoft Defender 365 portal" lightbox="media/206b3d954f06cc58b3466fb7a0bd9f74.png":::
5. You'll be presented with the Approval settings page. The page confirms your preference to handle new app permissions that Defender for Endpoint on Android might ask. Review the choices and select your preferred option. Select **Done**.
Follow the steps below to add Microsoft Defender for Endpoint app into your mana
6. After the permissions handling selection is made, select **Sync** to sync Microsoft Defender for Endpoint to your apps list. > [!div class="mx-imgBorder"]
- > :::image type="content" source="images/34e6b9a0dae125d085c84593140180ed.png" alt-text="The Sync pane in the Microsoft Defender 365 portal" lightbox="images/34e6b9a0dae125d085c84593140180ed.png":::
+ > :::image type="content" source="media/34e6b9a0dae125d085c84593140180ed.png" alt-text="The Sync pane in the Microsoft Defender 365 portal" lightbox="media/34e6b9a0dae125d085c84593140180ed.png":::
7. The sync will complete in a few minutes.
- :::image type="content" source="images/9fc07ffc150171f169dc6e57fe6f1c74.png" alt-text="The application sync status pane in the Android apps page in the Microsoft Defender 365 portal" lightbox="images/9fc07ffc150171f169dc6e57fe6f1c74.png":::
+ :::image type="content" source="media/9fc07ffc150171f169dc6e57fe6f1c74.png" alt-text="The application sync status pane in the Android apps page in the Microsoft Defender 365 portal" lightbox="media/9fc07ffc150171f169dc6e57fe6f1c74.png":::
8. Select the **Refresh** button in the Android apps screen and Microsoft Defender for Endpoint should be visible in the apps list.
Follow the steps below to add Microsoft Defender for Endpoint app into your mana
1. In the **Apps** page, go to **Policy > App configuration policies > Add > Managed devices**.
- :::image type="content" source="images/android-mem.png" alt-text="The App configuration policies pane in the Microsoft Intune admin center portal" lightbox="images/android-mem.png":::
+ :::image type="content" source="media/android-mem.png" alt-text="The App configuration policies pane in the Microsoft Intune admin center portal" lightbox="media/android-mem.png":::
1. In the **Create app configuration policy** page, enter the following details:
Follow the steps below to add Microsoft Defender for Endpoint app into your mana
- Choose **Personally-owned Work Profile only** or **Fully Managed, Dedicated, and Corporate-owned work profile only** as Profile Type. - Click **Select App**, choose **Microsoft Defender**, select **OK** and then **Next**.
- :::image type="content" source="images/android-create-app.png" alt-text=" Screenshot of the Associated app details pane." lightbox="images/android-create-app.png":::
+ :::image type="content" source="media/android-create-app.png" alt-text=" Screenshot of the Associated app details pane." lightbox="media/android-create-app.png":::
1. Select **Permissions** \> **Add**. From the list, select the available app permissions \> **OK**. 1. Select an option for each permission to grant with this policy:
Follow the steps below to add Microsoft Defender for Endpoint app into your mana
1. In the **Assignments** page, select the user group to which this app config policy would be assigned. Click **Select groups to include** and selecting the applicable group and then selecting **Next**. The group selected here is usually the same group to which you would assign Microsoft Defender for Endpoint Android app.
- :::image type="content" source="images/android-select-group.png" alt-text="The Selected groups pane" lightbox="images/android-select-group.png":::
+ :::image type="content" source="media/android-select-group.png" alt-text="The Selected groups pane" lightbox="media/android-select-group.png":::
1. In the **Review + Create** page that comes up next, review all the information and then select **Create**.
Defender for Endpoint supports Device configuration policies for managed devices
Select **Create**.
- :::image type="content" source="images/1autosetupofvpn.png" alt-text="The Configuration profiles menu item in the Policy pane" lightbox="images/1autosetupofvpn.png":::
+ :::image type="content" source="media/1autosetupofvpn.png" alt-text="The Configuration profiles menu item in the Policy pane" lightbox="media/1autosetupofvpn.png":::
2. **Configuration Settings** Provide a **Name** and a **Description** to uniquely identify the configuration profile.
- :::image type="content" source="images/2autosetupofvpn.png" alt-text="The devices configuration profile Name and Description fields in the Basics pane" lightbox="images/2autosetupofvpn.png":::
+ :::image type="content" source="media/2autosetupofvpn.png" alt-text="The devices configuration profile Name and Description fields in the Basics pane" lightbox="media/2autosetupofvpn.png":::
3. Select **Connectivity** and configure VPN:
Defender for Endpoint supports Device configuration policies for managed devices
- **Lockdown mode** Not configured (Default)
- :::image type="content" source="images/3autosetupofvpn.png" alt-text="The Connectivity pane under the Configuration settings tab" lightbox="images/3autosetupofvpn.png":::
+ :::image type="content" source="media/3autosetupofvpn.png" alt-text="The Connectivity pane under the Configuration settings tab" lightbox="media/3autosetupofvpn.png":::
4. **Assignment** In the **Assignments** page, select the user group to which this app config policy would be assigned. Choose **Select groups** to include and selecting the applicable group and then select **Next**. The group selected here is usually the same group to which you would assign Microsoft Defender for Endpoint Android app.
- :::image type="content" source="images/4autosetupofvpn.png" alt-text="Screenshot of the devices configuration profile Assignment pane in the Device restrictions." lightbox="images/4autosetupofvpn.png":::
+ :::image type="content" source="media/4autosetupofvpn.png" alt-text="Screenshot of the devices configuration profile Assignment pane in the Device restrictions." lightbox="media/4autosetupofvpn.png":::
5. In the **Review + Create** page that comes up next, review all the information and then select **Create**. The device configuration profile is now assigned to the selected user group.
- :::image type="content" source="images/5autosetupofvpn.png" alt-text="A devices configuration profile 's provision for Review + create" lightbox="images/5autosetupofvpn.png":::
+ :::image type="content" source="media/5autosetupofvpn.png" alt-text="A devices configuration profile 's provision for Review + create" lightbox="media/5autosetupofvpn.png":::
## Check status and complete onboarding 1. Confirm the installation status of Microsoft Defender for Endpoint on Android by clicking on the **Device Install Status**. Verify that the device is displayed here. > [!div class="mx-imgBorder"]
- > :::image type="content" source="images/900c0197aa59f9b7abd762ab2b32e80c.png" alt-text="The device installation status pane" lightbox="images/900c0197aa59f9b7abd762ab2b32e80c.png":::
+ > :::image type="content" source="media/900c0197aa59f9b7abd762ab2b32e80c.png" alt-text="The device installation status pane" lightbox="media/900c0197aa59f9b7abd762ab2b32e80c.png":::
2. On the device, you can validate the onboarding status by going to the **work profile**. Confirm that Defender for Endpoint is available and that you are enrolled to the **Personally owned devices with work profile**. If you are enrolled to a **Corporate-owned, fully managed user device**, you will have a single profile on the device where you can confirm that Defender for Endpoint is available.
The device configuration profile is now assigned to the selected user group.
4. At this stage the device is successfully onboarded onto Defender for Endpoint on Android. You can verify this on the [Microsoft Defender portal](https://security.microsoft.com) by navigating to the **Device Inventory** page.
- :::image type="content" source="images/9fe378a1dce0f143005c3aa53d8c4f51.png" alt-text="The Microsoft Defender for Endpoint portal" lightbox="images/9fe378a1dce0f143005c3aa53d8c4f51.png":::
+ :::image type="content" source="media/9fe378a1dce0f143005c3aa53d8c4f51.png" alt-text="The Microsoft Defender for Endpoint portal" lightbox="media/9fe378a1dce0f143005c3aa53d8c4f51.png":::
## Set up Microsoft Defender in Personal Profile on Android Enterprise in BYOD mode
Admins can go to the [Microsoft Endpoint Management admin center](https://endpoi
1. Go to **Apps> App configuration policies** and click on **Add**. Select **Managed Devices**. > [!div class="mx-imgBorder"]
- > ![Image of adding app configuration policy.](images/addpolicy.png)
+ > ![Image of adding app configuration policy.](media/addpolicy.png)
1. Enter **Name** and **Description** to uniquely identify the configuration policy. Select platform as **'Android Enterprise'**, Profile type as **'Personally-owned work profile only'** and Targeted app as **'Microsoft Defender'**.
Admins can go to the [Microsoft Endpoint Management admin center](https://endpoi
1. On the settings page, in **'Configuration settings format'**, select **'Use configuration designer'** and click on **Add**. From the list of configurations that are displayed, select **'Microsoft Defender in Personal profile'**. > [!div class="mx-imgBorder"]
- > ![Image of configuring personal profile.](images/addconfiguration.png)
+ > ![Image of configuring personal profile.](media/addconfiguration.png)
1. The selected configuration will be listed. Change the **configuration value to 1** to enable Microsoft Defender support personal profiles. A notification will appear informing the admin about the same. Click on **Next**.
security Android Support Signin https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/android-support-signin.md
from Google Play Store and try again.
**Sign in failed:** *Invalid license, contact administrator* **Message:** *Invalid license, contact administrator*
Phishing websites impersonate trustworthy websites for obtaining your personal o
Phishing and harmful web threats detected by Defender for Endpoint for Android aren't blocked on some Xiaomi devices. The following functionality doesn't work on these devices. **Cause:**
Xiaomi devices include a new permission model. This permission model prevents De
Xiaomi devices permission: "Display pop-up windows while running in the background." **Solution:**
security Api Microsoft Flow https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/api-microsoft-flow.md
Automating security procedures is a standard requirement for every modern Securi
Use this article to guide you in creating automations that are triggered by an event, such as when a new alert is created in your tenant. Microsoft Defender API has an official Power Automate Connector with many capabilities. > [!NOTE] > For more information about premium connectors licensing prerequisites, see [Licensing for premium connectors](/power-automate/triggers-introduction#licensing-for-premium-connectors).
The following example demonstrates how to create a Flow that is triggered anytim
2. Go to **My flows** \> **New** \> **Automated-from blank**.
- :::image type="content" source="images/api-flow-1.png" alt-text="The New flow pane under My flows menu item in the Microsoft Defender 365 portal" lightbox="images/api-flow-1.png":::
+ :::image type="content" source="media/api-flow-1.png" alt-text="The New flow pane under My flows menu item in the Microsoft Defender 365 portal" lightbox="media/api-flow-1.png":::
3. Choose a name for your Flow, search for "Microsoft Defender ATP Triggers" as the trigger, and then select the new Alerts trigger.
- :::image type="content" source="images/api-flow-2.png" alt-text=" The Choose your flow's trigger section in the Microsoft Defender 365 portal" lightbox="images/api-flow-2.png" :::
+ :::image type="content" source="media/api-flow-2.png" alt-text=" The Choose your flow's trigger section in the Microsoft Defender 365 portal" lightbox="media/api-flow-2.png" :::
Now you have a Flow that is triggered every time a new Alert occurs. All you need to do now is choose your next steps. For example, you can isolate the device if the Severity of the Alert is High and send an email about it.
The Alert trigger provides only the Alert ID and the Machine ID. You can use the
3. Set the **Alert ID** from the last step as **Input**.
- :::image type="content" source="images/api-flow-4.png" alt-text="The Alerts pane" lightbox="images/api-flow-4.png":::
+ :::image type="content" source="media/api-flow-4.png" alt-text="The Alerts pane" lightbox="media/api-flow-4.png":::
### Isolate the device if the Alert's severity is High
The Alert trigger provides only the Alert ID and the Machine ID. You can use the
If yes, add the **Microsoft Defender ATP - Isolate machine** action with the Machine ID and a comment.
- :::image type="content" source="images/api-flow-5.png" alt-text="The Actions pane" lightbox="images/api-flow-5.png":::
+ :::image type="content" source="media/api-flow-5.png" alt-text="The Actions pane" lightbox="media/api-flow-5.png":::
3. Add a new step for emailing about the Alert and the Isolation. There are multiple email connectors that are easy to use, such as Outlook or Gmail.
security Api Hello World https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/api/api-hello-world.md
For the Application registration stage, you must have a **Global administrator**
> [!NOTE] > WindowsDefenderATP does not appear in the original list. You need to start writing its name in the text box to see it appear.
- :::image type="content" source="../images/add-permission.png" alt-text="The API permissions option under the Manage pane in the Microsoft Entra admin center" lightbox="../images/add-permission.png":::
+ :::image type="content" source="../media/add-permission.png" alt-text="The API permissions option under the Manage pane in the Microsoft Entra admin center" lightbox="../media/add-permission.png":::
- Choose **Application permissions** \> **Alert.Read.All** > Click on **Add permissions**.
- :::image type="content" source="../images/application-permissions.png" alt-text="The permission type and settings panes in the Request API permissions page" lightbox="../images/application-permissions.png":::
+ :::image type="content" source="../media/application-permissions.png" alt-text="The permission type and settings panes in the Request API permissions page" lightbox="../media/application-permissions.png":::
> [!IMPORTANT] > You need to select the relevant permissions. 'Read All Alerts' is only an example!
For the Application registration stage, you must have a **Global administrator**
On your application page, go to **Overview** and copy the following:
- :::image type="content" source="../images/app-and-tenant-ids.png" alt-text="The application details pane under the Overview menu item in the Microsoft Entra admin center" lightbox="../images/app-and-tenant-ids.png":::
+ :::image type="content" source="../media/app-and-tenant-ids.png" alt-text="The application details pane under the Overview menu item in the Microsoft Entra admin center" lightbox="../media/app-and-tenant-ids.png":::
Done! You have successfully registered an application!
Done! You have successfully registered an application!
- Paste in the top box. - Look for the "roles" section. Find the _Alert.Read.All_ role.
- :::image type="content" source="../images/api-jwt-ms.png" alt-text="The Decoded Token pane for jwt.ms" lightbox="../images/api-jwt-ms.png":::
+ :::image type="content" source="../media/api-jwt-ms.png" alt-text="The Decoded Token pane for jwt.ms" lightbox="../media/api-jwt-ms.png":::
### Let's get the Alerts!
security Exposed Apis Create App Nativeapp https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/api/exposed-apis-create-app-nativeapp.md
This page explains how to create a Microsoft Entra application, get an access to
> [!NOTE] > *WindowsDefenderATP* does not appear in the original list. Start writing its name in the text box to see it appear.
- :::image type="content" alt-text="add permission." source="../images/add-permission.png" lightbox="../images/add-permission.png":::
+ :::image type="content" alt-text="add permission." source="../media/add-permission.png" lightbox="../media/add-permission.png":::
- Choose **Delegated permissions** \> **Alert.Read** > select **Add permissions**.
- :::image type="content" source="../images/application-permissions-public-client.png" alt-text="The application type and permissions panes" lightbox="../images/application-permissions-public-client.png":::
+ :::image type="content" source="../media/application-permissions-public-client.png" alt-text="The application type and permissions panes" lightbox="../media/application-permissions-public-client.png":::
> [!IMPORTANT] > Select the relevant permissions. Read alerts is only an example.
This page explains how to create a Microsoft Entra application, get an access to
On your application page, go to **Overview** and copy the following information:
- :::image type="content" source="../images/app-and-tenant-ids.png" alt-text="The created app ID" lightbox="../images/app-and-tenant-ids.png":::
+ :::image type="content" source="../media/app-and-tenant-ids.png" alt-text="The created app ID" lightbox="../media/app-and-tenant-ids.png":::
## Get an access token
security Exposed Apis Create App Partners https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/api/exposed-apis-create-app-partners.md
The following steps guide you how to create a Microsoft Entra application, get a
- Note that *WindowsDefenderATP* doesn't appear in the original list. Start writing its name in the text box to see it appear.
- :::image type="content" source="../images/add-permission.png" alt-text="The Add a permission option" lightbox="../images/add-permission.png":::
+ :::image type="content" source="../media/add-permission.png" alt-text="The Add a permission option" lightbox="../media/add-permission.png":::
### Request API permissions
In the following example we use **'Read all alerts'** permission:
1. Choose **Application permissions** \> **Alert.Read.All** > select on **Add permissions**
- :::image type="content" source="../images/application-permissions.png" alt-text="The option that allows to add a permission" lightbox="../images/application-permissions.png":::
+ :::image type="content" source="../media/application-permissions.png" alt-text="The option that allows to add a permission" lightbox="../media/application-permissions.png":::
2. Select **Grant consent**
In the following example we use **'Read all alerts'** permission:
- On your application page, go to **Overview** and copy the following information:
- :::image type="content" source="../images/app-id.png" alt-text="The create application's ID" lightbox="../images/app-id.png":::
+ :::image type="content" source="../media/app-id.png" alt-text="The create application's ID" lightbox="../media/app-id.png":::
5. Add the application to your customer's tenant.
In the following example we use **'Read all alerts'** permission:
After clicking on the consent link, sign in with the Global Administrator of the customer's tenant and consent the application.
- :::image type="content" source="../images/app-consent-partner.png" alt-text="The Accept button" lightbox="../images/app-consent-partner.png":::
+ :::image type="content" source="../media/app-consent-partner.png" alt-text="The Accept button" lightbox="../media/app-consent-partner.png":::
In addition, you'll need to ask your customer for their tenant ID and save it for future use when acquiring the token.
security Exposed Apis Create App Webapp https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/api/exposed-apis-create-app-webapp.md
This article explains how to create a Microsoft Entra application, get an access
> [!NOTE] > *WindowsDefenderATP* does not appear in the original list. Start writing its name in the text box to see it appear.
- :::image type="content" source="../images/add-permission.png" alt-text="The API permissions pane" lightbox="../images/add-permission.png":::
+ :::image type="content" source="../media/add-permission.png" alt-text="The API permissions pane" lightbox="../media/add-permission.png":::
Select **Application permissions** \> **Alert.Read.All**, and then select **Add permissions**.
- :::image type="content" source="../images/application-permissions.png" alt-text="The application permission information pane" lightbox="../images/application-permissions.png":::
+ :::image type="content" source="../media/application-permissions.png" alt-text="The application permission information pane" lightbox="../media/application-permissions.png":::
You need to select the relevant permissions. 'Read All Alerts' is only an example. For example:
This article explains how to create a Microsoft Entra application, get an access
7. Write down your application ID and your tenant ID. On your application page, go to **Overview** and copy the following.
- :::image type="content" source="../images/app-and-tenant-ids.png" alt-text="The created app and tenant IDs" lightbox="../images/app-and-tenant-ids.png":::
+ :::image type="content" source="../media/app-and-tenant-ids.png" alt-text="The created app and tenant IDs" lightbox="../media/app-and-tenant-ids.png":::
8. **For Microsoft Defender for Endpoint Partners only**. Set your app to be multi-tenanted (available in all tenants after consent). This is **required** for third-party apps (for example, if you create an app that is intended to run in multiple customers' tenant). This is **not required** if you create a service that you want to run in your tenant only (for example, if you create an application for your own usage that will only interact with your own data). To set your app to be multi-tenanted:
security Attack Surface Reduction Rules Deployment Test https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-test.md
On the Configurations tab, you can check, on a per-device basis, which attack su
The **Get started** link opens the Microsoft Intune admin center, where you can create or modify an endpoint protection policy for attack surface reduction: > [!div class="mx-imgBorder"]
-> :::image type="content" source="images/asr-defender365-05b-mem1.png" alt-text="The *Endpoint security menu item on the Overview page" lightbox="images/asr-defender365-05b-mem1.png":::
+> :::image type="content" source="media/asr-defender365-05b-mem1.png" alt-text="The *Endpoint security menu item on the Overview page" lightbox="media/asr-defender365-05b-mem1.png":::
In Endpoint security | Overview, select **Attack surface reduction**:
security Auto Investigation Action Center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/auto-investigation-action-center.md
The following table compares the new, unified Action center to the previous Acti
||| |Lists pending and completed actions for devices and email in one location <br/>([Microsoft Defender for Endpoint](microsoft-defender-endpoint.md) plus [Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/defender-for-office-365))|Lists pending and completed actions for devices <br/> ([Microsoft Defender for Endpoint](microsoft-defender-endpoint.md) only) | |Is located at:<br/>[https://security.microsoft.com/action-center](https://security.microsoft.com/action-center) |Is located at:<br/>[https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center) |
-| In the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a>, choose **Action center**. <p>:::image type="content" source="images/action-center-nav-new.png" alt-text="The navigation pane to the Action Center in the Microsoft Defender portal" lightbox="images/action-center-nav-new.png"::: | In the Microsoft Defender portal, choose **Automated investigations** > **Action center**. <p>:::image type="content" source="images/action-center-nav-old.png" alt-text="An older version of the navigation pane to the Action Center in the Microsoft Defender portal" lightbox="images/action-center-nav-old.png"::: |
+| In the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a>, choose **Action center**. <p>:::image type="content" source="media/action-center-nav-new.png" alt-text="The navigation pane to the Action Center in the Microsoft Defender portal" lightbox="media/action-center-nav-new.png"::: | In the Microsoft Defender portal, choose **Automated investigations** > **Action center**. <p>:::image type="content" source="media/action-center-nav-old.png" alt-text="An older version of the navigation pane to the Action Center in the Microsoft Defender portal" lightbox="media/action-center-nav-old.png"::: |
The unified Action center brings together remediation actions across Defender for Endpoint and Defender for Office 365. It defines a common language for all remediation actions, and provides a unified investigation experience.
security Behavioral Blocking Containment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/behavioral-blocking-containment.md
The threat turned out to be malware; it was a new, not-seen-before variant of a
Minutes after the alert was triggered, the file was analyzed, and confirmed to be malicious. Its process was stopped and blocked, as shown in the following image: A few minutes after the artifact was blocked, multiple instances of the same file were blocked on the same device, preventing more attackers or other malware from deploying on the device.
security Configure Device Connectivity https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-device-connectivity.md
When you're ready to set the default onboarding package to streamlined, you can
> Before moving forward with this option, validate that your environment is ready and all devices meet prerequisites. This setting sets the default onboarding package to 'streamlined' for applicable operating systems. You can still use the standard onboarding package within the onboarding page but you must specifically select it in the drop-down.
security Configure Server Endpoints https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-server-endpoints.md
Depending on the server that you're onboarding, the unified solution installs Mi
|Server version|AV|EDR| |-|-|-|
-|Windows Server 2012 R2|![Yes.](images/svg/check-yes.svg)|![Yes.](images/svg/check-yes.svg)|
-|Windows Server 2016|Built-in|![Yes.](images/svg/check-yes.svg)|
+|Windows Server 2012 R2|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|
+|Windows Server 2016|Built-in|![Yes.](media/svg/check-yes.svg)|
|Windows Server 2019 or later|Built-in|Built-in| If you've previously onboarded your servers using MMA, follow the guidance provided in [Server migration](server-migration.md) to migrate to the new solution.
security Data Collection Analyzer https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/data-collection-analyzer.md
Run `MDEClientAnalyzer.cmd /?` to see the list of available parameters and their
The analyzer, and all of the scenario flags listed in this article, can be initiated remotely by running `RemoteMDEClientAnalyzer.cmd`, which is also bundled into the analyzer toolset: > [!NOTE] > When any advanced troubleshooting parameter is used, the analyzer also calls into [MpCmdRun.exe](/microsoft-365/security/defender-endpoint/command-line-arguments-microsoft-defender-antivirus) to collect Microsoft Defender Antivirus related support logs.
security Data Storage Privacy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/data-storage-privacy.md
Title: Microsoft Defender for Endpoint data storage and privacy description: Learn about how Microsoft Defender for Endpoint handles privacy and data that it collects.---
+keywords: Microsoft Defender for Endpoint, data storage and privacy, storage, privacy, licensing, geolocation, data retention, data
+
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
++ ms.localizationpriority: medium-+ audience: ITPro - m365-security - tier2-- essentials-privacy-- essentials-compliance + search.appverid: met150 Last updated 08/07/2023 # Microsoft Defender for Endpoint data storage and privacy **Applies to:**
This section covers some of the most frequently asked questions regarding privac
## What data does Microsoft Defender for Endpoint collect?
-Microsoft Defender for Endpoint will collect information from your configured devices and store it in a customer-dedicated and segregated tenant specific to the service for administration, tracking, and reporting purposes.
+Microsoft Defender for Endpoint collects information from your configured devices and stores it in a customer-dedicated and segregated tenant specific to the service for administration, tracking, and reporting purposes.
Information collected includes file data (file names, sizes, and hashes), process data (running processes, hashes), registry data, network connection data (host IPs and ports), and device details (device identifiers, names, and the operating system version).
Microsoft doesn't use your data for advertising.
## Data protection and encryption
-The Defender for Endpoint service utilizes state-of-the-art data protection technologies which are based on Microsoft Azure infrastructure.
+The Defender for Endpoint service utilizes state-of-the-art data protection technologies, which are based on Microsoft Azure infrastructure.
There are various aspects relevant to data protection that our service takes care of. Encryption is one of the most critical aspects, and it includes data encryption at rest, encryption in flight, and key management with Key Vault. For more information on other technologies used by the Defender for Endpoint service, see [Azure encryption overview](/azure/security/security-azure-encryption-overview).
In all scenarios, data is encrypted using 256-bit [AES encryption](https://en.wi
## Data storage location
-Defender for Endpoint operates in the Microsoft Azure data centers in the European Union, the United Kingdom, the United States, or in Australia. Customer data collected by the service may be stored in: (a) the geo-location of the tenant as identified during provisioning or, (b) the geo-location as defined by the data storage rules of an online service if this online service is used by Defender for Endpoint to process such data. For more information, see [Where your Microsoft 365 customer data is stored](/microsoft-365/enterprise/o365-data-locations).
+Defender for Endpoint operates in the Microsoft Azure data centers in the European Union, the United Kingdom, the United States, or in Australia. Customer data collected by the service might be stored in: (a) the geo-location of the tenant as identified during provisioning or, (b) the geo-location as defined by the data storage rules of an online service if this online service is used by Defender for Endpoint to process such data. For more information, see [Where your Microsoft 365 customer data is stored](/microsoft-365/enterprise/o365-data-locations).
Customer data in pseudonymized form may also be stored in the central storage and processing systems in the United States.
Microsoft Defender for Endpoint shares data, including customer data, among the
- Microsoft Tunnel for Mobile Application Management - Android - Microsoft Defender for Cloud - Microsoft Defender for Identity
+- Microsoft Security Exposure Management (public preview)
## Is my data isolated from other customer data?
Microsoft developers and administrators have, by design, been given sufficient p
- Combinations of controls that greatly enhance independent detection of malicious activity - Multiple levels of monitoring, logging, and reporting
-Additionally, Microsoft conducts background verification checks of certain operations personnel, and limits access to applications, systems, and network infrastructure in proportion to the level of background verification. Operations personnel follow a formal process when they are required to access a customer's account or related information in the performance of their duties.
+Additionally, Microsoft conducts background verification checks of certain operations personnel, and limits access to applications, systems, and network infrastructure in proportion to the level of background verification. Operations personnel follow a formal process when they're required to access a customer's account or related information in the performance of their duties.
Access to data for services deployed in Microsoft Azure Government data centers is only granted to operating personnel who have been screened and approved to handle data that's subject to certain government regulations and requirements, such as FedRAMP, NIST 800.171 (DIB), ITAR, IRS 1075, DoD L4, and CJIS.
No. Customer data is isolated from other customers and isn't shared. However, th
### At service onboarding
-Data from Microsoft Defender for Endpoint is retained for 180 days, visible across the portal. However, in the advanced hunting investigation experience, it's accessible via a query for a period of 30 days.
+Data from Microsoft Defender for Endpoint is retained for 180 days, visible across the portal. However, in the advanced hunting investigation experience, it's accessible via a query for 30 days.
### At contract termination or expiration
-Your data will be kept and will be available to you while the license is under grace period or suspended mode. At the end of this period, that data will be erased from Microsoft's systems to make it unrecoverable, no later than 180 days from contract termination or expiration.
+Your data is kept and is available to you while the license is under grace period or suspended mode. At the end of this period, that data will be erased from Microsoft's systems to make it unrecoverable, no later than 180 days from contract termination or expiration.
### Advanced Hunting data
security Defender Endpoint Antivirus Exclusions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/defender-endpoint-antivirus-exclusions.md
In cases where Defender for Endpoint indicators conflict, here's what to expect:
The following diagram shows how [automated investigation and remediation works with indicators](manage-indicators.md#automated-investigation-and-remediation-engine): ## Other server workloads and exclusions
security Defender Endpoint Trial User Guide https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/defender-endpoint-trial-user-guide.md
This playbook is a simple guide to help you make the most of your free trial. Us
<td><a href="microsoft-defender-endpoint.md#asr"><center><img src="images/asr-icon.png" alt="Attack surface reduction"><br><b>Attack surface reduction</b></center></a></td> <td><center><a href="microsoft-defender-endpoint.md#ngp"><img src="images/ngp-icon.png" alt="Next-generation protection"><br> <b>Next-generation protection</b></a></center></td> <td><center><a href="microsoft-defender-endpoint.md#edr"><img src="images/edr-icon.png" alt="Endpoint detection and response"><br> <b>Endpoint detection and response</b></a></center></td>
-<td><center><a href="microsoft-defender-endpoint.md#ai"><img src="images/air-icon.png" alt="Automated investigation and remediation"><br> <b>Automated investigation and remediation</b></a></center></td>
+<td><center><a href="microsoft-defender-endpoint.md#ai"><img src="media/air-icon.png" alt="Automated investigation and remediation"><br> <b>Automated investigation and remediation</b></a></center></td>
<td><center><a href="microsoft-defender-endpoint.md#mte"><img src="images/mte-icon.png" alt="Microsoft Threat Experts"><br> <b>Microsoft Threat Experts</b></a></center></td> </tr> <tr>
security Device Control Faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-control-faq.md
There is no configuration UX for **Define device control policy groups** and **D
You can run the PowerShell cmdlet `Get-MpComputerStatus` as an administrator. The following value will show whether the latest policy has been applied to the target machine. ## How can I know which machine is using out of date anti-malware client version in the organization?
security Device Discovery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-discovery.md
To assess these devices, you can use a filter in the device inventory list calle
- Unsupported: The endpoint was discovered in the network but isn't supported by Microsoft Defender for Endpoint. - Insufficient info: The system couldn't determine the supportability of the device. Enabling standard discovery on more devices in the network can enrich the discovered attributes. > [!TIP] > You can always apply filters to exclude unmanaged devices from the device inventory list. You can also use the onboarding status column on API queries to filter out unmanaged devices.
To address the challenge of gaining enough visibility to locate, identify, and s
Vulnerabilities and risks on your devices as well as other discovered unmanaged devices in the network are part of the current Defender Vulnerability Management flows under "Security Recommendations" and represented in entity pages across the portal. Search for "SSH" related security recommendations to find SSH vulnerabilities that are related for unmanaged and managed devices. ## Use advanced hunting on discovered devices
security Gov https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/gov.md
The following OS versions are supported:
OS version|GCC|GCC High|DoD :|::|::|::
-Windows 11|![Yes.](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)
-Windows 10, version 21H1 and above|![Yes.](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)
-Windows 10, version 20H2 (with [KB4586853](https://support.microsoft.com/help/4586853) <sup>1</sup>)|![Yes.](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)
-Windows 10, version 2004 (with [KB4586853](https://support.microsoft.com/help/4586853) <sup>1</sup>)|![Yes.](images/svg/check-yes.svg) <br /> Note: [Deprecated](/lifecycle/announcements/windows-10-version-2004-end-of-servicing), please upgrade|![Yes](images/svg/check-yes.svg) <br /> Note: [Deprecated](/lifecycle/announcements/windows-10-version-2004-end-of-servicing), please upgrade|![Yes](images/svg/check-yes.svg) <br /> Note: [Deprecated](/lifecycle/announcements/windows-10-version-2004-end-of-servicing), please upgrade
-Windows 10, version 1909 (with [KB4586819](https://support.microsoft.com/help/4586819) <sup>1</sup>)|![Yes.](images/svg/check-yes.svg) <br /> Note: [Deprecated](/lifecycle/announcements/windows-10-1909-end-of-servicing), please upgrade|![Yes](images/svg/check-yes.svg) <br /> Note: [Deprecated](/lifecycle/announcements/windows-10-1909-end-of-servicing), please upgrade|![Yes](images/svg/check-yes.svg) <br /> Note: [Deprecated](/lifecycle/announcements/windows-10-1909-end-of-servicing), please upgrade
-Windows 10, version 1903 (with [KB4586819](https://support.microsoft.com/help/4586819) <sup>1</sup>)|![Yes.](images/svg/check-yes.svg) <br /> Note: [Deprecated](/lifecycle/announcements/windows-10-1903-end-of-servicing), please upgrade|![Yes](images/svg/check-yes.svg) <br /> Note: [Deprecated](/lifecycle/announcements/windows-10-1903-end-of-servicing), please upgrade|![Yes](images/svg/check-yes.svg) <br /> Note: [Deprecated](/lifecycle/announcements/windows-10-1903-end-of-servicing), please upgrade
-Windows 10, version 1809 (with [KB4586839](https://support.microsoft.com/help/4586839) <sup>1</sup>)|![Yes.](images/svg/check-yes.svg) <br /> Note: [Deprecated](/lifecycle/announcements/windows-10-1803-1809-end-of-servicing), please upgrade|![Yes](images/svg/check-yes.svg) <br /> Note: [Deprecated](/lifecycle/announcements/windows-10-1803-1809-end-of-servicing), please upgrade|![Yes](images/svg/check-yes.svg) <br /> Note: [Deprecated](/lifecycle/announcements/windows-10-1803-1809-end-of-servicing), please upgrade
-Windows 10, version 1803 (with [KB4598245](https://support.microsoft.com/help/4598245) <sup>1</sup>)|![Yes.](images/svg/check-yes.svg) <br /> Note: [Deprecated](/lifecycle/announcements/windows-10-1803-1809-end-of-servicing), please upgrade|![Yes](images/svg/check-yes.svg) <br /> Note: [Deprecated](/lifecycle/announcements/windows-10-1803-1809-end-of-servicing), please upgrade|![Yes](images/svg/check-yes.svg) <br /> Note: [Deprecated](/lifecycle/announcements/windows-10-1803-1809-end-of-servicing), please upgrade
-Windows 10, version 1709|![No.](images/svg/check-no.svg) <br /> Note: Won't be supported|![Yes](images/svg/check-yes.svg) With [KB4499147](https://support.microsoft.com/help/4499147) <sup>1</sup> <br /> Note: [Deprecated](/lifecycle/announcements/revised-end-of-service-windows-10-1709), please upgrade|![No](images/svg/check-no.svg) <br /> Note: Won't be supported
-Windows 10, version 1703 and earlier|![No.](images/svg/check-no.svg) <br /> Note: Won't be supported|![No](images/svg/check-no.svg) <br /> Note: Won't be supported|![No](images/svg/check-no.svg) <br /> Note: Won't be supported
-Windows Server 2022|![Yes.](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)
-Windows Server 2019 (with [KB4586839](https://support.microsoft.com/help/4586839) <sup>1</sup>)|![Yes.](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)
-Windows Server 2016 (Modern) <sup>2</sup>|![Yes.](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)
-Windows Server 2012 R2 (Modern) <sup>2</sup>|![Yes.](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)
-Windows Server 2016 (Legacy) <sup>3</sup>|![Yes.](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)
-Windows Server 2012 R2 (Legacy) <sup>3</sup>|![Yes.](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)
-Windows Server 2008 R2 SP1 (Legacy) <sup>3</sup>|![Yes.](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)
-Windows 8.1 Enterprise (Legacy) <sup>3</sup>|![Yes.](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)
-Windows 8 Pro (Legacy) <sup>3</sup>|![Yes.](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)
-Windows 7 SP1 Enterprise (Legacy) <sup>3</sup>|![Yes.](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)
-Windows 7 SP1 Pro (Legacy) <sup>3</sup>|![Yes.](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)
-Linux|![Yes.](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)
-macOS|![Yes.](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)
-Android|![Yes.](images/svg/check-yes.svg) <br /> |![Yes](images/svg/check-yes.svg) <br /> |![Yes](images/svg/check-yes.svg) <br />
-iOS|![Yes.](images/svg/check-yes.svg) <br /> |![Yes](images/svg/check-yes.svg) <br /> |![Yes](images/svg/check-yes.svg) <br />
+Windows 11|![Yes.](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)
+Windows 10, version 21H1 and above|![Yes.](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)
+Windows 10, version 20H2 (with [KB4586853](https://support.microsoft.com/help/4586853) <sup>1</sup>)|![Yes.](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)
+Windows 10, version 2004 (with [KB4586853](https://support.microsoft.com/help/4586853) <sup>1</sup>)|![Yes.](media/svg/check-yes.svg) <br /> Note: [Deprecated](/lifecycle/announcements/windows-10-version-2004-end-of-servicing), please upgrade|![Yes](media/svg/check-yes.svg) <br /> Note: [Deprecated](/lifecycle/announcements/windows-10-version-2004-end-of-servicing), please upgrade|![Yes](media/svg/check-yes.svg) <br /> Note: [Deprecated](/lifecycle/announcements/windows-10-version-2004-end-of-servicing), please upgrade
+Windows 10, version 1909 (with [KB4586819](https://support.microsoft.com/help/4586819) <sup>1</sup>)|![Yes.](media/svg/check-yes.svg) <br /> Note: [Deprecated](/lifecycle/announcements/windows-10-1909-end-of-servicing), please upgrade|![Yes](media/svg/check-yes.svg) <br /> Note: [Deprecated](/lifecycle/announcements/windows-10-1909-end-of-servicing), please upgrade|![Yes](media/svg/check-yes.svg) <br /> Note: [Deprecated](/lifecycle/announcements/windows-10-1909-end-of-servicing), please upgrade
+Windows 10, version 1903 (with [KB4586819](https://support.microsoft.com/help/4586819) <sup>1</sup>)|![Yes.](media/svg/check-yes.svg) <br /> Note: [Deprecated](/lifecycle/announcements/windows-10-1903-end-of-servicing), please upgrade|![Yes](media/svg/check-yes.svg) <br /> Note: [Deprecated](/lifecycle/announcements/windows-10-1903-end-of-servicing), please upgrade|![Yes](media/svg/check-yes.svg) <br /> Note: [Deprecated](/lifecycle/announcements/windows-10-1903-end-of-servicing), please upgrade
+Windows 10, version 1809 (with [KB4586839](https://support.microsoft.com/help/4586839) <sup>1</sup>)|![Yes.](media/svg/check-yes.svg) <br /> Note: [Deprecated](/lifecycle/announcements/windows-10-1803-1809-end-of-servicing), please upgrade|![Yes](media/svg/check-yes.svg) <br /> Note: [Deprecated](/lifecycle/announcements/windows-10-1803-1809-end-of-servicing), please upgrade|![Yes](media/svg/check-yes.svg) <br /> Note: [Deprecated](/lifecycle/announcements/windows-10-1803-1809-end-of-servicing), please upgrade
+Windows 10, version 1803 (with [KB4598245](https://support.microsoft.com/help/4598245) <sup>1</sup>)|![Yes.](media/svg/check-yes.svg) <br /> Note: [Deprecated](/lifecycle/announcements/windows-10-1803-1809-end-of-servicing), please upgrade|![Yes](media/svg/check-yes.svg) <br /> Note: [Deprecated](/lifecycle/announcements/windows-10-1803-1809-end-of-servicing), please upgrade|![Yes](media/svg/check-yes.svg) <br /> Note: [Deprecated](/lifecycle/announcements/windows-10-1803-1809-end-of-servicing), please upgrade
+Windows 10, version 1709|![No.](media/svg/check-no.svg) <br /> Note: Won't be supported|![Yes](media/svg/check-yes.svg) With [KB4499147](https://support.microsoft.com/help/4499147) <sup>1</sup> <br /> Note: [Deprecated](/lifecycle/announcements/revised-end-of-service-windows-10-1709), please upgrade|![No](media/svg/check-no.svg) <br /> Note: Won't be supported
+Windows 10, version 1703 and earlier|![No.](media/svg/check-no.svg) <br /> Note: Won't be supported|![No](media/svg/check-no.svg) <br /> Note: Won't be supported|![No](media/svg/check-no.svg) <br /> Note: Won't be supported
+Windows Server 2022|![Yes.](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)
+Windows Server 2019 (with [KB4586839](https://support.microsoft.com/help/4586839) <sup>1</sup>)|![Yes.](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)
+Windows Server 2016 (Modern) <sup>2</sup>|![Yes.](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)
+Windows Server 2012 R2 (Modern) <sup>2</sup>|![Yes.](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)
+Windows Server 2016 (Legacy) <sup>3</sup>|![Yes.](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)
+Windows Server 2012 R2 (Legacy) <sup>3</sup>|![Yes.](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)
+Windows Server 2008 R2 SP1 (Legacy) <sup>3</sup>|![Yes.](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)
+Windows 8.1 Enterprise (Legacy) <sup>3</sup>|![Yes.](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)
+Windows 8 Pro (Legacy) <sup>3</sup>|![Yes.](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)
+Windows 7 SP1 Enterprise (Legacy) <sup>3</sup>|![Yes.](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)
+Windows 7 SP1 Pro (Legacy) <sup>3</sup>|![Yes.](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)
+Linux|![Yes.](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)
+macOS|![Yes.](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)
+Android|![Yes.](media/svg/check-yes.svg) <br /> |![Yes](media/svg/check-yes.svg) <br /> |![Yes](media/svg/check-yes.svg) <br />
+iOS|![Yes.](media/svg/check-yes.svg) <br /> |![Yes](media/svg/check-yes.svg) <br /> |![Yes](media/svg/check-yes.svg) <br />
**Footnotes**
The following OS versions are supported when using [Microsoft Defender for serve
OS version|GCC|GCC High|DoD :|::|::|::
-Windows Server 2022|![Yes.](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)
-Windows Server 2019|![Yes.](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)
-Windows Server 2016|![Yes.](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)
-Windows Server 2012 R2|![Yes.](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)
-Windows Server 2008 R2 SP1|![Yes.](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)
+Windows Server 2022|![Yes.](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)
+Windows Server 2019|![Yes.](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)
+Windows Server 2016|![Yes.](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)
+Windows Server 2012 R2|![Yes.](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)
+Windows Server 2008 R2 SP1|![Yes.](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)
## Required connectivity settings
These are the known gaps:
|Feature name|GCC|GCC High|DoD| ||::|::|::|
-|Microsoft Secure Score|![Yes](images/svg/check-yes.svg)<sup>1</sup>|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|
-|Microsoft Threat Experts|![No](images/svg/check-no.svg)|![No](images/svg/check-no.svg)|![No](images/svg/check-no.svg)|
-|Microsoft Defender for Endpoint Security Configuration Management|![No](images/svg/check-no.svg)|![No](images/svg/check-no.svg)|![No](images/svg/check-no.svg)|
+|Microsoft Secure Score|![Yes](media/svg/check-yes.svg)<sup>1</sup>|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|
+|Microsoft Threat Experts|![No](media/svg/check-no.svg)|![No](media/svg/check-no.svg)|![No](media/svg/check-no.svg)|
+|Microsoft Defender for Endpoint Security Configuration Management|![No](media/svg/check-no.svg)|![No](media/svg/check-no.svg)|![No](media/svg/check-no.svg)|
> [!NOTE] > <sup>1</sup> While Microsoft Secure Score is available for GCC customers, there are some security recommendations that aren't available.
These are the features and known gaps for [Mobile Threat Defense (Microsoft Defe
|Feature name|GCC|GCC High|DoD| ||::|::|::|
-|Reports: Web content filtering|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|
-|Reports: Device health|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|
-|Web Protection (Anti-Phishing and custom indicators)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|
-|Malware Protection (Android-Only)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|
-|Jailbreak Detection (iOS-Only)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|
-|Conditional Access/Conditional Launch|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|
-|Support for MAM|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|
-|Privacy Controls|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|
-|Microsoft Defender Vulnerability Management core capabilities <br/> (included in Defender for Endpoint Plan 2) |![Yes](images/svg/check-yes.svg) <sup>1</sup>|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|
-|Microsoft Defender Vulnerability Management premium capabilities |![No](images/svg/check-no.svg)|![No](images/svg/check-no.svg)|![No](images/svg/check-no.svg)|
+|Reports: Web content filtering|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|
+|Reports: Device health|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|
+|Web Protection (Anti-Phishing and custom indicators)|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|
+|Malware Protection (Android-Only)|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|
+|Jailbreak Detection (iOS-Only)|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|
+|Conditional Access/Conditional Launch|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|
+|Support for MAM|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|
+|Privacy Controls|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|
+|Microsoft Defender Vulnerability Management core capabilities <br/> (included in Defender for Endpoint Plan 2) |![Yes](media/svg/check-yes.svg) <sup>1</sup>|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|
+|Microsoft Defender Vulnerability Management premium capabilities |![No](media/svg/check-no.svg)|![No](media/svg/check-no.svg)|![No](media/svg/check-no.svg)|
> [!NOTE] >
security Grant Mssp Access https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/grant-mssp-access.md
To implement a multitenant delegated access solution, take the following steps:
The My Access portal link is used by MSSP SOC analysts to request access via the access packages created. The link is durable, meaning the same link may be used over time for new analysts. The analyst request goes into a queue for approval by the **MSSP Analyst Approvers**. > [!div class="mx-imgBorder"]
- > :::image type="content" source="images/access-properties.png" alt-text="The Properties page" lightbox="images/access-properties.png":::
+ > :::image type="content" source="media/access-properties.png" alt-text="The Properties page" lightbox="media/access-properties.png":::
The link is located on the overview page of each access package.
security Investigate Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/investigate-alerts.md
Expand entities to view details at a glance. Selecting an entity will switch the
> [!NOTE] > The alert story section may contain more than one alert, with additional alerts related to the same execution tree appearing before or after the alert you've selected. ## Take action from the details pane
Once you're done investigating, go back to the alert you started with, mark the
If you classify it as a true alert, you can also select a determination, as shown in the image below. If you are experiencing a false alert with a line-of-business application, create a suppression rule to avoid this type of alert in the future. > [!TIP] > If you're experiencing any issues not described above, use the 🙂 button to provide feedback or open a support ticket.
security Investigate Machines https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/investigate-machines.md
The device details section provides information such as the domain, OS, and heal
Response actions run along the top of a specific device page and include:
+- View in map
+- Device value
+- Set criticality
- Manage tags - Isolate device - Restrict app execution
For more information on how to take action on a device, see [Take response actio
For more information, see [Investigate user entities](investigate-user.md).
+> [!NOTE]
+> View in map and set criticality are features from Microsoft Exposure Management, which is currently in public preview.
+ ## Tabs The tabs provide relevant security and threat prevention information related to the device. In each tab, you can customize the columns that are shown by selecting **Customize columns** from the bar above the column headers.
The **Overview** tab displays the [cards](#cards) for active alerts, logged on u
The **Incidents and alerts** tab provides a list of incidents and alerts that are associated with the device. This list is a filtered version of the [Alerts queue](alerts-queue.md), and shows a short description of the incident, alert, severity (high, medium, low, informational), status in the queue (new, in progress, resolved), classification (not set, false alert, true alert), investigation state, category of alert, who is addressing the alert, and last activity. You can also filter the alerts. When an alert is selected, a fly-out appears. From this panel you can manage the alert and view more details such as incident number and related devices. Multiple alerts can be selected at a time.
The **Azure Advanced Threat Protection** card displays a high-level overview of
### Logged on users
-The **Logged on users** card shows how many users have logged on in the past 30 days, along with the most and least frequent users. Selecting the **See all users** link opens the details pane, which displays information such as user type, sign-in type, and when the user was first and last seen. For more information, see [Investigate user entities](investigate-user.md).
+The **Logged on users** card shows how many users logged on in the past 30 days, along with the most and least frequent users. Selecting the **See all users** link opens the details pane, which displays information such as user type, sign-in type, and when the user was first and last seen. For more information, see [Investigate user entities](investigate-user.md).
:::image type="content" source="images/logged-on-users.png" alt-text="The user details pane" lightbox="images/logged-on-users.png":::
The **Device health status** card shows a summarized health report for the speci
Other information in the card includes: the last full scan, last quick scan, security intelligence update version, engine update version, platform update version, and Defender Antivirus mode.
-Note that a grey circle indicates that the data is unknown.
+A grey circle indicates that the data is unknown.
> [!NOTE] > The overall status message for macOS and Linux devices currently shows up as 'Status not available for macOS & Linux'. Currently, the status summary is only available for Windows devices. All other information in the table is up to date to show the individual states of each device health signal for all supported platforms.
security Ios Configure Features https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/ios-configure-features.md
Follow the below steps for setting up MAM config for unenrolled devices for Netw
1. In the Microsoft Intune admin center, navigate to **Apps** \> **App configuration policies** \> **Add** \> **Managed apps** \> **Create a new App configuration policy**.
- :::image type="content" source="images/addiosconfig.png" alt-text="Add configuration policy." lightbox="images/addiosconfig.png":::
+ :::image type="content" source="media/addiosconfig.png" alt-text="Add configuration policy." lightbox="media/addiosconfig.png":::
2. Provide a name and description to uniquely identify the policy. Then select **Select Public apps**, and choose **Microsoft Defender for Platform iOS/iPadOS**.
Follow the below steps for setting up MAM config for unenrolled devices for Netw
3. On the Settings page, add **DefenderNetworkProtectionEnable** as the key and the value as `true` to enable network protection. (Network protection is disabled by default.)
- :::image type="content" source="images/addiosconfigvalue.png" alt-text="Add configuration value." lightbox="images/addiosconfigvalue.png":::
+ :::image type="content" source="media/addiosconfigvalue.png" alt-text="Add configuration value." lightbox="media/addiosconfigvalue.png":::
4. For other configurations related to network protection, add the following keys and appropriate corresponding value.
security Ios Install Unmanaged https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/ios-install-unmanaged.md
End users also need to take steps to install Microsoft Defender for Endpoint on
2. **Verify that the APP connector is enabled in Intune portal**. <br> In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Endpoint Security** > **Microsoft Defender for Endpoint** and ensure that the Connection status is enabled.
- :::image type="content" source="images/app-settings.png" alt-text="The application settings" lightbox="images/app-settings.png":::
+ :::image type="content" source="media/app-settings.png" alt-text="The application settings" lightbox="media/app-settings.png":::
### Create an app protection policy
security Ios Install https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/ios-install.md
Defender app is installed into the user's device. User signs in and completes th
1. Once Defender for Endpoint on iOS has been installed on the device, you will see the app icon.
- :::image type="icon" source="images/41627a709700c324849bf7e13510c516.png":::
+ :::image type="icon" source="media/41627a709700c324849bf7e13510c516.png":::
2. Tap the Defender for Endpoint app icon (MSDefender) and follow the on-screen instructions to complete the onboarding steps. The details include end-user acceptance of iOS permissions required by Defender for Endpoint on iOS.
security Mac Exclusions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-exclusions.md
search.appverid: met150 Previously updated : 12/18/2020 Last updated : 02/29/2024 # Configure and validate exclusions for Microsoft Defender for Endpoint on macOS
You can exclude certain files, folders, processes, and process-opened files from
Exclusions can be useful to avoid incorrect detections on files or software that are unique or customized to your organization. They can also be useful for mitigating performance issues caused by Defender for Endpoint on Mac.
+To narrow down which process and/or path and/or extension you need to exclude, please use [real-time-protection-statistics](/microsoft-365/security/defender-endpoint/mac-support-perf).
+ > [!WARNING] > Defining exclusions lowers the protection offered by Defender for Endpoint on Mac. You should always evaluate the risks that are associated with implementing exclusions, and you should only exclude files that you are confident are not malicious.
Wildcard|Description|Examples|
> [!NOTE] > The product attempts to resolve firmlinks when evaluating exclusions. Firmlink resolution does not work when the exclusion contains wildcards or the target file (on the `Data` volume) does not exist.
+## Best practices for adding antimalware exclusions for Microsoft Defender for Endpoint on macOS. 
+
+1. Write down why an exclusion was added to a central location where only SecOps and/or Security Administrator have access.
+
+ e.g. Submitter, date, app name, reason, and exclusion information.  
+
+1. Make sure to have an expiration date* for the exclusions 
+
+ *except for apps that the ISV stated that there is no additional tweaking that could be done to prevent the false positive or higher cpu utilization from occurring.
+
+1. Avoid migrating 3rd party antimalware exclusions since they may no longer be applicable nor applicable to Microsoft Defender for Endpoint on macOS. 
+
+1. Order of exclusions to consider top (more secure) to bottom (least secure): 
+
+ 1. Indicators - Certificate - allow 
+
+ 1. Add an extended validation (EV) code signing. 
+
+ 1. Indicators - File hash - allow 
+
+ 1. If a process or daemon doesn't change often, e.g. the app doesn't have a monthly security update. 
+
+ 1. Path & Process 
+
+ 1. Process
+
+ 1. Path 
+
+ 1. Extension
+
## How to configure the list of exclusions
+### From the Microsoft Defender for Endpoint Security Settings management console
+
+1. Login to the [Microsoft Defender portal](https://security.microsoft.com).
+2. Go to **Configuration management > Endpoint Security Policies > Create new Policy**
+ - Select Platform: macOS
+ - Select Template: Microsoft Defender Antivirus exclusions
+3. Select **Create Policy**
+4. Enter a name and description and select **Next**
+5. Expand **Antivirus engine**
+6. Select **Add**
+7. Select **Path** or **File extension** or **File name**
+8. Select **Configure instance** and add the exclusions as needed
+9. Select **Next**
+10. Assign the exclusion to a group and Select **Next**
+11. Select **Save**
+ ### From the management console For more information on how to configure exclusions from JAMF, Intune, or another management console, see [Set preferences for Defender for Endpoint on Mac](mac-preferences.md). ### From the user interface
-Open the Defender for Endpoint application and navigate to **Manage settings** \> **Add or Remove Exclusion...**, as shown in the following screenshot:
+1. Open the Defender for Endpoint application and navigate to **Manage settings** \> **Add or Remove Exclusion...**, as shown in the following screenshot:
:::image type="content" source="images/mdatp-37-exclusions.png" alt-text="The Manage exclusions page" lightbox="images/mdatp-37-exclusions.png":::
-Select the type of exclusion that you wish to add and follow the prompts.
+2. Select the type of exclusion that you wish to add and follow the prompts.
## Validate exclusions lists with the EICAR test file
security Mac Install Manually https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-install-manually.md
To complete this process, you must have admin privileges on the device.
4. Read through the *End-User License Agreement (EULA)* and select **Agree**.
- :::image type="content" source="images/agree-license.png" alt-text="Screenshot that shows the acceptance of the agreement.":::
+ :::image type="content" source="media/agree-license.png" alt-text="Screenshot that shows the acceptance of the agreement.":::
5. From **Destination Select**, select the disk where you want to install the Microsoft Defender Software, for example, *Macintosh HD* and select **Continue**.
security Mac Jamfpro Enroll Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-jamfpro-enroll-devices.md
For a complete list, see [About Computer Enrollment](https://docs.jamf.com/9.9/c
1. In the Jamf Pro dashboard, navigate to **Enrollment invitations**.
- :::image type="content" source="images/a347307458d6a9bbfa88df7dbe15398f.png" alt-text="The configuration settings1" lightbox="images/a347307458d6a9bbfa88df7dbe15398f.png":::
+ :::image type="content" source="media/a347307458d6a9bbfa88df7dbe15398f.png" alt-text="The configuration settings1" lightbox="media/a347307458d6a9bbfa88df7dbe15398f.png":::
2. Select **+ New**.
For a complete list, see [About Computer Enrollment](https://docs.jamf.com/9.9/c
3. In **Specify Recipients for the Invitation** > under **Email Addresses** enter the e-mail address(es) of the recipients.
- :::image type="content" source="images/718b9d609f9f77c8b13ba88c4c0abe5d.png" alt-text="The configuration settings2" lightbox="images/718b9d609f9f77c8b13ba88c4c0abe5d.png":::
+ :::image type="content" source="media/718b9d609f9f77c8b13ba88c4c0abe5d.png" alt-text="The configuration settings2" lightbox="media/718b9d609f9f77c8b13ba88c4c0abe5d.png":::
- :::image type="content" source="images/ae3597247b6bc7c5347cf56ab1e820c0.png" alt-text="The configuration settings3" lightbox="images/ae3597247b6bc7c5347cf56ab1e820c0.png":::
+ :::image type="content" source="media/ae3597247b6bc7c5347cf56ab1e820c0.png" alt-text="The configuration settings3" lightbox="media/ae3597247b6bc7c5347cf56ab1e820c0.png":::
For example: janedoe@contoso.com
- :::image type="content" source="images/4922c0fcdde4c7f73242b13bf5e35c19.png" alt-text="The configuration settings4" lightbox="images/4922c0fcdde4c7f73242b13bf5e35c19.png":::
+ :::image type="content" source="media/4922c0fcdde4c7f73242b13bf5e35c19.png" alt-text="The configuration settings4" lightbox="media/4922c0fcdde4c7f73242b13bf5e35c19.png":::
4. Configure the message for the invitation. :::image type="content" source="images/ce580aec080512d44a37ff8e82e5c2ac.png" alt-text="The configuration settings5" lightbox="images/ce580aec080512d44a37ff8e82e5c2ac.png":::
- :::image type="content" source="images/5856b765a6ce677caacb130ca36b1a62.png" alt-text="The configuration settings6" lightbox="images/5856b765a6ce677caacb130ca36b1a62.png":::
+ :::image type="content" source="media/5856b765a6ce677caacb130ca36b1a62.png" alt-text="The configuration settings6" lightbox="media/5856b765a6ce677caacb130ca36b1a62.png":::
- :::image type="content" source="images/3ced5383a6be788486d89d407d042f28.png" alt-text="The configuration settings7" lightbox="images/3ced5383a6be788486d89d407d042f28.png":::
+ :::image type="content" source="media/3ced5383a6be788486d89d407d042f28.png" alt-text="The configuration settings7" lightbox="media/3ced5383a6be788486d89d407d042f28.png":::
- :::image type="content" source="images/54be9c6ed5b24cebe628dc3cd9ca4089.png" alt-text="The configuration settings8" lightbox="images/54be9c6ed5b24cebe628dc3cd9ca4089.png":::
+ :::image type="content" source="media/54be9c6ed5b24cebe628dc3cd9ca4089.png" alt-text="The configuration settings8" lightbox="media/54be9c6ed5b24cebe628dc3cd9ca4089.png":::
## Enrollment Method 2: Prestage Enrollments 1. In the Jamf Pro dashboard, navigate to **Prestage enrollments**.
- :::image type="content" source="images/6fd0cb2bbb0e60a623829c91fd0826ab.png" alt-text="The configuration settings9" lightbox="images/6fd0cb2bbb0e60a623829c91fd0826ab.png":::
+ :::image type="content" source="media/6fd0cb2bbb0e60a623829c91fd0826ab.png" alt-text="The configuration settings9" lightbox="media/6fd0cb2bbb0e60a623829c91fd0826ab.png":::
2. Follow the instructions in [Computer PreStage Enrollments](https://docs.jamf.com/9.9/casper-suite/administrator-guide/Computer_PreStage_Enrollments.html).
security Mac Jamfpro Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-jamfpro-policies.md
Note that you must use exact `com.microsoft.wdav` as the **Preference Domain**,
2. Create a new Configuration Profile under Computers -> Configuration Profiles, enter the following details on the **General** tab:
- :::image type="content" source="images/644e0f3af40c29e80ca1443535b2fe32.png" alt-text="A new profile." lightbox="images/644e0f3af40c29e80ca1443535b2fe32.png":::
+ :::image type="content" source="media/644e0f3af40c29e80ca1443535b2fe32.png" alt-text="A new profile." lightbox="media/644e0f3af40c29e80ca1443535b2fe32.png":::
- Name: MDATP MDAV configuration settings - Description:\<blank\>
Note that you must use exact `com.microsoft.wdav` as the **Preference Domain**,
3. Scroll down to the **Application & Custom Settings** tab, select **External Applications**, click **Add** and use **Custom Schema** as Source to use for the preference domain.
- :::image type="content" source="images/4137189bc3204bb09eed3aabc41afd78.png" alt-text="Add custom schema." lightbox="images/4137189bc3204bb09eed3aabc41afd78.png":::
+ :::image type="content" source="media/4137189bc3204bb09eed3aabc41afd78.png" alt-text="Add custom schema." lightbox="media/4137189bc3204bb09eed3aabc41afd78.png":::
4. Enter `com.microsoft.wdav` as the Preference Domain, select **Add Schema** and **Upload** the schema.json file downloaded on Step 1. Click **Save**.
- :::image type="content" source="images/a6f9f556037c42fabcfdcb1b697244cf.png" alt-text="Upload schema." lightbox="images/a6f9f556037c42fabcfdcb1b697244cf.png":::
+ :::image type="content" source="media/a6f9f556037c42fabcfdcb1b697244cf.png" alt-text="Upload schema." lightbox="media/a6f9f556037c42fabcfdcb1b697244cf.png":::
5. You can see all supported Microsoft Defender for Endpoint configuration settings below, under **Preference Domain Properties**. Click **Add/Remove properties** to select the settings that you want to be managed, and click **Ok** to save your changes. (Settings left unselected will not be included into the managed configuration, an end user will be able to configure those settings on their machines.)
- :::image type="content" source="images/817b3b760d11467abe9bdd519513f54f.png" alt-text="The chosen managed settings." lightbox="images/817b3b760d11467abe9bdd519513f54f.png":::
+ :::image type="content" source="media/817b3b760d11467abe9bdd519513f54f.png" alt-text="The chosen managed settings." lightbox="media/817b3b760d11467abe9bdd519513f54f.png":::
6. Change values of the settings to desired values. You can click **More information** to get documentation for a particular setting. (You may click **Plist preview** to inspect what the configuration plist will look like. Click **Form editor** to return to the visual editor.)
- :::image type="content" source="images/a14a79efd5c041bb8974cb5b12b3a9b6.png" alt-text="The page on which you change the settings values." lightbox="images/a14a79efd5c041bb8974cb5b12b3a9b6.png":::
+ :::image type="content" source="media/a14a79efd5c041bb8974cb5b12b3a9b6.png" alt-text="The page on which you change the settings values." lightbox="media/a14a79efd5c041bb8974cb5b12b3a9b6.png":::
7. Select the **Scope** tab.
- :::image type="content" source="images/9fc17529e5577eefd773c658ec576a7d.png" alt-text="The Configuration profile scope." lightbox="images/9fc17529e5577eefd773c658ec576a7d.png":::
+ :::image type="content" source="media/9fc17529e5577eefd773c658ec576a7d.png" alt-text="The Configuration profile scope." lightbox="media/9fc17529e5577eefd773c658ec576a7d.png":::
8. Select **Contoso's Machine Group**.
Note that you must use exact `com.microsoft.wdav` as the **Preference Domain**,
:::image type="content" source="images/cf30438b5512ac89af1d11cbf35219a6.png" alt-text="The page on which you can add the Configuration settings." lightbox="images/cf30438b5512ac89af1d11cbf35219a6.png":::
- :::image type="content" source="images/6f093e42856753a3955cab7ee14f12d9.png" alt-text="The page on which you can save the Configuration settings." lightbox="images/6f093e42856753a3955cab7ee14f12d9.png":::
+ :::image type="content" source="media/6f093e42856753a3955cab7ee14f12d9.png" alt-text="The page on which you can save the Configuration settings." lightbox="media/6f093e42856753a3955cab7ee14f12d9.png":::
10. Select **Done**. You'll see the new **Configuration profile**.
All you need to do to have updates is to download an updated schema, edit existi
3. In the Jamf Pro dashboard, open **Computers**, and their **Configuration Profiles**. Click **New** and switch to the **General** tab.
- :::image type="content" source="images/644e0f3af40c29e80ca1443535b2fe32.png" alt-text="The page displaying a new profile." lightbox="images/644e0f3af40c29e80ca1443535b2fe32.png":::
+ :::image type="content" source="media/644e0f3af40c29e80ca1443535b2fe32.png" alt-text="The page displaying a new profile." lightbox="media/644e0f3af40c29e80ca1443535b2fe32.png":::
4. Enter the following details on the **General** tab:
All you need to do to have updates is to download an updated schema, edit existi
5. In **Application & Custom Settings**, select **Configure**.
- :::image type="content" source="images/3160906404bc5a2edf84d1d015894e3b.png" alt-text="The MDATP MDAV configuration settings." lightbox="images/3160906404bc5a2edf84d1d015894e3b.png":::
+ :::image type="content" source="mediAV configuration settings." lightbox="media/3160906404bc5a2edf84d1d015894e3b.png":::
:::image type="content" source="images/e1cc1e48ec9d5d688087b4d771e668d2.png" alt-text="The application and custom settings." lightbox="images/e1cc1e48ec9d5d688087b4d771e668d2.png"::: 6. Select **Upload File (PLIST file)**.
- :::image type="content" source="images/6f85269276b2278eca4bce84f935f87b.png" alt-text="The configuration settings plist file." lightbox="images/6f85269276b2278eca4bce84f935f87b.png":::
+ :::image type="content" source="media/6f85269276b2278eca4bce84f935f87b.png" alt-text="The configuration settings plist file." lightbox="media/6f85269276b2278eca4bce84f935f87b.png":::
7. In **Preferences Domain**, enter `com.microsoft.wdav`, then select **Upload PLIST File**.
All you need to do to have updates is to download an updated schema, edit existi
8. Select **Choose File**.
- :::image type="content" source="images/526e978761fc571cca06907da7b01fd6.png" alt-text="The prompt to choose the plist file." lightbox="images/526e978761fc571cca06907da7b01fd6.png":::
+ :::image type="content" source="media/526e978761fc571cca06907da7b01fd6.png" alt-text="The prompt to choose the plist file." lightbox="media/526e978761fc571cca06907da7b01fd6.png":::
9. Select the **MDATP_MDAV_configuration_settings.plist**, then select **Open**.
- :::image type="content" source="images/98acea3750113b8dbab334296e833003.png" alt-text="The mdatpmdav configuration settings." lightbox="images/98acea3750113b8dbab334296e833003.png":::
+ :::image type="content" source="mediav configuration settings." lightbox="media/98acea3750113b8dbab334296e833003.png":::
10. Select **Upload**.
- :::image type="content" source="images/0adb21c13206861ba9b30a879ade93d3.png" alt-text="The configuration setting upload." lightbox="images/0adb21c13206861ba9b30a879ade93d3.png":::
+ :::image type="content" source="media/0adb21c13206861ba9b30a879ade93d3.png" alt-text="The configuration setting upload." lightbox="media/0adb21c13206861ba9b30a879ade93d3.png":::
:::image type="content" source="images/f624de59b3cc86e3e2d32ae5de093e02.png" alt-text="The prompt to upload the image related to the configuration settings." lightbox="images/f624de59b3cc86e3e2d32ae5de093e02.png"::: > [!NOTE] > If you happen to upload the Intune file, you'll get the following error: >
- > :::image type="content" source="images/8e69f867664668796a3b2904896f0436.png" alt-text="The prompt to upload the intune file related to the configuration settings." lightbox="images/8e69f867664668796a3b2904896f0436.png":::
+ > :::image type="content" source="media/8e69f867664668796a3b2904896f0436.png" alt-text="The prompt to upload the intune file related to the configuration settings." lightbox="media/8e69f867664668796a3b2904896f0436.png":::
11. Select **Save**.
- :::image type="content" source="images/1b6b5a4edcb42d97f1e70a6a0fa48e3a.png" alt-text="The option to save the image related to the configuration settings." lightbox="images/1b6b5a4edcb42d97f1e70a6a0fa48e3a.png":::
+ :::image type="content" source="media/1b6b5a4edcb42d97f1e70a6a0fa48e3a.png" alt-text="The option to save the image related to the configuration settings." lightbox="media/1b6b5a4edcb42d97f1e70a6a0fa48e3a.png":::
12. The file is uploaded.
- :::image type="content" source="images/33e2b2a1611fdddf6b5b79e54496e3bb.png" alt-text="The uploaded file related to the configuration settings." lightbox="images/33e2b2a1611fdddf6b5b79e54496e3bb.png":::
+ :::image type="content" source="media/33e2b2a1611fdddf6b5b79e54496e3bb.png" alt-text="The uploaded file related to the configuration settings." lightbox="media/33e2b2a1611fdddf6b5b79e54496e3bb.png":::
- :::image type="content" source="images/a422e57fe8d45689227e784443e51bd1.png" alt-text="The configuration settings page." lightbox="images/a422e57fe8d45689227e784443e51bd1.png":::
+ :::image type="content" source="media/a422e57fe8d45689227e784443e51bd1.png" alt-text="The configuration settings page." lightbox="media/a422e57fe8d45689227e784443e51bd1.png":::
13. Select the **Scope** tab.
- :::image type="content" source="images/9fc17529e5577eefd773c658ec576a7d.png" alt-text="The scope for the configuration settings." lightbox="images/9fc17529e5577eefd773c658ec576a7d.png":::
+ :::image type="content" source="media/9fc17529e5577eefd773c658ec576a7d.png" alt-text="The scope for the configuration settings." lightbox="media/9fc17529e5577eefd773c658ec576a7d.png":::
14. Select **Contoso's Machine Group**.
All you need to do to have updates is to download an updated schema, edit existi
:::image type="content" source="images/cf30438b5512ac89af1d11cbf35219a6.png" alt-text="The configuration settings addsav." lightbox="images/cf30438b5512ac89af1d11cbf35219a6.png":::
- :::image type="content" source="images/6f093e42856753a3955cab7ee14f12d9.png" alt-text="The notification of configuration settings." lightbox="images/6f093e42856753a3955cab7ee14f12d9.png":::
+ :::image type="content" source="media/6f093e42856753a3955cab7ee14f12d9.png" alt-text="The notification of configuration settings." lightbox="media/6f093e42856753a3955cab7ee14f12d9.png":::
16. Select **Done**. You'll see the new **Configuration profile**.
These steps are applicable on macOS 11 (Big Sur) or later.
- **Notifications in Notification Center**: Click **Display** - **Badge app icon**: Click **Display**
- :::image type="content" source="images/7f9138053dbcbf928e5182ee7b295ebe.png" alt-text="The configuration settings mdatpmdav notifications tray." lightbox="images/7f9138053dbcbf928e5182ee7b295ebe.png":::
+ :::image type="content" source="mediav notifications tray." lightbox="media/7f9138053dbcbf928e5182ee7b295ebe.png":::
- Tab **Notifications**, click **Add** one more time, scroll down to **New Notifications Settings** - **Bundle ID**: `com.microsoft.autoupdate.fba` - Configure the rest of the settings to the same values as above
- :::image type="content" source="images/4bac6ce277aedfb4a674f2d9fcb2599a.png" alt-text="The configuration settings mdatpmdav notifications mau." lightbox="images/4bac6ce277aedfb4a674f2d9fcb2599a.png":::
+ :::image type="content" source="mediav notifications mau." lightbox="media/4bac6ce277aedfb4a674f2d9fcb2599a.png":::
Note that now you have two 'tables' with notification configurations, one for **Bundle ID: com.microsoft.wdav.tray**, and another for **Bundle ID: com.microsoft.autoupdate.fba**. While you can configure alert settings per your requirements, Bundle IDs must be exactly the same as described before, and **Include** switch must be **On** for **Notifications**. 3. Select the **Scope** tab, then select **Add**.
- :::image type="content" source="images/441aa2ecd36abadcdd8aed03556080b5.png" alt-text="The page on which you can add values for the configuration settings." lightbox="images/441aa2ecd36abadcdd8aed03556080b5.png":::
+ :::image type="content" source="media/441aa2ecd36abadcdd8aed03556080b5.png" alt-text="The page on which you can add values for the configuration settings." lightbox="media/441aa2ecd36abadcdd8aed03556080b5.png":::
4. Select **Contoso's Machine Group**. 5. Select **Add**, then select **Save**.
- :::image type="content" source="images/09a275e321268e5e3ac0c0865d3e2db5.png" alt-text="The page on which you can save values for the configuration settings contoso machine group." lightbox="images/09a275e321268e5e3ac0c0865d3e2db5.png":::
+ :::image type="content" source="media/09a275e321268e5e3ac0c0865d3e2db5.png" alt-text="The page on which you can save values for the configuration settings contoso machine group." lightbox="media/09a275e321268e5e3ac0c0865d3e2db5.png":::
- :::image type="content" source="images/4d2d1d4ee13d3f840f425924c3df0d51.png" alt-text="The page that displays the completion notification of the configuration settings." lightbox="images/4d2d1d4ee13d3f840f425924c3df0d51.png":::
+ :::image type="content" source="media/4d2d1d4ee13d3f840f425924c3df0d51.png" alt-text="The page that displays the completion notification of the configuration settings." lightbox="media/4d2d1d4ee13d3f840f425924c3df0d51.png":::
6. Select **Done**. You'll see the new **Configuration profile**.
- :::image type="content" source="images/633ad26b8bf24ec683c98b2feb884bdf.png" alt-text="The completed configuration settings." lightbox="images/633ad26b8bf24ec683c98b2feb884bdf.png":::
+ :::image type="content" source="media/633ad26b8bf24ec683c98b2feb884bdf.png" alt-text="The completed configuration settings." lightbox="media/633ad26b8bf24ec683c98b2feb884bdf.png":::
## Step 5: Configure Microsoft AutoUpdate (MAU)
These steps are applicable on macOS 11 (Big Sur) or later.
5. In **Application & Custom Settings** select **Configure**.
- :::image type="content" source="images/1f72e9c15eaafcabf1504397e99be311.png" alt-text="The configuration setting application and custom settings." lightbox="images/1f72e9c15eaafcabf1504397e99be311.png":::
+ :::image type="content" source="media/1f72e9c15eaafcabf1504397e99be311.png" alt-text="The configuration setting application and custom settings." lightbox="media/1f72e9c15eaafcabf1504397e99be311.png":::
6. Select **Upload File (PLIST file)**. 7. In **Preference Domain** enter: `com.microsoft.autoupdate2`, then select **Upload PLIST File**.
- :::image type="content" source="images/1213872db5833aa8be535da57653219f.png" alt-text="The configuration setting preference domain." lightbox="images/1213872db5833aa8be535da57653219f.png":::
+ :::image type="content" source="media/1213872db5833aa8be535da57653219f.png" alt-text="The configuration setting preference domain." lightbox="media/1213872db5833aa8be535da57653219f.png":::
8. Select **Choose File**.
- :::image type="content" source="images/335aff58950ce62d1dabc289ecdce9ed.png" alt-text="The prompt to choose the file regarding configuration setting." lightbox="images/335aff58950ce62d1dabc289ecdce9ed.png":::
+ :::image type="content" source="media/335aff58950ce62d1dabc289ecdce9ed.png" alt-text="The prompt to choose the file regarding configuration setting." lightbox="media/335aff58950ce62d1dabc289ecdce9ed.png":::
9. Select **MDATP_MDAV_MAU_settings.plist**.
- :::image type="content" source="images/a26bd4967cd54bb113a2c8d32894c3de.png" alt-text="The mdatpmdavmau settings." lightbox="images/a26bd4967cd54bb113a2c8d32894c3de.png":::
+ :::image type="content" source="mediavmau settings." lightbox="media/a26bd4967cd54bb113a2c8d32894c3de.png":::
10. Select **Upload**.
- :::image type="content" source="images/4239ca0528efb0734e4ca0b490bfb22d.png" alt-text="The upload of the file regarding configuration setting." lightbox="images/4239ca0528efb0734e4ca0b490bfb22d.png":::
+ :::image type="content" source="media/4239ca0528efb0734e4ca0b490bfb22d.png" alt-text="The upload of the file regarding configuration setting." lightbox="media/4239ca0528efb0734e4ca0b490bfb22d.png":::
- :::image type="content" source="images/4ec20e72c8aed9a4c16912e01692436a.png" alt-text="The page displaying the upload option for the file regarding configuration setting." lightbox="images/4ec20e72c8aed9a4c16912e01692436a.png":::
+ :::image type="content" source="media/4ec20e72c8aed9a4c16912e01692436a.png" alt-text="The page displaying the upload option for the file regarding configuration setting." lightbox="media/4ec20e72c8aed9a4c16912e01692436a.png":::
11. Select **Save**.
- :::image type="content" source="images/253274b33e74f3f5b8d475cf8692ce4e.png" alt-text="The page displaying the save option for the file regarding configuration setting." lightbox="images/253274b33e74f3f5b8d475cf8692ce4e.png":::
+ :::image type="content" source="media/253274b33e74f3f5b8d475cf8692ce4e.png" alt-text="The page displaying the save option for the file regarding configuration setting." lightbox="media/253274b33e74f3f5b8d475cf8692ce4e.png":::
12. Select the **Scope** tab.
- :::image type="content" source="images/10ab98358b2d602f3f67618735fa82fb.png" alt-text="The Scope tab for the configuration settings." lightbox="images/10ab98358b2d602f3f67618735fa82fb.png":::
+ :::image type="content" source="media/10ab98358b2d602f3f67618735fa82fb.png" alt-text="The Scope tab for the configuration settings." lightbox="media/10ab98358b2d602f3f67618735fa82fb.png":::
13. Select **Add**.
- :::image type="content" source="images/56e6f6259b9ce3c1706ed8d666ae4947.png" alt-text="The option to add deployment targets." lightbox="images/56e6f6259b9ce3c1706ed8d666ae4947.png":::
+ :::image type="content" source="media/56e6f6259b9ce3c1706ed8d666ae4947.png" alt-text="The option to add deployment targets." lightbox="media/56e6f6259b9ce3c1706ed8d666ae4947.png":::
- :::image type="content" source="images/38c67ee1905c4747c3b26c8eba57726b.png" alt-text="The page on which you add more values to the configuration settings." lightbox="images/38c67ee1905c4747c3b26c8eba57726b.png":::
+ :::image type="content" source="media/38c67ee1905c4747c3b26c8eba57726b.png" alt-text="The page on which you add more values to the configuration settings." lightbox="media/38c67ee1905c4747c3b26c8eba57726b.png":::
- :::image type="content" source="images/321ba245f14743c1d5d51c15e99deecc.png" alt-text="The page on which you can add more values to the configuration settings." lightbox="images/321ba245f14743c1d5d51c15e99deecc.png":::
+ :::image type="content" source="media/321ba245f14743c1d5d51c15e99deecc.png" alt-text="The page on which you can add more values to the configuration settings." lightbox="media/321ba245f14743c1d5d51c15e99deecc.png":::
14. Select **Done**.
These steps are applicable on macOS 11 (Big Sur) or later.
1. In the Jamf Pro dashboard, select **Configuration Profiles**.
- :::image type="content" source="images/264493cd01e62c7085659d6fdc26dc91.png" alt-text="The profile for which settings are to be configured." lightbox="images/264493cd01e62c7085659d6fdc26dc91.png":::
+ :::image type="content" source="media/264493cd01e62c7085659d6fdc26dc91.png" alt-text="The profile for which settings are to be configured." lightbox="media/264493cd01e62c7085659d6fdc26dc91.png":::
2. Select **+ New**.
These steps are applicable on macOS 11 (Big Sur) or later.
4. In **Configure Privacy Preferences Policy Control** select **Configure**.
- :::image type="content" source="images/715ae7ec8d6a262c489f94d14e1e51bb.png" alt-text="The configuration privacy policy control." lightbox="images/715ae7ec8d6a262c489f94d14e1e51bb.png":::
+ :::image type="content" source="media/715ae7ec8d6a262c489f94d14e1e51bb.png" alt-text="The configuration privacy policy control." lightbox="media/715ae7ec8d6a262c489f94d14e1e51bb.png":::
5. In **Privacy Preferences Policy Control**, enter the following details:
These steps are applicable on macOS 11 (Big Sur) or later.
- Identifier Type: Bundle ID - Code Requirement: `identifier "com.microsoft.wdav" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9`
- :::image type="content" source="images/22cb439de958101c0a12f3038f905b27.png" alt-text="The configuration setting privacy preference policy control details." lightbox="images/22cb439de958101c0a12f3038f905b27.png":::
+ :::image type="content" source="media/22cb439de958101c0a12f3038f905b27.png" alt-text="The configuration setting privacy preference policy control details." lightbox="media/22cb439de958101c0a12f3038f905b27.png":::
6. Select **+ Add**.
These steps are applicable on macOS 11 (Big Sur) or later.
7. Select **Save** (not the one at the bottom right).
- :::image type="content" source="images/6de50b4a897408ddc6ded56a09c09fe2.png" alt-text="The save operation for the configuration setting." lightbox="images/6de50b4a897408ddc6ded56a09c09fe2.png":::
+ :::image type="content" source="media/6de50b4a897408ddc6ded56a09c09fe2.png" alt-text="The save operation for the configuration setting." lightbox="media/6de50b4a897408ddc6ded56a09c09fe2.png":::
8. Click the `+` sign next to **App Access** to add a new entry.
These steps are applicable on macOS 11 (Big Sur) or later.
12. Select the **Scope** tab.
- :::image type="content" source="images/2c49b16cd112729b3719724f581e6882.png" alt-text="The page depicting the scope for the configuration setting." lightbox="images/2c49b16cd112729b3719724f581e6882.png":::
+ :::image type="content" source="media/2c49b16cd112729b3719724f581e6882.png" alt-text="The page depicting the scope for the configuration setting." lightbox="media/2c49b16cd112729b3719724f581e6882.png":::
13. Select **+ Add**.
- :::image type="content" source="images/57cef926d1b9260fb74a5f460cee887a.png" alt-text="The page depicting the configuration setting." lightbox="images/57cef926d1b9260fb74a5f460cee887a.png":::
+ :::image type="content" source="media/57cef926d1b9260fb74a5f460cee887a.png" alt-text="The page depicting the configuration setting." lightbox="media/57cef926d1b9260fb74a5f460cee887a.png":::
14. Select **Computer Groups** > under **Group Name** > select **Contoso's MachineGroup**.
- :::image type="content" source="images/368d35b3d6179af92ffdbfd93b226b69.png" alt-text="The configuration setting contoso machine group." lightbox="images/368d35b3d6179af92ffdbfd93b226b69.png":::
+ :::image type="content" source="media/368d35b3d6179af92ffdbfd93b226b69.png" alt-text="The configuration setting contoso machine group." lightbox="media/368d35b3d6179af92ffdbfd93b226b69.png":::
15. Select **Add**.
These steps are applicable on macOS 11 (Big Sur) or later.
17. Select **Done**.
- :::image type="content" source="images/809cef630281b64b8f07f20913b0039b.png" alt-text="The configuration setting contoso machine-group." lightbox="images/809cef630281b64b8f07f20913b0039b.png":::
+ :::image type="content" source="media/809cef630281b64b8f07f20913b0039b.png" alt-text="The configuration setting contoso machine-group." lightbox="media/809cef630281b64b8f07f20913b0039b.png":::
- :::image type="content" source="images/6c8b406ee224335a8c65d06953dc756e.png" alt-text="The configuration setting illustration." lightbox="images/6c8b406ee224335a8c65d06953dc756e.png":::
+ :::image type="content" source="media/6c8b406ee224335a8c65d06953dc756e.png" alt-text="The configuration setting illustration." lightbox="media/6c8b406ee224335a8c65d06953dc756e.png":::
Alternatively, you can download [fulldisk.mobileconfig](https://github.com/microsoft/mdatp-xplat/blob/master/macos/mobileconfig/profiles/fulldisk.mobileconfig) and upload it to JAMF Configuration Profiles as described in [Deploying Custom Configuration Profiles using Jamf Pro|Method 2: Upload a Configuration Profile to Jamf Pro](https://www.jamf.com/jamf-nation/articles/648/deploying-custom-configuration-profiles-using-jamf-pro).
Alternatively, you can download [fulldisk.mobileconfig](https://github.com/micro
1. In the **Configuration Profiles**, select **+ New**.
- :::image type="content" source="images/6c8b406ee224335a8c65d06953dc756e.png" alt-text="The automatically generated social media post's description." lightbox="images/6c8b406ee224335a8c65d06953dc756e.png":::
+ :::image type="content" source="media/6c8b406ee224335a8c65d06953dc756e.png" alt-text="The automatically generated social media post's description." lightbox="media/6c8b406ee224335a8c65d06953dc756e.png":::
2. Enter the following details on the **General** tab:
Alternatively, you can download [fulldisk.mobileconfig](https://github.com/micro
5. Select the **Scope** tab.
- :::image type="content" source="images/0df36fc308ba569db204ee32db3fb40a.png" alt-text="The Target Computers selection pane." lightbox="images/0df36fc308ba569db204ee32db3fb40a.png":::
+ :::image type="content" source="media/0df36fc308ba569db204ee32db3fb40a.png" alt-text="The Target Computers selection pane." lightbox="media/0df36fc308ba569db204ee32db3fb40a.png":::
6. Select **+ Add**.
Alternatively, you can download [fulldisk.mobileconfig](https://github.com/micro
8. Select **+ Add**.
- :::image type="content" source="images/0dde8a4c41110dbc398c485433a81359.png" alt-text="The New macOS Configuration Profile pane." lightbox="images/0dde8a4c41110dbc398c485433a81359.png":::
+ :::image type="content" source="media/0dde8a4c41110dbc398c485433a81359.png" alt-text="The New macOS Configuration Profile pane." lightbox="media/0dde8a4c41110dbc398c485433a81359.png":::
9. Select **Save**.
These steps are applicable on macOS 11 (Big Sur) or later.
3. Select the **Scope** tab.
- :::image type="content" source="images/0df36fc308ba569db204ee32db3fb40a.png" alt-text="The configuration settings sco tab." lightbox="images/0df36fc308ba569db204ee32db3fb40a.png":::
+ :::image type="content" source="media/0df36fc308ba569db204ee32db3fb40a.png" alt-text="The configuration settings sco tab." lightbox="media/0df36fc308ba569db204ee32db3fb40a.png":::
4. Select **+ Add**.
These steps are applicable on macOS 11 (Big Sur) or later.
6. Select **+ Add**.
- :::image type="content" source="images/0dde8a4c41110dbc398c485433a81359.png" alt-text="The configuration settings adim." lightbox="images/0dde8a4c41110dbc398c485433a81359.png":::
+ :::image type="content" source="media/0dde8a4c41110dbc398c485433a81359.png" alt-text="The configuration settings adim." lightbox="media/0dde8a4c41110dbc398c485433a81359.png":::
7. Select **Save**.
Follow the instructions on [Schedule scans with Microsoft Defender for Endpoint
1. Navigate to where you saved `wdav.pkg`.
- :::image type="content" source="images/8dde76b5463047423f8637c86b05c29d.png" alt-text="The file explorer wdav package." lightbox="images/8dde76b5463047423f8637c86b05c29d.png":::
+ :::image type="content" source="media/8dde76b5463047423f8637c86b05c29d.png" alt-text="The file explorer wdav package." lightbox="media/8dde76b5463047423f8637c86b05c29d.png":::
2. Rename it to `wdav_MDM_Contoso_200329.pkg`.
Follow the instructions on [Schedule scans with Microsoft Defender for Endpoint
3. Open the Jamf Pro dashboard.
- :::image type="content" source="images/990742cd9a15ca9fdd37c9f695d1b9f4.png" alt-text="The configuration settings for jamfpro." lightbox="images/990742cd9a15ca9fdd37c9f695d1b9f4.png":::
+ :::image type="content" source="media/990742cd9a15ca9fdd37c9f695d1b9f4.png" alt-text="The configuration settings for jamfpro." lightbox="media/990742cd9a15ca9fdd37c9f695d1b9f4.png":::
4. Select your computer and click the gear icon at the top, then select **Computer Management**. :::image type="content" source="images/b6d671b2f18b89d96c1c8e2ea1991242.png" alt-text="The configuration settings - computer management." lightbox="images/b6d671b2f18b89d96c1c8e2ea1991242.png"::: 5. In **Packages**, select **+ New**.
- :::image type="content" source="images/57aa4d21e2ccc65466bf284701d4e961.png" alt-text="The bird Description for an automatically generated package." lightbox="images/57aa4d21e2ccc65466bf284701d4e961.png":::
+ :::image type="content" source="media/57aa4d21e2ccc65466bf284701d4e961.png" alt-text="The bird Description for an automatically generated package." lightbox="media/57aa4d21e2ccc65466bf284701d4e961.png":::
6. In the **General tab**, enter the following details in **New Package**:
Follow the instructions on [Schedule scans with Microsoft Defender for Endpoint
- Category: None (default) - Filename: Choose File
- :::image type="content" source="images/21de3658bf58b1b767a17358a3f06341.png" alt-text="The General tab for configuration settings." lightbox="images/21de3658bf58b1b767a17358a3f06341.png":::
+ :::image type="content" source="media/21de3658bf58b1b767a17358a3f06341.png" alt-text="The General tab for configuration settings." lightbox="media/21de3658bf58b1b767a17358a3f06341.png":::
Open the file and point it to `wdav.pkg` or `wdav_MDM_Contoso_200329.pkg`.
- :::image type="content" source="images/1aa5aaa0a387f4e16ce55b66facc77d1.png" alt-text="The computer screen displaying the description for an automatically generated package." lightbox="images/1aa5aaa0a387f4e16ce55b66facc77d1.png":::
+ :::image type="content" source="media/1aa5aaa0a387f4e16ce55b66facc77d1.png" alt-text="The computer screen displaying the description for an automatically generated package." lightbox="media/1aa5aaa0a387f4e16ce55b66facc77d1.png":::
7. Select **Open**. Set the **Display Name** to **Microsoft Defender Advanced Threat Protection and Microsoft Defender Antivirus**.
Follow the instructions on [Schedule scans with Microsoft Defender for Endpoint
**Limitations tab**: Keep default values.
- :::image type="content" source="images/56dac54634d13b2d3948ab50e8d3ef21.png" alt-text="The limitation tab for the configuration settings." lightbox="images/56dac54634d13b2d3948ab50e8d3ef21.png":::
+ :::image type="content" source="media/56dac54634d13b2d3948ab50e8d3ef21.png" alt-text="The limitation tab for the configuration settings." lightbox="media/56dac54634d13b2d3948ab50e8d3ef21.png":::
8. Select **Save**. The package is uploaded to Jamf Pro.
- :::image type="content" source="images/33f1ecdc7d4872555418bbc3efe4b7a3.png" alt-text="The configuration settings pack uploading process for the package related to the configuration settings." lightbox="images/33f1ecdc7d4872555418bbc3efe4b7a3.png":::
+ :::image type="content" source="media/33f1ecdc7d4872555418bbc3efe4b7a3.png" alt-text="The configuration settings pack uploading process for the package related to the configuration settings." lightbox="media/33f1ecdc7d4872555418bbc3efe4b7a3.png":::
It can take a few minutes for the package to be available for deployment.
- :::image type="content" source="images/1626d138e6309c6e87bfaab64f5ccf7b.png" alt-text="An instance of uploading the package for configuration settings." lightbox="images/1626d138e6309c6e87bfaab64f5ccf7b.png":::
+ :::image type="content" source="media/1626d138e6309c6e87bfaab64f5ccf7b.png" alt-text="An instance of uploading the package for configuration settings." lightbox="media/1626d138e6309c6e87bfaab64f5ccf7b.png":::
9. Navigate to the **Policies** page.
Follow the instructions on [Schedule scans with Microsoft Defender for Endpoint
10. Select **+ New** to create a new policy.
- :::image type="content" source="images/847b70e54ed04787e415f5180414b310.png" alt-text="The configuration settings new policy." lightbox="images/847b70e54ed04787e415f5180414b310.png":::
+ :::image type="content" source="media/847b70e54ed04787e415f5180414b310.png" alt-text="The configuration settings new policy." lightbox="media/847b70e54ed04787e415f5180414b310.png":::
11. In **General**, enter the Display name **MDATP Onboarding Contoso 200329 v100.86.92 or later**.
- :::image type="content" source="images/625ba6d19e8597f05e4907298a454d28.png" alt-text="The configuration settings - MDATP onboard." lightbox="images/625ba6d19e8597f05e4907298a454d28.png":::
+ :::image type="content" source="mediATP onboard." lightbox="media/625ba6d19e8597f05e4907298a454d28.png":::
12. Select **Recurring Check-in**.
- :::image type="content" source="images/68bdbc5754dfc80aa1a024dde0fce7b0.png" alt-text="The recurring check-in for the configuration settings." lightbox="images/68bdbc5754dfc80aa1a024dde0fce7b0.png":::
+ :::image type="content" source="media/68bdbc5754dfc80aa1a024dde0fce7b0.png" alt-text="The recurring check-in for the configuration settings." lightbox="media/68bdbc5754dfc80aa1a024dde0fce7b0.png":::
13. Select **Save**. 14. Select **Packages > Configure**.
- :::image type="content" source="images/8fb4cc03721e1efb4a15867d5241ebfb.png" alt-text="The option to configure packages." lightbox="images/8fb4cc03721e1efb4a15867d5241ebfb.png":::
+ :::image type="content" source="media/8fb4cc03721e1efb4a15867d5241ebfb.png" alt-text="The option to configure packages." lightbox="media/8fb4cc03721e1efb4a15867d5241ebfb.png":::
15. Select the **Add** button next to **Microsoft Defender Advanced Threat Protection and Microsoft Defender Antivirus**.
- :::image type="content" source="images/526b83fbdbb31265b3d0c1e5fbbdc33a.png" alt-text="The option to add more settings to MDATP MDA." lightbox="images/526b83fbdbb31265b3d0c1e5fbbdc33a.png":::
+ :::image type="content" source="mediA." lightbox="media/526b83fbdbb31265b3d0c1e5fbbdc33a.png":::
16. Select **Save**.
- :::image type="content" source="images/9d6e5386e652e00715ff348af72671c6.png" alt-text="The save option for the configuration settings." lightbox="images/9d6e5386e652e00715ff348af72671c6.png":::
+ :::image type="content" source="media/9d6e5386e652e00715ff348af72671c6.png" alt-text="The save option for the configuration settings." lightbox="media/9d6e5386e652e00715ff348af72671c6.png":::
17. Create a smart group for machines with Microsoft Defender profiles.
Follow the instructions on [Schedule scans with Microsoft Defender for Endpoint
18. Select the **Scope** tab.
- :::image type="content" source="images/8d80fe378a31143db9be0bacf7ddc5a3.png" alt-text="The Scope tab related to the configuration settings." lightbox="images/8d80fe378a31143db9be0bacf7ddc5a3.png":::
+ :::image type="content" source="media/8d80fe378a31143db9be0bacf7ddc5a3.png" alt-text="The Scope tab related to the configuration settings." lightbox="media/8d80fe378a31143db9be0bacf7ddc5a3.png":::
19. Select the target computers.
- :::image type="content" source="images/6eda18a64a660fa149575454e54e7156.png" alt-text="The option to add computer groups." lightbox="images/6eda18a64a660fa149575454e54e7156.png":::
+ :::image type="content" source="media/6eda18a64a660fa149575454e54e7156.png" alt-text="The option to add computer groups." lightbox="media/6eda18a64a660fa149575454e54e7156.png":::
Under **Scope**, select **Add**.
- :::image type="content" source="images/1c08d097829863778d562c10c5f92b67.png" alt-text="The configuration settings - ad1." lightbox="images/1c08d097829863778d562c10c5f92b67.png":::
+ :::image type="content" source="media/1c08d097829863778d562c10c5f92b67.png" alt-text="The configuration settings - ad1." lightbox="media/1c08d097829863778d562c10c5f92b67.png":::
Switch to the **Computer Groups** tab. Find the smart group you created, and **Add** it.
- :::image type="content" source="images/216253cbfb6ae738b9f13496b9c799fd.png" alt-text="The configuration settings - ad2." lightbox="images/216253cbfb6ae738b9f13496b9c799fd.png":::
+ :::image type="content" source="media/216253cbfb6ae738b9f13496b9c799fd.png" alt-text="The configuration settings - ad2." lightbox="media/216253cbfb6ae738b9f13496b9c799fd.png":::
Select **Self-Service**, if you want users to install Microsoft Defender voluntarily, on demand.
Follow the instructions on [Schedule scans with Microsoft Defender for Endpoint
20. Select **Done**.
- :::image type="content" source="images/99679a7835b0d27d0a222bc3fdaf7f3b.png" alt-text="The Contoso onboarding status with an option to complete it." lightbox="images/99679a7835b0d27d0a222bc3fdaf7f3b.png":::
+ :::image type="content" source="media/99679a7835b0d27d0a222bc3fdaf7f3b.png" alt-text="The Contoso onboarding status with an option to complete it." lightbox="media/99679a7835b0d27d0a222bc3fdaf7f3b.png":::
- :::image type="content" source="images/632aaab79ae18d0d2b8e0c16b6ba39e2.png" alt-text="The policies page." lightbox="images/632aaab79ae18d0d2b8e0c16b6ba39e2.png":::
+ :::image type="content" source="media/632aaab79ae18d0d2b8e0c16b6ba39e2.png" alt-text="The policies page." lightbox="media/632aaab79ae18d0d2b8e0c16b6ba39e2.png":::
## Configuration profile scope
security Machines View Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/machines-view-overview.md
Last updated 12/18/2020
The **Device inventory** shows a list of the devices in your network where alerts were generated. By default, the queue displays devices seen in the last 30 days.
-At a glance you see information such as domain, risk level, OS platform, and other details for easy identification of devices most at risk.
+At a glance, you see information such as domain, risk level, OS platform, and other details for easy identification of devices most at risk.
> [!NOTE] > The device inventory is available in different Microsoft Defender XDR services. The information available to you will differ depending on your license. You'll get the most complete set of capabilities when using [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037). > [!NOTE]
-> Risk Level which can influence enforcement of conditional access and other security policies on Microsoft Intune, is available in Windows today.
+> Risk Level which can influence enforcement of conditional access and other security policies on Microsoft Intune, is available in Windows today.
There are several options you can choose from to customize the devices list view. On the top navigation you can:
Access the device inventory page by selecting **Devices** from the **Assets** na
## Device inventory overview
-The device inventory opens on the **Computers and Mobile** tab. At a glance you see information such as device name, domain, risk level, exposure level, OS platform, onboarding status, sensor health state, and other details for easy identification of devices most at risk.
+The device inventory opens on the **Computers and Mobile** tab. You can see at a glance information such as device name, domain, risk level, exposure level, OS platform, criticality level, onboarding status, sensor health state, and other details for easy identification of devices most at risk.
+
+The **Classify critical assets** card allows you to define device groups as business critical. You might also see the **Attack path warning** card, which takes you to Attack paths to examine if any of your assets are part of an attack path. For more information, see [Overview of attack paths](/security-exposure-management/work-attack-paths-overview).
+
+> [!NOTE]
+> Classify critical assets and attack path information is part of Microsoft Security Exposure Management, which is currently in public preview.
Use the **Onboarding Status** column to sort and filter by discovered devices, and devices that are already onboarded to Microsoft Defender for Endpoint. :::image type="content" alt-text="Image of devices list with list of devices." source="images/device-inventory.png" lightbox="images/device-inventory.png":::
+From the **Network devices** and **IoT devices** tabs, you'll also see information such as vendor, model, and device type:
From the **Network devices** and **IoT devices** tabs, you'll also see information such as vendor, model, and device type: :::image type="content" alt-text="Image of network devices list." source="images/device-inventory-networkdevices.png" lightbox="images/device-inventory-networkdevices.png":::
From the **Network devices** and **IoT devices** tabs, you'll also see informati
> > When Defender for IoT is configured, you also can view the devices there. See [Manage your IoT devices with the device inventory for organizations](/azure/defender-for-iot/organizations/how-to-manage-device-inventory-for-organizations).
-At the top of each device inventory tab, you can see the total number of devices, the number of devices that aren't yet onboarded, and the number of devices that are identified as a higher risk to your organization. You can use this information to help you prioritize devices for security posture improvements.
+At the top of each device inventory tab, you can see:
+
+- The total number of devices.
+- The number of devices that aren't yet onboarded.
+- The number of devices that are identified as a higher risk to your organization.
+- The number of your business critical assets.
+
+You can use this information to help you prioritize devices for security posture improvements.
The **Newly discovered** device count for network devices and IoT devices tabs, shows the number of new devices discovered, in the last 7 days, listed in the current view.
There are several options you can choose from to customize the device inventory
You can use the sort and filter functionality available on each device inventory tab to get a more focused view, and to help you assess and manage the devices in your organization.
-The counts on the top of each tab will be updated based on the current view.
+The counts on the top of each tab are updated based on the current view.
## Use filters to customize the device inventory views Filter | Description :|: **Risk level** | The risk level reflects the overall risk assessment of the device based on a combination of factors, including the types and severity of active alerts on the device. Resolving active alerts, approving remediation activities, and suppressing subsequent alerts can lower the risk level.
-**Exposure level** | The exposure level reflects the current exposure of the device based on the cumulative impact of its pending security recommendations. The possible levels are low, medium, and high. Low exposure means your devices are less vulnerable from exploitation. </br> </br> If the exposure level says "No data available," there are a few reasons why:</br>- Device stopped reporting for more than 30 days. In that case it's considered inactive, and the exposure isn't computed.</br>- Device OS not supported - see [minimum requirements for Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/minimum-requirements).</br>- Device with stale agent (unlikely).
+**Exposure level** | The exposure level reflects the current exposure of the device based on the cumulative impact of its pending security recommendations. The possible levels are low, medium, and high. Low exposure means your devices are less vulnerable from exploitation.</br></br> If the exposure level says "No data available," there are a few reasons why:</br>- Device stopped reporting for more than 30 days. In that case it's considered inactive, and the exposure isn't computed.</br>- Device OS not supported - see [minimum requirements for Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/minimum-requirements).</br>- Device with stale agent (unlikely).
+**Criticality level** | The criticality level reflects how critical a device is for your organization. The possible levels are low, medium, high, or very high. Very high means that the device is considered a business critical asset. For more information, see [Overview of critical asset management](/security-exposure-management/critical-asset-management).
**Tags** | Filter the list based on the grouping and tagging that you've added to individual devices. See [Create and manage device tags](machine-tags.md). **Device value** | Filter the list based on whether the device is marked as high value or low value.
-**Exclusion state** | Filter the list based on whether or not the device is excluded. For more information, see [Exclude devices](exclude-devices.md).
+**Exclusion state** | Filter the list based on whether the device is excluded or not. For more information, see [Exclude devices](exclude-devices.md).
**OS Platform** | Filter by the OS platforms you're interested in investigating </br></br>(_Computers and mobile and IoT devices only_)
+**First seen** | Filter your view based on when the device was first seen in the network or when it was first reported by the Microsoft Defender for Endpoint sensor.</br></br>(_Computers and mobile and IoT devices only_)
+**Windows version** | Filter by the Windows versions you're interested in investigating. If 'future version' appears in the Windows version field, it can mean:</br></br> - This is a pre-release build for a future Windows release</br> - The build has no version name</br> - The build version name isn't yet supported </br></br> In all these scenarios, where available, the full OS version can be seen in the device details page.</br></br> (_Computers and mobile only_)
+**Sensor health state** | Filter by the following sensor health states, for devices onboard to Microsoft Defender for Endpoint:</br> - **Active**: Devices that are actively reporting sensor data to the service.</br> - **Inactive**: Devices that have stopped sending signals for more than seven days.</br> - **Misconfigured**: Devices that have impaired communications with service or are unable to send sensor data.</br> Misconfigured devices can further be classified to: </br> - No sensor data </br> - Impaired communications </br> For more information on how to address issues on misconfigured devices, see [Fix unhealthy sensors](/microsoft-365/security/defender-endpoint/fix-unhealthy-sensors).</br></br> (_Computers and mobile only_)
+**Onboarding status** | Onboarding status indicates whether the device is currently onboarded to Microsoft Defender for Endpoint or not. Device discovery must be enabled for this filter to appear. You can filter by the following states: </br> - **Onboarded**: The endpoint is onboarded to Microsoft Defender for Endpoint.</br> - **Can be onboarded**: The endpoint was discovered in the network as a supported device, but isn't currently onboarded. Microsoft highly recommends onboarding these devices.</br> - **Unsupported**: The endpoint was discovered in the network, but isn't supported by Microsoft Defender for Endpoint.</br> - **Insufficient info**: The system couldn't determine the supportability of the device.</br></br> (_Computers and mobile only_)
**First seen** | Filter your view based on when the device was first seen in the network or when it's first reported by the Microsoft Defender for Endpoint sensor.</br></br>(_Computers and mobile and IoT devices only_) **Windows version** | Filter by the Windows versions you're interested in investigating. If 'future version' appears in the Windows version field, it can mean:</br></br> - This is a prerelease build for a future Windows release</br> - The build has no version name</br> - The build version name isn't yet supported </br></br> In all these scenarios, where available, the full OS version can be seen in the device details page.</br></br> (_Computers and mobile only_)
-**Sensor health state** | Filter by the following sensor health states, for devices onboard to Microsoft Defender for Endpoint:</br> - **Active**: Devices that are actively reporting sensor data to the service.</br> - **Inactive**: Devices that stopped sending signals for more than seven days. </br> - **Misconfigured**: Devices that have impaired communications with service or are unable to send sensor data. </br> Misconfigured devices can further be classified to: </br> - No sensor data </br> - Impaired communications </br> For more information on how to address issues on misconfigured devices, see, [Fix unhealthy sensors](/microsoft-365/security/defender-endpoint/fix-unhealthy-sensors).</br></br> (_Computers and mobile only_)
-**Onboarding status** | Onboarding status indicates whether the device is currently onboarded to Microsoft Defender for Endpoint or not. Device discovery must be enabled for this filter to appear. You can filter by the following states: </br> - **Onboarded**: The endpoint is onboarded to Microsoft Defender for Endpoint. </br> - **Can be onboarded**: The endpoint was discovered in the network as a supported device, but it's not currently onboarded. Microsoft highly recommends onboarding these devices. </br> - **Unsupported**: The endpoint was discovered in the network, but isn't supported by Microsoft Defender for Endpoint. </br> - **Insufficient info**: The system couldn't determine the supportability of the device.</br></br> (_Computers and mobile only_)
+**Sensor health state** | Filter by the following sensor health states, for devices onboard to Microsoft Defender for Endpoint:</br> - **Active**: Devices that are actively reporting sensor data to the service.</br> - **Inactive**: Devices that stopped sending signals for more than seven days.</br> - **Misconfigured**: Devices that have impaired communications with service or are unable to send sensor data.</br> Misconfigured devices can further be classified to: </br> - No sensor data </br> - Impaired communications </br> For more information on how to address issues on misconfigured devices, see, [Fix unhealthy sensors](/microsoft-365/security/defender-endpoint/fix-unhealthy-sensors).</br></br> (_Computers and mobile only_)
+**Onboarding status** | Onboarding status indicates whether the device is currently onboarded to Microsoft Defender for Endpoint or not. Device discovery must be enabled for this filter to appear. You can filter by the following states: </br> - **Onboarded**: The endpoint is onboarded to Microsoft Defender for Endpoint. </br> - **Can be onboarded**: The endpoint was discovered in the network as a supported device, but it's not currently onboarded. Microsoft highly recommends onboarding these devices.</br> - **Unsupported**: The endpoint was discovered in the network, but isn't supported by Microsoft Defender for Endpoint.</br> - **Insufficient info**: The system couldn't determine the supportability of the device.</br></br> (_Computers and mobile only_)
**Antivirus status** | Filter the view based on whether the antivirus status is disabled, not updated or unknown.</br></br> (_Computers and mobile only_)
-**Group** | Filter the list based on the group you're interested in investigating. </br></br> (_Computers and mobile only_)
+**Group** | Filter the list based on the group you're interested in investigating.</br></br> (_Computers and mobile only_)
**Managed by** | Managed by indicates how the device is being managed. You can filter by:</br> - Microsoft Defender for Endpoint</br> - Microsoft Intune, including co-management with Microsoft Configuration Manager via tenant attach</br>- Microsoft Configuration manager (ConfigMgr)</br> - Unknown: This issue could be due the running an outdated Windows version, GPO management, or another non-Microsoft MDM.</br></br> (_Computers and mobile only_) **Device Type** | Filter by the device type you're interested in investigating.</br></br> (_IoT devices only_) **Mitigation status** | Filter by isolation or containment status of a device.
On the **IoT devices** tab, select **Customize columns** to see the columns avai
## Related articles
-[Investigate devices in the Microsoft Defender for Endpoint Devices list](investigate-machines.md)
+[Investigate devices in the Microsoft Defender for Endpoint Devices list](investigate-machines.md).
[!INCLUDE [Microsoft Defender for Endpoint Tech Community](../../includes/defender-mde-techcommunity.md)]
security Manage Sys Extensions Manual Deployment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-sys-extensions-manual-deployment.md
If you run systemextensionsctl list, the following screen appears:
2. Select **Accessibility** from the left navigation pane, and click **+**.
- :::image type="content" source="images/accessibility-and-plus-icon.png" alt-text="The Accessibility menu item and the Plus icon." lightbox="images/accessibility-and-plus-icon.png":::
+ :::image type="content" source="media/accessibility-and-plus-icon.png" alt-text="The Accessibility menu item and the Plus icon." lightbox="media/accessibility-and-plus-icon.png":::
3. From the resultant screen, select **Applications** from the **Favorites** pane in the left-side of the screen; select **Microsoft Defender**; and then select **Open** at the bottom-right of the screen.
- :::image type="content" source="images/applications-md-options.png" alt-text="The process of selecting Applications and Microsoft Defender." lightbox="images/applications-md-options.png":::
+ :::image type="content" source="medi-options.png":::
4. From the resultant screen, check the **Microsoft Defender** checkbox.
security Microsoft Defender Antivirus Updates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-updates.md
Title: Microsoft Defender Antivirus security intelligence and product updates
description: Manage how Microsoft Defender Antivirus receives protection and product updates. ms.localizationpriority: high Previously updated : 03/07/2024 Last updated : 03/12/2024 audience: ITPro
All our updates contain
- Serviceability improvements - Integration improvements (Cloud, [Microsoft Defender XDR](/microsoft-365/security/defender/microsoft-365-defender))
-### February-2024 (Engine: 1.1.24020.9 | Platform: 4.18.24020.xx)
+### February-2024 (Engine: 1.1.24020.9 | Platform: 4.18.24020.7)
- Security intelligence update version: **1.407.46.0**-- Release date: **March 6, 2024** (Engine) / **To be confirmed** (Platform)-- Platform: **4.18.24020.xx** (*version number coming soon*)
+- Release date: **March 6, 2024** (Engine) / **March 12, 2024** (Platform)
- Engine: **1.1.24020.9**
+- Platform: **4.18.24020.7**
- Support phase: **Security and Critical Updates** #### What's new - Improved support for virtualizing while compressing or decompressing zip files - Improved reporting in the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) for block-only remediations
+- Reduced the number of false positives for [attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) for known trusted processes
+- Improved [Get-MpPreference](/powershell/module/defender/get-mppreference) logic for proxy bypass settings
+- Extended the toast notification support for [Indicators of Compromise](/microsoft-365/security/defender-endpoint/manage-indicators#indicator-of-compromise-ioc-overview) (IoC) detections
#### Known issues
security Microsoft Defender Endpoint https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint.md
Defender for Endpoint uses the following combination of technology built into Wi
<td><a href="#asr"><center><img src="images/asr-icon.png" alt="Attack surface reduction"><br><b>Attack surface reduction</b></center></a></td> <td><center><a href="#ngp"><img src="images/ngp-icon.png" alt="Next-generation protection"><br> <b>Next-generation protection</b></a></center></td> <td><center><a href="#edr"><img src="images/edr-icon.png" alt="Endpoint detection and response"><br> <b>Endpoint detection and response</b></a></center></td>
-<td><center><a href="#ai"><img src="images/air-icon.png" alt="Automated investigation and remediation"><br> <b>Automated investigation and remediation</b></a></center></td>
+<td><center><a href="#ai"><img src="media/air-icon.png" alt="Automated investigation and remediation"><br> <b>Automated investigation and remediation</b></a></center></td>
<td><center><a href="#mte"><img src="images/mte-icon.png" alt="Microsoft Threat Experts"><br> <b>Microsoft Threat Experts</b></a></center></td> </tr> <tr>
security Onboarding Endpoint Configuration Manager https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/onboarding-endpoint-configuration-manager.md
Follow the steps below to identify the Defender for Endpoint Workspace ID and Wo
3. Copy the **Workspace ID** and **Workspace Key** and save them. They'll be used later in the process.
- :::image type="content" source="images/91b738e4b97c4272fd6d438d8c2d5269.png" alt-text="The onboarding process" lightbox="images/91b738e4b97c4272fd6d438d8c2d5269.png":::
+ :::image type="content" source="media/91b738e4b97c4272fd6d438d8c2d5269.png" alt-text="The onboarding process" lightbox="media/91b738e4b97c4272fd6d438d8c2d5269.png":::
4. Install the Microsoft Monitoring Agent (MMA).
Microsoft Defender Antivirus is a built-in anti-malware solution that provides n
1. In the Microsoft Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Antimalware Polices** and choose **Create Antimalware Policy**.
- :::image type="content" source="images/9736e0358e86bc778ce1bd4c516adb8b.png" alt-text="The antimalware policy" lightbox="images/9736e0358e86bc778ce1bd4c516adb8b.png":::
+ :::image type="content" source="media/9736e0358e86bc778ce1bd4c516adb8b.png" alt-text="The antimalware policy" lightbox="media/9736e0358e86bc778ce1bd4c516adb8b.png":::
2. Select **Scheduled scans**, **Scan settings**, **Default actions**, **Real-time protection**, **Exclusion settings**, **Advanced**, **Threat overrides**, **Cloud Protection Service** and **Security intelligence updates** and choose **OK**.
- :::image type="content" source="images/1566ad81bae3d714cc9e0d47575a8cbd.png" alt-text="The next-generation protection pane1" lightbox="images/1566ad81bae3d714cc9e0d47575a8cbd.png":::
+ :::image type="content" source="media/1566ad81bae3d714cc9e0d47575a8cbd.png" alt-text="The next-generation protection pane1" lightbox="media/1566ad81bae3d714cc9e0d47575a8cbd.png":::
In certain industries or some select enterprise customers might have specific needs on how Antivirus is configured.
Microsoft Defender Antivirus is a built-in anti-malware solution that provides n
:::image type="content" source="images/cd7daeb392ad5a36f2d3a15d650f1e96.png" alt-text="The next-generation protection pane2" lightbox="images/cd7daeb392ad5a36f2d3a15d650f1e96.png":::
- :::image type="content" source="images/36c7c2ed737f2f4b54918a4f20791d4b.png" alt-text="The next-generation protection pane3" lightbox="images/36c7c2ed737f2f4b54918a4f20791d4b.png":::
+ :::image type="content" source="media/36c7c2ed737f2f4b54918a4f20791d4b.png" alt-text="The next-generation protection pane3" lightbox="media/36c7c2ed737f2f4b54918a4f20791d4b.png":::
- :::image type="content" source="images/a28afc02c1940d5220b233640364970c.png" alt-text="The next-generation protection pane4" lightbox="images/a28afc02c1940d5220b233640364970c.png":::
+ :::image type="content" source="media/a28afc02c1940d5220b233640364970c.png" alt-text="The next-generation protection pane4" lightbox="media/a28afc02c1940d5220b233640364970c.png":::
- :::image type="content" source="images/5420a8790c550f39f189830775a6d4c9.png" alt-text="The next-generation protection pane5" lightbox="images/5420a8790c550f39f189830775a6d4c9.png":::
+ :::image type="content" source="media/5420a8790c550f39f189830775a6d4c9.png" alt-text="The next-generation protection pane5" lightbox="media/5420a8790c550f39f189830775a6d4c9.png":::
- :::image type="content" source="images/33f08a38f2f4dd12a364f8eac95e8c6b.png" alt-text="The next-generation protection pane6" lightbox="images/33f08a38f2f4dd12a364f8eac95e8c6b.png":::
+ :::image type="content" source="media/33f08a38f2f4dd12a364f8eac95e8c6b.png" alt-text="The next-generation protection pane6" lightbox="media/33f08a38f2f4dd12a364f8eac95e8c6b.png":::
- :::image type="content" source="images/41b9a023bc96364062c2041a8f5c344e.png" alt-text="The next-generation protection pane7" lightbox="images/41b9a023bc96364062c2041a8f5c344e.png":::
+ :::image type="content" source="media/41b9a023bc96364062c2041a8f5c344e.png" alt-text="The next-generation protection pane7" lightbox="media/41b9a023bc96364062c2041a8f5c344e.png":::
- :::image type="content" source="images/945c9c5d66797037c3caeaa5c19f135c.png" alt-text="The next-generation protection pane8" lightbox="images/945c9c5d66797037c3caeaa5c19f135c.png":::
+ :::image type="content" source="media/945c9c5d66797037c3caeaa5c19f135c.png" alt-text="The next-generation protection pane8" lightbox="media/945c9c5d66797037c3caeaa5c19f135c.png":::
- :::image type="content" source="images/3876ca687391bfc0ce215d221c683970.png" alt-text="The next-generation protection pane9" lightbox="images/3876ca687391bfc0ce215d221c683970.png":::
+ :::image type="content" source="media/3876ca687391bfc0ce215d221c683970.png" alt-text="The next-generation protection pane9" lightbox="media/3876ca687391bfc0ce215d221c683970.png":::
3. Right-click on the newly created anti-malware policy and select **Deploy**.
To set attack surface reduction rules in test mode:
1. In the Microsoft Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
- :::image type="content" source="images/728c10ef26042bbdbcd270b6343f1a8a.png" alt-text="The Microsoft Configuration Manager console0" lightbox="images/728c10ef26042bbdbcd270b6343f1a8a.png":::
+ :::image type="content" source="media/728c10ef26042bbdbcd270b6343f1a8a.png" alt-text="The Microsoft Configuration Manager console0" lightbox="media/728c10ef26042bbdbcd270b6343f1a8a.png":::
2. Select **Attack Surface Reduction**.
To set attack surface reduction rules in test mode:
4. Confirm the new Exploit Guard policy by selecting **Next**.
- :::image type="content" source="images/0a6536f2c4024c08709cac8fcf800060.png" alt-text="The Microsoft Configuration Manager console2" lightbox="images/0a6536f2c4024c08709cac8fcf800060.png":::
+ :::image type="content" source="media/0a6536f2c4024c08709cac8fcf800060.png" alt-text="The Microsoft Configuration Manager console2" lightbox="media/0a6536f2c4024c08709cac8fcf800060.png":::
5. Once the policy is created select **Close**.
- :::image type="content" source="images/95d23a07c2c8bc79176788f28cef7557.png" alt-text="The Microsoft Configuration Manager console3" lightbox="images/95d23a07c2c8bc79176788f28cef7557.png":::
+ :::image type="content" source="media/95d23a07c2c8bc79176788f28cef7557.png" alt-text="The Microsoft Configuration Manager console3" lightbox="media/95d23a07c2c8bc79176788f28cef7557.png":::
6. Right-click on the newly created policy and choose **Deploy**.
- :::image type="content" source="images/8999dd697e3b495c04eb911f8b68a1ef.png" alt-text="The Microsoft Configuration Manager console4" lightbox="images/8999dd697e3b495c04eb911f8b68a1ef.png":::
+ :::image type="content" source="media/8999dd697e3b495c04eb911f8b68a1ef.png" alt-text="The Microsoft Configuration Manager console4" lightbox="media/8999dd697e3b495c04eb911f8b68a1ef.png":::
7. Target the policy to the newly created Windows collection and select **OK**.
- :::image type="content" source="images/0ccfe3e803be4b56c668b220b51da7f7.png" alt-text="The Microsoft Configuration Manager console5" lightbox="images/0ccfe3e803be4b56c668b220b51da7f7.png":::
+ :::image type="content" source="media/0ccfe3e803be4b56c668b220b51da7f7.png" alt-text="The Microsoft Configuration Manager console5" lightbox="media/0ccfe3e803be4b56c668b220b51da7f7.png":::
After completing this task, you now have successfully configured attack surface reduction rules in test mode.
Below are more steps to verify whether attack surface reduction rules are correc
5. Select each device shows configuration details of attack surface reduction rules.
- :::image type="content" source="images/24bfb16ed561cbb468bd8ce51130ca9d.png" alt-text="The attack surface reduction rules reports2" lightbox="images/24bfb16ed561cbb468bd8ce51130ca9d.png":::
+ :::image type="content" source="media/24bfb16ed561cbb468bd8ce51130ca9d.png" alt-text="The attack surface reduction rules reports2" lightbox="media/24bfb16ed561cbb468bd8ce51130ca9d.png":::
See [Optimize attack surface reduction rule deployment and detections](/microsoft-365/security/defender-endpoint/configure-machines-asr) for more details.
See [Optimize attack surface reduction rule deployment and detections](/microsof
1. In the Microsoft Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
- :::image type="content" source="images/728c10ef26042bbdbcd270b6343f1a8a.png" alt-text="The System Center Configuration Manager1" lightbox="images/728c10ef26042bbdbcd270b6343f1a8a.png":::
+ :::image type="content" source="media/728c10ef26042bbdbcd270b6343f1a8a.png" alt-text="The System Center Configuration Manager1" lightbox="media/728c10ef26042bbdbcd270b6343f1a8a.png":::
2. Select **Network protection**.
See [Optimize attack surface reduction rule deployment and detections](/microsof
4. Confirm the new Exploit Guard Policy by selecting **Next**.
- :::image type="content" source="images/0a6536f2c4024c08709cac8fcf800060.png" alt-text="The Exploit Guard policy1" lightbox="images/0a6536f2c4024c08709cac8fcf800060.png":::
+ :::image type="content" source="media/0a6536f2c4024c08709cac8fcf800060.png" alt-text="The Exploit Guard policy1" lightbox="media/0a6536f2c4024c08709cac8fcf800060.png":::
5. Once the policy is created select on **Close**.
- :::image type="content" source="images/95d23a07c2c8bc79176788f28cef7557.png" alt-text="The Exploit Guard policy2" lightbox="images/95d23a07c2c8bc79176788f28cef7557.png":::
+ :::image type="content" source="media/95d23a07c2c8bc79176788f28cef7557.png" alt-text="The Exploit Guard policy2" lightbox="media/95d23a07c2c8bc79176788f28cef7557.png":::
6. Right-click on the newly created policy and choose **Deploy**.
- :::image type="content" source="images/8999dd697e3b495c04eb911f8b68a1ef.png" alt-text="The Microsoft Configuration Manager-1" lightbox="images/8999dd697e3b495c04eb911f8b68a1ef.png":::
+ :::image type="content" source="media/8999dd697e3b495c04eb911f8b68a1ef.png" alt-text="The Microsoft Configuration Manager-1" lightbox="media/8999dd697e3b495c04eb911f8b68a1ef.png":::
7. Select the policy to the newly created Windows collection and choose **OK**.
- :::image type="content" source="images/0ccfe3e803be4b56c668b220b51da7f7.png" alt-text="The Microsoft Configuration Manager-2" lightbox="images/0ccfe3e803be4b56c668b220b51da7f7.png":::
+ :::image type="content" source="media/0ccfe3e803be4b56c668b220b51da7f7.png" alt-text="The Microsoft Configuration Manager-2" lightbox="media/0ccfe3e803be4b56c668b220b51da7f7.png":::
After completing this task, you now have successfully configured Network Protection in test mode.
After completing this task, you now have successfully configured Network Protect
1. In the Microsoft Configuration Manager console, navigate to **Assets and Compliance** > **Overview** > **Endpoint Protection** > **Windows Defender Exploit Guard** and then choose **Create Exploit Guard Policy**.
- :::image type="content" source="images/728c10ef26042bbdbcd270b6343f1a8a.png" alt-text="The Microsoft Configuration Manager-3" lightbox="images/728c10ef26042bbdbcd270b6343f1a8a.png":::
+ :::image type="content" source="media/728c10ef26042bbdbcd270b6343f1a8a.png" alt-text="The Microsoft Configuration Manager-3" lightbox="media/728c10ef26042bbdbcd270b6343f1a8a.png":::
2. Select **Controlled folder access**. 3. Set the configuration to **Audit** and select **Next**.
- :::image type="content" source="images/a8b934dab2dbba289cf64fe30e0e8aa4.png" alt-text="The Microsoft Configuration Manager-4" lightbox="images/a8b934dab2dbba289cf64fe30e0e8aa4.png":::
+ :::image type="content" source="media/a8b934dab2dbba289cf64fe30e0e8aa4.png" alt-text="The Microsoft Configuration Manager-4" lightbox="media/a8b934dab2dbba289cf64fe30e0e8aa4.png":::
4. Confirm the new Exploit Guard Policy by selecting **Next**.
- :::image type="content" source="images/0a6536f2c4024c08709cac8fcf800060.png" alt-text="The Microsoft Configuration Manager-5" lightbox="images/0a6536f2c4024c08709cac8fcf800060.png":::
+ :::image type="content" source="media/0a6536f2c4024c08709cac8fcf800060.png" alt-text="The Microsoft Configuration Manager-5" lightbox="media/0a6536f2c4024c08709cac8fcf800060.png":::
5. Once the policy is created select on **Close**.
- :::image type="content" source="images/95d23a07c2c8bc79176788f28cef7557.png" alt-text="The Microsoft Configuration Manager-6" lightbox="images/95d23a07c2c8bc79176788f28cef7557.png":::
+ :::image type="content" source="media/95d23a07c2c8bc79176788f28cef7557.png" alt-text="The Microsoft Configuration Manager-6" lightbox="media/95d23a07c2c8bc79176788f28cef7557.png":::
6. Right-click on the newly created policy and choose **Deploy**.
- :::image type="content" source="images/8999dd697e3b495c04eb911f8b68a1ef.png" alt-text="The Microsoft Configuration Manager-7" lightbox="images/8999dd697e3b495c04eb911f8b68a1ef.png":::
+ :::image type="content" source="media/8999dd697e3b495c04eb911f8b68a1ef.png" alt-text="The Microsoft Configuration Manager-7" lightbox="media/8999dd697e3b495c04eb911f8b68a1ef.png":::
7. Target the policy to the newly created Windows collection and select **OK**. You have now successfully configured Controlled folder access in test mode.
security Onboarding Endpoint Manager https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/onboarding-endpoint-manager.md
In this section, we create a test group to assign your configurations on.
2. Open **Groups > New Group**. > [!div class="mx-imgBorder"]
- > :::image type="content" source="images/66f724598d9c3319cba27f79dd4617a4.png" alt-text="The Microsoft Intune admin center1" lightbox="images/66f724598d9c3319cba27f79dd4617a4.png":::
+ > :::image type="content" source="media/66f724598d9c3319cba27f79dd4617a4.png" alt-text="The Microsoft Intune admin center1" lightbox="media/66f724598d9c3319cba27f79dd4617a4.png":::
3. Enter details and create a new group.
In this section, we create a test group to assign your configurations on.
7. Find your test user or device and select it. > [!div class="mx-imgBorder"]
- > :::image type="content" source="images/149cbfdf221cdbde8159d0ab72644cd0.png" alt-text="The Microsoft Intune admin center3" lightbox="images/149cbfdf221cdbde8159d0ab72644cd0.png":::
+ > :::image type="content" source="media/149cbfdf221cdbde8159d0ab72644cd0.png" alt-text="The Microsoft Intune admin center3" lightbox="media/149cbfdf221cdbde8159d0ab72644cd0.png":::
8. Your testing group now has a member to test.
Then, you continue by creating several different types of endpoint security poli
2. Navigate to **Endpoint security > Endpoint detection and response**. Select on **Create Policy**. > [!div class="mx-imgBorder"]
- > :::image type="content" source="images/58dcd48811147feb4ddc17212b7fe840.png" alt-text="The Microsoft Intune admin center4" lightbox="images/58dcd48811147feb4ddc17212b7fe840.png":::
+ > :::image type="content" source="media/58dcd48811147feb4ddc17212b7fe840.png" alt-text="The Microsoft Intune admin center4" lightbox="media/58dcd48811147feb4ddc17212b7fe840.png":::
3. Under **Platform, select Windows 10, Windows 11, and Windows Server, Profile - Endpoint detection and response > Create**.
Then, you continue by creating several different types of endpoint security poli
4. Enter a name and description, then select **Next**. > [!div class="mx-imgBorder"]
- > :::image type="content" source="images/a5b2d23bdd50b160fef4afd25dda28d4.png" alt-text="The Microsoft Intune admin center5" lightbox="images/a5b2d23bdd50b160fef4afd25dda28d4.png":::
+ > :::image type="content" source="media/a5b2d23bdd50b160fef4afd25dda28d4.png" alt-text="The Microsoft Intune admin center5" lightbox="media/a5b2d23bdd50b160fef4afd25dda28d4.png":::
5. Select settings as required, then select **Next**.
Then, you continue by creating several different types of endpoint security poli
> > The following image is an example of what you'll see when Microsoft Defender for Endpoint is NOT integrated with Intune: >
- > :::image type="content" source="images/2466460812371ffae2d19a10c347d6f4.png" alt-text="The Microsoft Intune admin center7" lightbox="images/2466460812371ffae2d19a10c347d6f4.png":::
+ > :::image type="content" source="media/2466460812371ffae2d19a10c347d6f4.png" alt-text="The Microsoft Intune admin center7" lightbox="media/2466460812371ffae2d19a10c347d6f4.png":::
6. Add scope tags if necessary, then select **Next**.
Then, you continue by creating several different types of endpoint security poli
8. Review and accept, then select **Create**. > [!div class="mx-imgBorder"]
- > :::image type="content" source="images/289172dbd7bd34d55d24810d9d4d8158.png" alt-text="The Microsoft Intune admin center10" lightbox="images/289172dbd7bd34d55d24810d9d4d8158.png":::
+ > :::image type="content" source="media/289172dbd7bd34d55d24810d9d4d8158.png" alt-text="The Microsoft Intune admin center10" lightbox="media/289172dbd7bd34d55d24810d9d4d8158.png":::
9. You can view your completed policy. > [!div class="mx-imgBorder"]
- > :::image type="content" source="images/5a568b6878be8243ea2b9d82d41ed297.png" alt-text="The Microsoft Intune admin center11" lightbox="images/5a568b6878be8243ea2b9d82d41ed297.png":::
+ > :::image type="content" source="media/5a568b6878be8243ea2b9d82d41ed297.png" alt-text="The Microsoft Intune admin center11" lightbox="media/5a568b6878be8243ea2b9d82d41ed297.png":::
### Next-generation protection
Then, you continue by creating several different types of endpoint security poli
2. Navigate to **Endpoint security > Antivirus > Create Policy**. > [!div class="mx-imgBorder"]
- > :::image type="content" source="images/6b728d6e0d71108d768e368b416ff8ba.png" alt-text="The Microsoft Intune admin center12" lightbox="images/6b728d6e0d71108d768e368b416ff8ba.png":::
+ > :::image type="content" source="media/6b728d6e0d71108d768e368b416ff8ba.png" alt-text="The Microsoft Intune admin center12" lightbox="media/6b728d6e0d71108d768e368b416ff8ba.png":::
3. Select **Platform - Windows 10 and Later - Windows and Profile - Microsoft Defender Antivirus > Create**. 4. Enter name and description, then select **Next**. > [!div class="mx-imgBorder"]
- > :::image type="content" source="images/a7d738dd4509d65407b7d12beaa3e917.png" alt-text="The Microsoft Intune admin center13" lightbox="images/a7d738dd4509d65407b7d12beaa3e917.png":::
+ > :::image type="content" source="media/a7d738dd4509d65407b7d12beaa3e917.png" alt-text="The Microsoft Intune admin center13" lightbox="media/a7d738dd4509d65407b7d12beaa3e917.png":::
5. In the **Configuration settings page**: Set the configurations you require for Microsoft Defender Antivirus (Cloud Protection, Exclusions, Real-Time Protection, and Remediation). > [!div class="mx-imgBorder"]
- > :::image type="content" source="images/3840b1576d6f79a1d72eb14760ef5e8c.png" alt-text="The Microsoft Intune admin center14" lightbox="images/3840b1576d6f79a1d72eb14760ef5e8c.png":::
+ > :::image type="content" source="media/3840b1576d6f79a1d72eb14760ef5e8c.png" alt-text="The Microsoft Intune admin center14" lightbox="media/3840b1576d6f79a1d72eb14760ef5e8c.png":::
6. Add scope tags if necessary, then select **Next**. > [!div class="mx-imgBorder"]
- > :::image type="content" source="images/2055e4f9b9141525c0eb681e7ba19381.png" alt-text="The Microsoft Intune admin center15" lightbox="images/2055e4f9b9141525c0eb681e7ba19381.png":::
+ > :::image type="content" source="media/2055e4f9b9141525c0eb681e7ba19381.png" alt-text="The Microsoft Intune admin center15" lightbox="media/2055e4f9b9141525c0eb681e7ba19381.png":::
7. Select groups to include, assign to your test group, then select **Next**. > [!div class="mx-imgBorder"]
- > :::image type="content" source="images/48318a51adee06bff3908e8ad4944dc9.png" alt-text="The Microsoft Intune admin center16" lightbox="images/48318a51adee06bff3908e8ad4944dc9.png":::
+ > :::image type="content" source="media/48318a51adee06bff3908e8ad4944dc9.png" alt-text="The Microsoft Intune admin center16" lightbox="media/48318a51adee06bff3908e8ad4944dc9.png":::
8. Review and create, then select **Create**.
Then, you continue by creating several different types of endpoint security poli
9. You see the configuration policy you created. > [!div class="mx-imgBorder"]
- > :::image type="content" source="images/38180219e632d6e4ec7bd25a46398da8.png" alt-text="The Microsoft Intune admin center18" lightbox="images/38180219e632d6e4ec7bd25a46398da8.png":::
+ > :::image type="content" source="media/38180219e632d6e4ec7bd25a46398da8.png" alt-text="The Microsoft Intune admin center18" lightbox="media/38180219e632d6e4ec7bd25a46398da8.png":::
### Attack Surface Reduction - Attack surface reduction rules
Then, you continue by creating several different types of endpoint security poli
rules > Create**. > [!div class="mx-imgBorder"]
- > :::image type="content" source="images/522d9bb4288dc9c1a957392b51384fdd.png" alt-text="The Microsoft Intune admin center19" lightbox="images/522d9bb4288dc9c1a957392b51384fdd.png":::
+ > :::image type="content" source="media/522d9bb4288dc9c1a957392b51384fdd.png" alt-text="The Microsoft Intune admin center19" lightbox="media/522d9bb4288dc9c1a957392b51384fdd.png":::
5. Enter a name and description, then select **Next**. > [!div class="mx-imgBorder"]
- > :::image type="content" source="images/a5a71fd73ec389f3cdce6d1a6bd1ff31.png" alt-text="The Microsoft Intune admin center20" lightbox="images/a5a71fd73ec389f3cdce6d1a6bd1ff31.png":::
+ > :::image type="content" source="media/a5a71fd73ec389f3cdce6d1a6bd1ff31.png" alt-text="The Microsoft Intune admin center20" lightbox="media/a5a71fd73ec389f3cdce6d1a6bd1ff31.png":::
6. In the **Configuration settings page**: Set the configurations you require for Attack surface reduction rules, then select **Next**.
Then, you continue by creating several different types of endpoint security poli
7. Add Scope Tags as required, then select **Next**. > [!div class="mx-imgBorder"]
- > :::image type="content" source="images/6daa8d347c98fe94a0d9c22797ff6f28.png" alt-text="The Microsoft Intune admin center22" lightbox="images/6daa8d347c98fe94a0d9c22797ff6f28.png":::
+ > :::image type="content" source="media/6daa8d347c98fe94a0d9c22797ff6f28.png" alt-text="The Microsoft Intune admin center22" lightbox="media/6daa8d347c98fe94a0d9c22797ff6f28.png":::
8. Select groups to include and assign to test group, then select **Next**. > [!div class="mx-imgBorder"]
- > :::image type="content" source="images/45cefc8e4e474321b4d47b4626346597.png" alt-text="The Microsoft Intune admin center23" lightbox="images/45cefc8e4e474321b4d47b4626346597.png":::
+ > :::image type="content" source="media/45cefc8e4e474321b4d47b4626346597.png" alt-text="The Microsoft Intune admin center23" lightbox="media/45cefc8e4e474321b4d47b4626346597.png":::
9. Review the details, then select **Create**. > [!div class="mx-imgBorder"]
- > :::image type="content" source="images/2c2e87c5fedc87eba17be0cdeffdb17f.png" alt-text="The Microsoft Intune admin center24" lightbox="images/2c2e87c5fedc87eba17be0cdeffdb17f.png":::
+ > :::image type="content" source="media/2c2e87c5fedc87eba17be0cdeffdb17f.png" alt-text="The Microsoft Intune admin center24" lightbox="media/2c2e87c5fedc87eba17be0cdeffdb17f.png":::
10. View the policy. > [!div class="mx-imgBorder"]
- > :::image type="content" source="images/7a631d17cc42500dacad4e995823ffef.png" alt-text="The Microsoft Intune admin center25" lightbox="images/7a631d17cc42500dacad4e995823ffef.png":::
+ > :::image type="content" source="media/7a631d17cc42500dacad4e995823ffef.png" alt-text="The Microsoft Intune admin center25" lightbox="media/7a631d17cc42500dacad4e995823ffef.png":::
### Attack Surface Reduction - Web Protection
Then, you continue by creating several different types of endpoint security poli
5. Enter a name and description, then select **Next**. > [!div class="mx-imgBorder"]
- > :::image type="content" source="images/5be573a60cd4fa56a86a6668b62dd808.png" alt-text="The Microsoft Intune admin center27" lightbox="images/5be573a60cd4fa56a86a6668b62dd808.png":::
+ > :::image type="content" source="media/5be573a60cd4fa56a86a6668b62dd808.png" alt-text="The Microsoft Intune admin center27" lightbox="media/5be573a60cd4fa56a86a6668b62dd808.png":::
6. In the **Configuration settings page**: Set the configurations you require for Web Protection, then select **Next**.
Then, you continue by creating several different types of endpoint security poli
> For more information, see [Web Protection](web-protection-overview.md). > [!div class="mx-imgBorder"]
- > :::image type="content" source="images/6104aa33a56fab750cf30ecabef9f5b6.png" alt-text="The Microsoft Intune admin center28" lightbox="images/6104aa33a56fab750cf30ecabef9f5b6.png":::
+ > :::image type="content" source="media/6104aa33a56fab750cf30ecabef9f5b6.png" alt-text="The Microsoft Intune admin center28" lightbox="media/6104aa33a56fab750cf30ecabef9f5b6.png":::
7. Add **Scope Tags as required > Next**. > [!div class="mx-imgBorder"]
- > :::image type="content" source="images/6daa8d347c98fe94a0d9c22797ff6f28.png" alt-text="The Microsoft Intune admin center29" lightbox="images/6daa8d347c98fe94a0d9c22797ff6f28.png":::
+ > :::image type="content" source="media/6daa8d347c98fe94a0d9c22797ff6f28.png" alt-text="The Microsoft Intune admin center29" lightbox="media/6daa8d347c98fe94a0d9c22797ff6f28.png":::
8. Select **Assign to test group > Next**. > [!div class="mx-imgBorder"]
- > :::image type="content" source="images/45cefc8e4e474321b4d47b4626346597.png" alt-text="The Microsoft Intune admin center30" lightbox="images/45cefc8e4e474321b4d47b4626346597.png":::
+ > :::image type="content" source="media/45cefc8e4e474321b4d47b4626346597.png" alt-text="The Microsoft Intune admin center30" lightbox="media/45cefc8e4e474321b4d47b4626346597.png":::
9. Select **Review and Create > Create**. > [!div class="mx-imgBorder"]
- > :::image type="content" source="images/8ee0405f1a96c23d2eb6f737f11c1ae5.png" alt-text="The Microsoft Intune admin center31" lightbox="images/8ee0405f1a96c23d2eb6f737f11c1ae5.png":::
+ > :::image type="content" source="media/8ee0405f1a96c23d2eb6f737f11c1ae5.png" alt-text="The Microsoft Intune admin center31" lightbox="media/8ee0405f1a96c23d2eb6f737f11c1ae5.png":::
10. View the policy.
To confirm that the configuration policy is applied to your test device, follow
preceding section. The following example shows the next generation protection settings. > [!div class="mx-imgBorder"]
- > [![Image of Microsoft Intune admin center33.](images/43ab6aa74471ee2977e154a4a5ef2d39.png)](images/43ab6aa74471ee2977e154a4a5ef2d39.png#lightbox)
+ > [![Image of Microsoft Intune admin center33.](media/43ab6aa74471ee2977e154a4a5ef2d39.png)](media/43ab6aa74471ee2977e154a4a5ef2d39.png#lightbox)
2. Select the **Configuration Policy** to view the policy status. > [!div class="mx-imgBorder"]
- > [![Image of Microsoft Intune admin center34.](images/55ecaca0e4a022f0e29d45aeed724e6c.png)](images/55ecaca0e4a022f0e29d45aeed724e6c.png#lightbox)
+ > [![Image of Microsoft Intune admin center34.](media/55ecaca0e4a022f0e29d45aeed724e6c.png)](media/55ecaca0e4a022f0e29d45aeed724e6c.png#lightbox)
3. Select **Device Status** to see the status. > [!div class="mx-imgBorder"]
- > [![Image of Microsoft Intune admin center35.](images/18a50df62cc38749000dbfb48e9a4c9b.png)](images/18a50df62cc38749000dbfb48e9a4c9b.png#lightbox)
+ > [![Image of Microsoft Intune admin center35.](media/18a50df62cc38749000dbfb48e9a4c9b.png)](media/18a50df62cc38749000dbfb48e9a4c9b.png#lightbox)
4. Select **User Status** to see the status. > [!div class="mx-imgBorder"]
- > [![Image of Microsoft Intune admin center36.](images/4e965749ff71178af8873bc91f9fe525.png)](images/4e965749ff71178af8873bc91f9fe525.png#lightbox)
+ > [![Image of Microsoft Intune admin center36.](media/4e965749ff71178af8873bc91f9fe525.png)](media/4e965749ff71178af8873bc91f9fe525.png#lightbox)
5. Select **Per-setting status** to see the status.
To confirm that the configuration policy is applied to your test device, follow
> This view is very useful to identify any settings that conflict with another policy. > [!div class="mx-imgBorder"]
- > [![Image of Microsoft Intune admin center37.](images/42acc69d0128ed09804010bdbdf0a43c.png)](images/42acc69d0128ed09804010bdbdf0a43c.png#lightbox)
+ > [![Image of Microsoft Intune admin center37.](media/42acc69d0128ed09804010bdbdf0a43c.png)](media/42acc69d0128ed09804010bdbdf0a43c.png#lightbox)
### Confirm endpoint detection and response
To confirm that the configuration policy is applied to your test device, follow
2. After the configuration is applied, the Defender for Endpoint Protection service should be started. > [!div class="mx-imgBorder"]
- > [![Image of Services panel2.](images/a621b699899f1b41db211170074ea59e.png)](images/a621b699899f1b41db211170074ea59e.png#lightbox)
+ > [![Image of Services panel2.](media/a621b699899f1b41db211170074ea59e.png)](media/a621b699899f1b41db211170074ea59e.png#lightbox)
3. After the services are running on the device, the device appears in Microsoft Defender portal.
To confirm that the configuration policy is applied to your test device, follow
manage the settings as shown in the following image: > [!div class="mx-imgBorder"]
- > :::image type="content" source="images/88efb4c3710493a53f2840c3eac3e3d3.png" alt-text="The settings page-1" lightbox="images/88efb4c3710493a53f2840c3eac3e3d3.png":::
+ > :::image type="content" source="media/88efb4c3710493a53f2840c3eac3e3d3.png" alt-text="The settings page-1" lightbox="media/88efb4c3710493a53f2840c3eac3e3d3.png":::
2. After the policy is applied, you shouldn't be able to manually manage the settings.
To confirm that the configuration policy is applied to your test device, follow
> **Turn on real-time protection** are being shown as managed. > [!div class="mx-imgBorder"]
- > :::image type="content" source="images/9341428b2d3164ca63d7d4eaa5cff642.png" alt-text="The settings page-2" lightbox="images/9341428b2d3164ca63d7d4eaa5cff642.png":::
+ > :::image type="content" source="media/9341428b2d3164ca63d7d4eaa5cff642.png" alt-text="The settings page-2" lightbox="media/9341428b2d3164ca63d7d4eaa5cff642.png":::
### Confirm Attack Surface Reduction - Attack surface reduction rules
To confirm that the configuration policy is applied to your test device, follow
4. You should see the following lines with content, as shown in the following image:
- :::image type="content" source="images/619fb877791b1fc8bc7dfae1a579043d.png" alt-text="The command line-2" lightbox="images/619fb877791b1fc8bc7dfae1a579043d.png":::
+ :::image type="content" source="media/619fb877791b1fc8bc7dfae1a579043d.png" alt-text="The command line-2" lightbox="media/619fb877791b1fc8bc7dfae1a579043d.png":::
### Confirm Attack Surface Reduction - Web Protection
To confirm that the configuration policy is applied to your test device, follow
2. This should respond with a 0 as shown in the following image:
- :::image type="content" source="images/196a8e194ac99d84221f405d0f684f8c.png" alt-text="The command line-3" lightbox="images/196a8e194ac99d84221f405d0f684f8c.png":::
+ :::image type="content" source="media/196a8e194ac99d84221f405d0f684f8c.png" alt-text="The command line-3" lightbox="media/196a8e194ac99d84221f405d0f684f8c.png":::
3. After applying the policy, open a PowerShell Windows and type `(Get-MpPreference).EnableNetworkProtection`.
security Onboarding Notification https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/onboarding-notification.md
You need to have access to:
:::image type="content" source="images/flow-apply.png" alt-text="The application of the flow to each element" lightbox="images/flow-apply.png":::
- :::image type="content" source="images/apply-to-each.png" alt-text="The application of the flow to the Get items element" lightbox="images/apply-to-each.png":::
+ :::image type="content" source="media/apply-to-each.png" alt-text="The application of the flow to the Get items element" lightbox="media/apply-to-each.png":::
11. Under **Condition**, add the following expression: "length(body('Get_items')?['value'])" and set the condition to equal to 0.
- :::image type="content" source="images/apply-to-each-value.png" alt-text="The application of the flow to each condition" lightbox="images/apply-to-each-value.png":::
+ :::image type="content" source="media/apply-to-each-value.png" alt-text="The application of the flow to each condition" lightbox="media/apply-to-each-value.png":::
:::image type="content" source="images/conditions-2.png" alt-text="The condition-1" lightbox="images/conditions-2.png"::: :::image type="content" source="images/condition3.png" alt-text="The condition-2" lightbox="images/condition3.png"::: :::image type="content" source="images/send-email.png" alt-text="The Send an email section" lightbox="images/send-email.png":::
You need to have access to:
The following image is an example of an email notification. ## Tips
security Partner Applications https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/partner-applications.md
Logo|Partner name|Description
![Logo for Cymulate.](images/cymulate-logo.png)|[Cymulate](https://go.microsoft.com/fwlink/?linkid=2135574)|Correlate Defender for Endpoint findings with simulated attacks to validate accurate detection and effective response actions ![Logo for Elastic security.](images/elastic-security-logo.png)|[Elastic Security](https://go.microsoft.com/fwlink/?linkid=2139303)|Elastic Security is a free and open solution for preventing, detecting, and responding to threats ![Logo for IBM QRadar.](images/ibm-qradar-logo.png)|[IBM QRadar](https://go.microsoft.com/fwlink/?linkid=2113903)|Configure IBM QRadar to collect detections from Defender for Endpoint
-![Logo for Micro Focus ArcSight.](images/arcsight-logo.png)|[Micro Focus ArcSight](https://go.microsoft.com/fwlink/?linkid=2113548)|Use Micro Focus ArcSight to pull Defender for Endpoint detections
+![Logo for Micro Focus ArcSight.](media/arcsight-logo.png)|[Micro Focus ArcSight](https://go.microsoft.com/fwlink/?linkid=2113548)|Use Micro Focus ArcSight to pull Defender for Endpoint detections
![Logo for RSA NetWitness.](images/rsa-netwitness-logo.png)|[RSA NetWitness](https://go.microsoft.com/fwlink/?linkid=2118566)|Stream Defender for Endpoint Alerts to RSA NetWitness using Microsoft Graph Security API ![Logo for SafeBreach.](images/safebreach-logo.png)|[SafeBreach](https://go.microsoft.com/fwlink/?linkid=2114114)|Gain visibility into Defender for Endpoint security events that are automatically correlated with SafeBreach simulations ![Logo for Skybox Vulnerability Control.](images/skybox-logo.png)|[Skybox Vulnerability Control](https://go.microsoft.com/fwlink/?linkid=2127467)|Skybox Vulnerability Control cuts through the noise of vulnerability management, correlating business, network, and threat context to uncover your riskiest vulnerabilities
Logo|Partner name|Description
Logo|Partner name|Description :|:|:
-![Logo for Aruba ClearPass Policy Manager.](images/aruba-logo.png)|[Aruba ClearPass Policy Manager](https://go.microsoft.com/fwlink/?linkid=2127544)|Ensure Defender for Endpoint is installed and updated on each endpoint before allowing access to the network
+![Logo for Aruba ClearPass Policy Manager.](media/aruba-logo.png)|[Aruba ClearPass Policy Manager](https://go.microsoft.com/fwlink/?linkid=2127544)|Ensure Defender for Endpoint is installed and updated on each endpoint before allowing access to the network
![Logo for Blue Hexagon for Network.](images/bluehexagon-logo.png)|[Blue Hexagon for Network](/training/modules/explore-malware-threat-protection/)|Blue Hexagon has built the industry's first real-time deep learning platform for network threat protection ![Logo for CyberMDX.](images/cybermdx-logo.png)|[CyberMDX](https://go.microsoft.com/fwlink/?linkid=2135620)|Cyber MDX integrates comprehensive healthcare assets visibility, threat prevention and repose into your Defender for Endpoint environment ![Logo for HYAS Protect.](images/hyas-logo.png)|[HYAS Protect](https://go.microsoft.com/fwlink/?linkid=2156763)|HYAS Protect utilizes authoritative knowledge of attacker infrastructure to proactively protect Microsoft Defender for Endpoint endpoints from cyberattacks
security Respond File Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/respond-file-alerts.md
The **Action center** provides information on actions that were taken on a devic
All other related details are also shown, such as submission date/time, submitting user, and if the action succeeded or failed. ## Deep analysis
The details provided can help you investigate if there are indications of a pote
1. Select the file you submitted for deep analysis. 2. Select the **Deep analysis** tab. If there are any previous reports, the report summary will appear in this tab.
- :::image type="content" source="images/analysis-results-nothing500.png" alt-text="The deep analysis report showing detailed information across a number of categories" lightbox="images/analysis-results-nothing500.png":::
+ :::image type="content" source="media/analysis-results-nothing500.png" alt-text="The deep analysis report showing detailed information across a number of categories" lightbox="media/analysis-results-nothing500.png":::
#### Troubleshoot deep analysis
security Respond Machine Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/respond-machine-alerts.md
Alternate steps:
1. Select **Action center** from the response actions section of the device page.
- ![Image of action center](images/action-center-selected.png)
+ ![Image of action center](media/action-center-selected.png)
1. Click the **Package collection package available** to download the collection package.
The **Action center** provides information on actions that were taken on a devic
All other related details are also shown, for example, submission date/time, submitting user, and if the action succeeded or failed. ## See also
security Review Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/review-alerts.md
Note the detection status for your alert.
You can then also review the *automated investigation details* in your alert's details pane, to see which actions were already taken, as well as reading the alert's description for recommended actions. Other information available in the details pane when the alert opens includes MITRE techniques, source, and additional contextual details.
security Supported Capabilities By Platform https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/supported-capabilities-by-platform.md
The following table gives information about the supported Microsoft Defender for
|Operating System|Windows 10 & 11|Windows Server 2012 R2 <sup>[1]</sup>, <br> 2016 <sup>[1]</sup>, <br> 2019 & 2022, <br> 1803+|macOS|Linux| ||::|::|::|::| |**Prevention**|||||
-|[Attack Surface Reduction](attack-surface-reduction.md)|![Yes.](images/svg/check-yes.svg)|![Yes.](images/svg/check-yes.svg)|![No](images/svg/check-no.svg)|![No](images/svg/check-no.svg)|
-|Device Control|![Yes.](images/svg/check-yes.svg)|![No](images/svg/check-no.svg)|![Yes.](images/svg/check-yes.svg)|![No](images/svg/check-no.svg)|
-|[Firewall](host-firewall-reporting.md)|![Yes.](images/svg/check-yes.svg)|![Yes.](images/svg/check-yes.svg)|![No](images/svg/check-no.svg)|![No](images/svg/check-no.svg)|
-|[Network Protection](network-protection.md)|![Yes.](images/svg/check-yes.svg)|![Yes.](images/svg/check-yes.svg)|![Yes.](images/svg/check-yes.svg) <sup>[2]</sup>|![Yes.](images/svg/check-yes.svg) <sup>[2]</sup>|
-|[Next-generation protection](next-generation-protection.md)|![Yes.](images/svg/check-yes.svg)|![Yes.](images/svg/check-yes.svg)|![Yes.](images/svg/check-yes.svg)|![Yes.](images/svg/check-yes.svg)|
-|[Tamper Protection](prevent-changes-to-security-settings-with-tamper-protection.md)|![Yes.](images/svg/check-yes.svg)|![Yes.](images/svg/check-yes.svg)|![Yes.](images/svg/check-yes.svg)|![No](images/svg/check-no.svg)|
-|[Web Protection](web-protection-overview.md)|![Yes.](images/svg/check-yes.svg)|![Yes.](images/svg/check-yes.svg)|![Yes.](images/svg/check-yes.svg) <sup>[2]</sup>|![Yes.](images/svg/check-yes.svg) <sup>[2]</sup>|
+|[Attack Surface Reduction](attack-surface-reduction.md)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![No](media/svg/check-no.svg)|![No](media/svg/check-no.svg)|
+|Device Control|![Yes.](media/svg/check-yes.svg)|![No](media/svg/check-no.svg)|![Yes.](media/svg/check-yes.svg)|![No](media/svg/check-no.svg)|
+|[Firewall](host-firewall-reporting.md)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![No](media/svg/check-no.svg)|![No](media/svg/check-no.svg)|
+|[Network Protection](network-protection.md)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg) <sup>[2]</sup>|![Yes.](media/svg/check-yes.svg) <sup>[2]</sup>|
+|[Next-generation protection](next-generation-protection.md)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|
+|[Tamper Protection](prevent-changes-to-security-settings-with-tamper-protection.md)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![No](media/svg/check-no.svg)|
+|[Web Protection](web-protection-overview.md)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg) <sup>[2]</sup>|![Yes.](media/svg/check-yes.svg) <sup>[2]</sup>|
|||||| |**Detection**|||||
-|[Advanced Hunting](../defender/advanced-hunting-overview.md)|![Yes.](images/svg/check-yes.svg)|![Yes.](images/svg/check-yes.svg)|![Yes.](images/svg/check-yes.svg)|![Yes.](images/svg/check-yes.svg)|
-|[Custom file indicators](indicator-file.md)|![Yes.](images/svg/check-yes.svg)|![Yes.](images/svg/check-yes.svg)|![Yes.](images/svg/check-yes.svg)|![Yes.](images/svg/check-yes.svg)|
-|[Custom network indicators](indicator-ip-domain.md)|![Yes.](images/svg/check-yes.svg)|![Yes.](images/svg/check-yes.svg)|![Yes.](images/svg/check-yes.svg) <sup>[2]</sup>|![Yes.](images/svg/check-yes.svg) <sup>[2]</sup>|
-|[EDR Block](edr-in-block-mode.md)|![Yes.](images/svg/check-yes.svg)|![Yes.](images/svg/check-yes.svg)|![No](images/svg/check-no.svg)|![No](images/svg/check-no.svg)|
-|[Passive Mode](microsoft-defender-antivirus-compatibility.md)|![Yes.](images/svg/check-yes.svg)|![Yes.](images/svg/check-yes.svg)|![Yes.](images/svg/check-yes.svg)|![Yes.](images/svg/check-yes.svg)|
-|Sense detection sensor|![Yes.](images/svg/check-yes.svg)|![Yes.](images/svg/check-yes.svg)|![Yes.](images/svg/check-yes.svg)|![Yes.](images/svg/check-yes.svg)|
-|Endpoint & network device discovery|![Yes.](images/svg/check-yes.svg)|![No](images/svg/check-no.svg)|![No](images/svg/check-no.svg)|![No](images/svg/check-no.svg)|
-|[Vulnerability management](../defender-vulnerability-management/defender-vulnerability-management.md)|![Yes.](images/svg/check-yes.svg)|![Yes.](images/svg/check-yes.svg)|![Yes.](images/svg/check-yes.svg)|![Yes.](images/svg/check-yes.svg)|
+|[Advanced Hunting](../defender/advanced-hunting-overview.md)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|
+|[Custom file indicators](indicator-file.md)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|
+|[Custom network indicators](indicator-ip-domain.md)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg) <sup>[2]</sup>|![Yes.](media/svg/check-yes.svg) <sup>[2]</sup>|
+|[EDR Block](edr-in-block-mode.md)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![No](media/svg/check-no.svg)|![No](media/svg/check-no.svg)|
+|[Passive Mode](microsoft-defender-antivirus-compatibility.md)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|
+|Sense detection sensor|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|
+|Endpoint & network device discovery|![Yes.](media/svg/check-yes.svg)|![No](media/svg/check-no.svg)|![No](media/svg/check-no.svg)|![No](media/svg/check-no.svg)|
+|[Vulnerability management](../defender-vulnerability-management/defender-vulnerability-management.md)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|
|||||| |**Response** | | | ||
-|[Automated Investigation & Response (AIR)](automated-investigations.md) | ![Yes.](images/svg/check-yes.svg) | ![Yes.](images/svg/check-yes.svg) | ![No](images/svg/check-no.svg) | ![No](images/svg/check-no.svg) |
-|[Device response capabilities: collect investigation package ](respond-machine-alerts.md) | ![Yes.](images/svg/check-yes.svg) | ![Yes.](images/svg/check-yes.svg) | ![Yes.](images/svg/check-yes.svg) <sup>[3]</sup> | ![Yes.](images/svg/check-yes.svg) <sup>[3]</sup> |
-|[Device response capabilities: run AV scan](respond-machine-alerts.md) | ![Yes.](images/svg/check-yes.svg) | ![Yes.](images/svg/check-yes.svg) | ![Yes.](images/svg/check-yes.svg) | ![Yes.](images/svg/check-yes.svg) |
-|[Device isolation](respond-machine-alerts.md) | ![Yes.](images/svg/check-yes.svg) | ![Yes.](images/svg/check-yes.svg) | ![Yes.](images/svg/check-yes.svg) | ![Yes.](images/svg/check-yes.svg) |
-|File response capabilities: collect file, deep analysis, block file, stop, and quarantine processes | ![Yes.](images/svg/check-yes.svg) | ![Yes.](images/svg/check-yes.svg) | ![No](images/svg/check-no.svg) | ![No](images/svg/check-no.svg) |
-|[Live Response](live-response.md) | ![Yes.](images/svg/check-yes.svg) | ![Yes.](images/svg/check-yes.svg) | ![Yes.](images/svg/check-yes.svg) | ![Yes.](images/svg/check-yes.svg) |
+|[Automated Investigation & Response (AIR)](automated-investigations.md) | ![Yes.](media/svg/check-yes.svg) | ![Yes.](media/svg/check-yes.svg) | ![No](media/svg/check-no.svg) | ![No](media/svg/check-no.svg) |
+|[Device response capabilities: collect investigation package ](respond-machine-alerts.md) | ![Yes.](media/svg/check-yes.svg) | ![Yes.](media/svg/check-yes.svg) | ![Yes.](media/svg/check-yes.svg) <sup>[3]</sup> | ![Yes.](media/svg/check-yes.svg) <sup>[3]</sup> |
+|[Device response capabilities: run AV scan](respond-machine-alerts.md) | ![Yes.](media/svg/check-yes.svg) | ![Yes.](media/svg/check-yes.svg) | ![Yes.](media/svg/check-yes.svg) | ![Yes.](media/svg/check-yes.svg) |
+|[Device isolation](respond-machine-alerts.md) | ![Yes.](media/svg/check-yes.svg) | ![Yes.](media/svg/check-yes.svg) | ![Yes.](media/svg/check-yes.svg) | ![Yes.](media/svg/check-yes.svg) |
+|File response capabilities: collect file, deep analysis, block file, stop, and quarantine processes | ![Yes.](media/svg/check-yes.svg) | ![Yes.](media/svg/check-yes.svg) | ![No](media/svg/check-no.svg) | ![No](media/svg/check-no.svg) |
+|[Live Response](live-response.md) | ![Yes.](media/svg/check-yes.svg) | ![Yes.](media/svg/check-yes.svg) | ![Yes.](media/svg/check-yes.svg) | ![Yes.](media/svg/check-yes.svg) |
<sup>[1]</sup> Refers to the modern, unified solution for Windows Server 2012 R2 and 2016. For more information, see [Onboard Windows Servers to the Defender for Endpoint service](configure-server-endpoints.md).
security Switch To Mde Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/switch-to-mde-overview.md
When you migrate to Defender for Endpoint, you begin with your non-Microsoft ant
## The migration process The process of migrating to Defender for Endpoint can be divided into three phases, as described in the following table:
security Switch To Mde Phase 1 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/switch-to-mde-phase-1.md
search.appverid: met150
- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/?linkid=2154037) - [Microsoft Defender XDR](https://go.microsoft.com/fwlink/?linkid=2118804)
-| ![Phase 1: Prepare.](images/phase-diagrams/prepare.png#lightbox)<br/>Phase 1: Prepare | [![Phase 2: Set up](images/phase-diagrams/setup.png#lightbox)](switch-to-mde-phase-2.md)<br/>[Phase 2: Set up](switch-to-mde-phase-2.md) | [![Phase 3: Onboard](images/phase-diagrams/onboard.png#lightbox)](switch-to-mde-phase-3.md)<br/>[Phase 3: Onboard](switch-to-mde-phase-3.md) |
+| ![Phase 1: Prepare.](medi) |
|--|--|--| |*You're here!*| | |
security Switch To Mde Phase 2 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/switch-to-mde-phase-2.md
search.appverid: met150
- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/?linkid=2154037) - [Microsoft Defender XDR](https://go.microsoft.com/fwlink/?linkid=2118804)
-|[![Phase 1: Prepare.](images/phase-diagrams/prepare.png#lightbox)](switch-to-mde-phase-1.md)<br/>[Phase 1: Prepare](switch-to-mde-phase-1.md)|![Phase 2: Set up.](images/phase-diagrams/setup.png#lightbox)<br/>Phase 2: Set up|[![Phase 3: Onboard3.](images/phase-diagrams/onboard.png#lightbox)](switch-to-mde-phase-3.md)<br/>[Phase 3: Onboard](switch-to-mde-phase-3.md)|
+|[![Phase 1: Prepare.](medi)|
|||| ||*You're here!*||
security Switch To Mde Phase 3 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/switch-to-mde-phase-3.md
search.appverid: met150
- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/?linkid=2154037) - [Microsoft Defender XDR](https://go.microsoft.com/fwlink/?linkid=2118804)
-| [![Phase 1: Prepare3.](images/phase-diagrams/prepare.png#lightbox)](switch-to-mde-phase-1.md)<br/>[Phase 1: Prepare](switch-to-mde-phase-1.md) | [![Phase 2: Set up](images/phase-diagrams/setup.png#lightbox)](switch-to-mde-phase-2.md)<br/>[Phase 2: Set up](switch-to-mde-phase-2.md) | ![Phase 3: Onboard](images/phase-diagrams/onboard.png#lightbox)<br/>Phase 3: Onboard |
+| [![Phase 1: Prepare3.](medi) | ![Phase 3: Onboard](media/phase-diagrams/onboard.png#lightbox)<br/>Phase 3: Onboard |
|--|--|--| || |*You're here!* |
security Troubleshoot Asr Rules https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/troubleshoot-asr-rules.md
DeviceEvents
| summarize EventCount=count() by ActionType ``` With advanced hunting you can shape the queries to your liking, so that you can see what is happening, regardless of whether you want to pinpoint something on an individual machine, or you want to extract insights from your entire environment.
security Troubleshoot Collect Support Log https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/troubleshoot-collect-support-log.md
If you also require Defender Antivirus support logs (MpSupportFiles.cab), then f
5. Select the downloaded file named MDELiveAnalyzer.ps1 and then click on **Confirm**
- :::image type="content" source="images/analyzer-file.png" alt-text="The choose file button-2" lightbox="images/analyzer-file.png":::
+ :::image type="content" source="media/analyzer-file.png" alt-text="The choose file button-2" lightbox="media/analyzer-file.png":::
6. While still in the LiveResponse session, use the commands below to run the analyzer and collect the result file:
If you also require Defender Antivirus support logs (MpSupportFiles.cab), then f
GetFile "C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Downloads\MDEClientAnalyzerResult.zip" ```
- [![Image of commands.](images/analyzer-commands.png)](images/analyzer-commands.png#lightbox)
+ [![Image of commands.](media/analyzer-commands.png)](media/analyzer-commands.png#lightbox)
> [!NOTE] >
security Whats New In Microsoft Defender Endpoint https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-endpoint.md
ms.localizationpriority: medium Previously updated : 02/25/2024 Last updated : 03/11/2024 audience: ITPro
Two new ASR rules are now in public preview:
- [Block rebooting machine in Safe Mode (preview)](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference#block-rebooting-machine-in-safe-mode-preview): This rule prevents the execution of commands to restart machines in Safe Mode. - [Block use of copied or impersonated system tools (preview)](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference#block-use-of-copied-or-impersonated-system-tools-preview): This rule blocks the use of executable files that are identified as copies of Windows system tools. These files are either duplicates or impostors of the original system tools.
+**Microsoft Defender for Endpoint on macOS** features are in public preview:
+
+- **Built-in Scheduled Scan for macOS** (preview): Scheduled Scan built-in for Microsoft Defender for Endpoint on macOS is now available in public preview. To learn more, see [How to schedule scans with Microsoft Defender for Endpoint on macOS](mac-schedule-scan.md).
+
+- **Troubleshooting mode for macOS** (preview): Troubleshooting mode for macOS is now available in public preview. Troubleshooting mode helps you identify instances where antivirus might be causing issues with your applications or system resources. To learn more, see [Troubleshooting mode in Microsoft Defender for Endpoint on macOS](mac-troubleshoot-mode.md).
+ ## January 2024 - **Defender Boxed is available for a limited period of time**. Defender Boxed highlights your organization's security successes, improvements, and response actions during 2023. Take a moment to celebrate your organization's improvements in security posture, overall response to detected threats (manual and automatic), blocked emails, and more.
security Advanced Hunting Exposuregraphedges Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-exposuregraphedges-table.md
+
+ Title: ExposureGraphEdges table in the advanced hunting schema
+description: Learn about the ExposureGraphEdges table of the advanced hunting schema, which provides attack surface information, to help you understand how potential threats might reach, and compromise, valuable assets.
+keywords: advanced hunting, threat hunting, cyber threat hunting, Microsoft Defender XDR, microsoft 365, m365, search, query, telemetry, schema reference, kusto, table, column, data type, description, ExposureGraphEdges, EdgeId, EdgeLabel, SourceNodeName, SourceNodeLabel, TargetNodeName, TargetNodeLabel, SourceNodeCategories, TargetNodeCategories, EdgeProperties
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
++
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+f1.keywords:
+ - NOCSH
++
+ms.localizationpriority: medium
+
+audience: ITPro
+
+- m365-security
+- tier3
+ Last updated : 03/13/2024++
+# ExposureGraphEdges
++
+**Applies to:**
+
+- Microsoft Defender XDR
+- Microsoft Security Exposure Management (public preview)
+
+The `ExposureGraphEdges` table in the [advanced hunting](advanced-hunting-overview.md) schema provides visibility into relationships between entities and assets in the enterprise exposure graph. This visibility can help uncover critical organizational assets and explore entity relationships and attack paths. Use this reference to construct queries that return information from this table.
+
+For information on other tables in the advanced hunting schema, [see the advanced hunting reference](advanced-hunting-schema-tables.md).
+
+| Column name | Data type | Description |
+|-|--|-|
+| `EdgeId` | `string` | Unique identifier for the relationship/edge |
+| `EdgeLabel` | `string` | The edge label like "routes traffic to" |
+| `SourceNodeId` | `string` | Node ID of the edge's source |
+| `SourceNodeName` | `string` | Source node display name |
+| `SourceNodeLabel` | `string` | Source node label |
+| `SourceNodeCategories` | `Dynamic` | Categories list of the source node in JSON format |
+| `TargetNodeId` | `string` | Node ID of the edge's target |
+| `TargetNodeName` | `string` | Display name of the target node |
+| `TargetNodeLabel` | `string` | Target node label |
+| `TargetNodeCategories` | `Dynamic` | The categories list of the target node in JSON format |
+| `EdgeProperties` | `Dynamic` | Optional data relevant for the relationship between the nodes in JSON format |
+
+## Related articles
+
+- [Advanced hunting overview](advanced-hunting-overview.md)
+- [Learn the query language](advanced-hunting-query-language.md)
+- [Use shared queries](advanced-hunting-shared-queries.md)
+- [Understand the schema](advanced-hunting-schema-tables.md)
+- [Apply query best practices](advanced-hunting-best-practices.md)
+- [Query the enterprise exposure graph](/security-exposure-management/query-enterprise-exposure-graph)
security Advanced Hunting Exposuregraphnodes Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-exposuregraphnodes-table.md
+
+ Title: ExposureGraphNodes table in the advanced hunting schema
+description: Learn about the ExposureGraphNodes table of the advanced hunting schema, which provides attack surface information, to help you understand how potential threats might reach, and compromise, valuable assets.
+keywords: advanced hunting, threat hunting, cyber threat hunting, Microsoft Defender XDR, microsoft 365, m365, search, query, telemetry, schema reference, kusto, table, column, data type, description, ExposureGraphNodes, NodeId, NodeLabel, NodeName, NodeProperties, EntityIds
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
++
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+f1.keywords:
+ - NOCSH
++
+ms.localizationpriority: medium
+
+audience: ITPro
+
+- m365-security
+- tier3
+ Last updated : 03/12/2024++
+# ExposureGraphNodes
++
+**Applies to:**
+- Microsoft Defender XDR
+- Microsoft Security Exposure Management (public preview)
+
+The `ExposureGraphNodes` table in the [advanced hunting](advanced-hunting-overview.md) schema contains organizational entities and their properties. These include entities like devices, identities, user groups, and cloud assets such as virtual machines (VMs), storage, and containers. Each node corresponds to an individual entity and encapsulates information about its characteristics, attributes, and security related insights within the organizational structure. Use this reference to construct queries that return information from this table.
+
+For information on other tables in the advanced hunting schema, [see the advanced hunting reference](advanced-hunting-schema-tables.md).
+
+| Column name | Data type | Description |
+|-|--|-|
+| `NodeId` | `string` | Unique node identifier |
+| `NodeLabel` | `string` | Node label |
+| `NodeName` |`string` | Node display name |
+| `Categories` |`Dynamic` | Categories of the node in JSON format |
+| `NodeProperties` |`Dynamic` | Properties of the node, including insights related to the resource, such as whether the resource is exposed to the internet, or vulnerable to remote code execution. Values are JSON formatted raw data (unstructured). |
+| `EntityIds` | `Dynamic` | All known node identifiers in JSON format |
+
+## Related articles
+
+- [Advanced hunting overview](advanced-hunting-overview.md)
+- [Learn the query language](advanced-hunting-query-language.md)
+- [Use shared queries](advanced-hunting-shared-queries.md)
+- [Query the enterprise exposure graph](/security-exposure-management/query-enterprise-exposure-graph)
+- [Understand the schema](advanced-hunting-schema-tables.md)
+- [Apply query best practices](advanced-hunting-best-practices.md)
security Advanced Hunting Schema Tables https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-schema-tables.md
Title: Data tables in the Microsoft Defender XDR advanced hunting schema
-description: Learn about the tables in the advanced hunting schema to understand the data you can run threat hunting queries on
+description: Learn about the tables in the advanced hunting schema to understand the data you can run threat hunting queries on.
keywords: advanced hunting, threat hunting, cyber threat hunting, Microsoft Defender XDR, microsoft 365, m365, search, query, telemetry, schema reference, kusto, table, data search.product: eADQiWindows 10XVcnh search.appverid: met150
The following reference lists all the tables in the schema. Each table name link
| **[DeviceTvmSoftwareVulnerabilitiesKB](advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md)** | Knowledge base of publicly disclosed vulnerabilities, including whether exploit code is publicly available | | **[EmailAttachmentInfo](advanced-hunting-emailattachmentinfo-table.md)** | Information about files attached to emails | | **[EmailEvents](advanced-hunting-emailevents-table.md)** | Microsoft 365 email events, including email delivery and blocking events |
-| **[EmailPostDeliveryEvents](advanced-hunting-emailpostdeliveryevents-table.md)** | Security events that occur post-delivery, after Microsoft 365 has delivered the emails to the recipient mailbox |
+| **[EmailPostDeliveryEvents](advanced-hunting-emailpostdeliveryevents-table.md)** | Security events that occur post-delivery, after Microsoft 365 delivers the emails to the recipient mailbox |
| **[EmailUrlInfo](advanced-hunting-emailurlinfo-table.md)** | Information about URLs on emails |
+| **[ExposureGraphEdges](advanced-hunting-exposuregraphedges-table.md)** | Microsoft Security Exposure Management exposure graph edge information provides visibility into relationships between entities and assets in the graph |
+| **[ExposureGraphNodes](advanced-hunting-exposuregraphnodes-table.md)** | Microsoft Security Exposure Management exposure graph node information, about organizational entities and their properties |
| **[IdentityDirectoryEvents](advanced-hunting-identitydirectoryevents-table.md)** | Events involving an on-premises domain controller running Active Directory (AD). This table covers a range of identity-related events and system events on the domain controller. | | **[IdentityInfo](advanced-hunting-identityinfo-table.md)** | Account information from various sources, including Microsoft Entra ID | | **[IdentityLogonEvents](advanced-hunting-identitylogonevents-table.md)** | Authentication events on Active Directory and Microsoft online services |
security Usgov https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/usgov.md
These are the known gaps:
|Feature name|GCC|GCC High|DoD| ||::|::|::|
-|Microsoft Threat Experts|![No](../defender-endpoint/images/svg/check-no.svg) On engineering backlog|![No](../defender-endpoint/images/svg/check-no.svg) On engineering backlog|![No](../defender-endpoint/images/svg/check-no.svg) On engineering backlog|
+|Microsoft Threat Experts|![No](../defender-endpoint/media/svg/check-no.svg) On engineering backlog|![No](../defender-endpoint/media/svg/check-no.svg) On engineering backlog|![No](../defender-endpoint/media/svg/check-no.svg) On engineering backlog|
For detailed list of Event Streaming API tables, see [Microsoft Defender XDR streaming event types supported in Event Streaming API](supported-event-types.md).
security Defender For Office 365 Whats New https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/defender-for-office-365-whats-new.md
f1.keywords: NOCSH
ms.localizationpriority: medium Previously updated : 2/2/2024 Last updated : 3/12/2024 audience: ITPro
For more information on what's new with other Microsoft Defender security produc
- [What's new in Microsoft Defender for Identity](/defender-for-identity/whats-new) - [What's new in Microsoft Defender for Cloud Apps](/cloud-app-security/release-notes)
+## March 2024
+
+- **Copy simulation functionality in Attack simulation training**: Admins can now duplicate existing simulations and customize them to their specific requirements. This feature saves time and effort by using previously launched simulations as templates when creating new ones. [Learn more](attack-simulation-training-simulations.md#copy-simulations).
+- Attack simulation training is now available in **Microsoft 365 DoD**. [Learn more](/office365/servicedescriptions/microsoft-defender-for-office-365-features#attack-simulation-training).
+ ## February 2024 - **Hunting and responding to QR code-based attacks**: Security teams will now be able to see the URLs extracted from QR codes with "QR code" as URL source in Email Entity URL tab, and "QRCode" in "UrlLocation" column of EmailUrlInfo table in Advanced Hunting. Users can also filter for emails having URLs embedded within QR codes using "URL Source" filter in Threat Explorer which now supports "QR code" option.
For more information on what's new with other Microsoft Defender security produc
## September 2023 - URL top-level domain blocking is available in the **Tenant allow block list**. [Learn more](tenant-allow-block-list-urls-configure.md).
+- Attack simulation training is now available in **Microsoft 365 GCC High**. [Learn more](/office365/servicedescriptions/microsoft-defender-for-office-365-features#attack-simulation-training).
## August 2023
security Quarantine Admin Manage Messages Files https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/quarantine-admin-manage-messages-files.md
Watch this short video to learn how to manage quarantined messages as an admin.
- [Email & collaboration permissions in the Microsoft Defender portal](mdo-portal-permissions.md): - _Take action on quarantined messages for all users_: Membership in the **Quarantine Administrator**, **Security Administrator**, or **Organization Management** role groups. - _Submit messages from quarantine to Microsoft_: Membership in the **Quarantine Administrator** or **Security Administrator** role groups.
- - _Use **Block sender** to [add senders to your own Blocked Senders list](#block-email-senders-from-quarantine)_: Membership in the **Security Reader**, **Quarantine Administrator** or **Security Administrator** role groups.
+ - _Use **Block sender** to [add senders to your own Blocked Senders list](#block-email-senders-from-quarantine)_: By default, all users have the required permissions. Whether the **Block sender** action is available to non-admins is typically controlled by the [Block sender permission](quarantine-policies.md#block-sender-permission) in quarantine policies. Assigning any permission that gives admin access to quarantine (for example, **Security Reader** or **Global Reader**) gives access to **Block sender** in quarantine.
- _Read-only access to quarantined messages for all users_: Membership in the **Security Reader** or **Global Reader** role groups. - [Microsoft Entra permissions](/entra/identity/role-based-access-control/manage-roles-portal): Membership these roles gives users the required permissions _and_ permissions for other features in Microsoft 365: - _Take action on quarantined messages for all users_: Membership in the **Security Administrator or **Global Administrator** roles. - _Submit messages from quarantine to Microsoft_: Membership in the **Security Administrator** role.
- - _Use **Block sender** to [add senders to your own Blocked Senders list](#block-email-senders-from-quarantine)_: Membership in the **Security Reader** or **Security Administrator** roles.
+ - _Use **Block sender** to [add senders to your own Blocked Senders list](#block-email-senders-from-quarantine)_: By default, all users have the required permissions. Whether the **Block sender** action is available to non-admins is typically controlled by the [Block sender permission](quarantine-policies.md#block-sender-permission) in quarantine policies. Assigning any permission that gives admin access to quarantine (for example, **Security Reader** or **Global Reader**) gives access to **Block sender** in quarantine.
- _Read-only access to quarantined messages for all users_: Membership in the **Global Reader** or **Security Reader** roles. > [!TIP]
Users can request the release of email messages if the quarantine policy used **
After a recipient requests the release of the email message, the **Release status** value changes to **Release requested**, and an admin can approve or deny the request.
+> [!TIP]
+> One alert to release the message might be created for multiple release requests for that message.
+ If you don't release or remove a message, it's automatically deleted from quarantine after the date shown in the **Expires** column. After you select the message, use either of the following methods to approve or deny the release request:
test-base Export Your Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/export-your-data.md
+
+ Title: Export your data
+description: The guidance of export your data.
+search.appverid: MET150
+++
+audience: Software-Vendor
+ Last updated : 07/06/2021+
+ms.localizationpriority: medium
+++
+f1.keywords: NOCSH
++
+# Export your data
+
+Should you wish to retain automation test scripts or download test results for future reference? Here is the guidance to export data from your existing account. If further guidance is needed, don't hesitate to let us know by [submit a support request](https://aka.ms/TestBaseSupport).
+
+## Export your packages and scripts
+
+To download your application packages and test scripts, please access your Test Base account and select **Manage packages > Select the application you want to export > Download package.**
+
+> [!div class="mx-imgBorder"]
+> [![Screenshot of manage packages.](Media/export-your-data-1.png)](Media/export-your-data-1.png#lightbox)
+
+## Export your test results
+
+To export a test result summary, you may go to **Test summary > Export all results to CSV**. (Note: In-place upgrade results summary export is not supported by default, please [submit a request](https://aka.ms/TestBaseSupport) if needed.)
+
+> [!div class="mx-imgBorder"]
+> [![Screenshot of Test summaries.](Media/export-your-data-2.png)](Media/export-your-data-2.png#lightbox)
+
+For more detailed test execution logs, **Select the package from Test Summary page > Select desired Windows version > Download Log files**:
+
+> [!div class="mx-imgBorder"]
+> [![Screenshot for showing the download link.](Media/export-your-data-3.png)](Media/export-your-data-3.png#lightbox)
+
+You may also click **See details** and **Download** log files and test execution videos from test detail page. (Note: Videos are reserved for seven days after test completion.)
+
+> [!div class="mx-imgBorder"]
+> [![Screenshot of page of test results.](Media/export-your-data-4.png)](Media/export-your-data-4.png#lightbox)
+
+More details about how to analyze downloaded reports, refer to [Downloading and Analyzing Test Result Files | Microsoft Learn](download-analyze-test-result-files.md).
+
+## Export your usage records
+
+To download your billing usage records, go to **Billing hub > Usage Console > Export all results to CSV**.
+
+> [!div class="mx-imgBorder"]
+> [![Screenshot for showing the export button.](Media/export-your-data-4.png)](Media/export-your-data-4.png#lightbox)
test-base Faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/faq.md
f1.keywords: NOCSH
[!INCLUDE [test-base-deprecation](./includes/test-base-deprecation.md)]
-**Q: How do we submit our packages to the Test Base team?**
+## Test Base End-of-life(EOL)
+
+**Q: When is Test Base end of life (EOL)?**
+**A:** Test Base EOL is on May 31, 2024.
+
+**Q: What does end of life (EOL) for Test Base mean?**
+**A:** Test Base will reach EOL on May 31, 2024. The end-of-life (EOL) process for the Test Base for Microsoft 365 service started on March 4, 2024. From this date, no new features or updates are released for Test Base. Existing users will retain access to the service and their data until May 31, 2024. During this period, the service is available for testing, exporting data, and making necessary arrangements for the transition. Our team is dedicated to assisting you during this transition. If you have any feedback or questions regarding this decision, don't hesitate to contact our support team at [testbase_support@microsoft.com](mailto:testbase_support@microsoft.com).
+
+**Q: Why did Microsoft decide to transition Test Base for Microsoft 365 to end of life (EOL)?**
+**A:** Test Base for Microsoft 365 is a cloud-based app testing service on Azure that evaluates the compatibility of applications with new Windows releases or updates. While cloud-based app testing services are an intriguing option, the continuous innovation of Windows 11 has resolved a high percentage of application compatibility issues. Additionally, with greater support from application vendors, customers have less reliance on services such as Test Base. After carefully evaluating current demands, we have decided to discontinue Test Base and refocus our investments and resources.
+
+**Q: What happens to the customer environment during the transition to EOL?**
+**A:** During the transition to EOL, Test Base provides customers with instructions on how to complete the offboarding process. Our goal is to prevent any disruption to the business and users. All configurations used for management (configurations, policies, scripts, etc.) will remain in place. The customer can choose to maintain or remove them.
+
+**Q: Will Test Base offer an extension to the 60 days?**
+**A:** No, Test Base won't offer an extension after May 31, 2024.
+
+**Q: <a name="Does_have_solution"></a>Does Test Base have an alternative solution?**
+**A:** There's no 1:1 replacement for Test Base. Microsoft remains committed to ensuring that the apps you rely upon continue to work as expected when you upgrade. There are still rich services and guidance that can help you ensure the compatibility of your applications:
+
+- **App Assure**: If you run into compatibility issues or want to ensure that your organization's applications are compatible from day one, you may reach out to App Assure. With enrollment in the [App Assure](https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fwindows%2Fcompatibility%2Fapp-assure&data=05%7C02%7Cmiaoyuezhou%40microsoft.com%7C7a21782822d142dfe41908dc43ba47c0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638459714580439514%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=B38PoXObefTHSHSKGHTiDlm7YzJmKkgn0TYz1AOAk4o%3D&reserved=0) service, any app compatibility issues that you find with Windows 11 can be resolved. Microsoft helps you remedy application issues at no cost. Since 2018, App Assure has evaluated almost 800,000 apps, and subscriptions are free for eligible customers with 150+ seats.
+- **SUVP**: The [Security Update Validation Program (SUVP)](https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fwindows-it-pro-blog%2Fsecurity-update-validation-program-the-early-bird-tests-the-worm%2Fba-p%2F2569392&data=05%7C02%7Cmiaoyuezhou%40microsoft.com%7C7a21782822d142dfe41908dc43ba47c0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638459714580457417%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=T7B2DnRAe6p%2Fve3UlocDbYpdm%2FbSQKxEcLv7XszsOGE%3D&reserved=0) is a quality assurance testing program for Microsoft security updates, which are released on the second Tuesday of each month. The SUVP provides early access to Microsoft security updatesΓÇöup to three weeks in advance of the official releaseΓÇöfor the purpose of validation and interoperability testing. The program encompasses any Microsoft products for which we fix a vulnerability (for example: Windows, Office, Exchange, or SQL Server) and is limited to trusted customers under NDA who have been nominated by a Microsoft representative. To join SUVP program, contact [suvp@microsoft.com](mailto:suvp@microsoft.com).
+- **Selfhost**: If youΓÇÖre building your own service pipeline to validate Windows or Office update. These guidances and services could potentially help you: [Azure DevTest Labs](https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fazure%2Fdevtest-labs%2F&data=05%7C02%7Cmiaoyuezhou%40microsoft.com%7C7a21782822d142dfe41908dc43ba47c0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638459714580469035%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=hCmHl7FT8L6Xkbg2FXfpnS34N3kII%2B8o%2B3UzxunNhzM%3D&reserved=0), [Security Update Guide](https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fmsrc%2Ffaqs-security-update-guide&data=05%7C02%7Cmiaoyuezhou%40microsoft.com%7C7a21782822d142dfe41908dc43ba47c0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638459714580479144%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=MwZ8J9f3BVzUopW9BOesvxo%2FP%2BHQ7fLqLVBsV4QNxHY%3D&reserved=0), [Office Deployment Tool](https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fdeployoffice%2Foverview-office-deployment-tool&data=05%7C02%7Cmiaoyuezhou%40microsoft.com%7C7a21782822d142dfe41908dc43ba47c0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638459714580487089%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=sTWfQXK9exSm74Y4qqkha8mRW%2FQLU0DX7%2Fuq24Q3%2F6o%3D&reserved=0).
+
+**Q: Will the service continue to be supported as usual during the end-of-life period before May 31?**
+**A:** Starting from March 4, the service will no longer be actively maintained and supported. Existing users will retain access to the service and their data until May 31, 2024. During this period, users may continue to use the service for testing, export data, and make necessary arrangements for the transition.
+
+**Q: Will there be new monthly security updates, feature updates and Office updates?**
+**A:** For customers who have signed up for monthly security updates, their tests will continue to be triggered upon original configuration until May 31. Feature updates are paused after Build 22635.3212 in Beta Channel. Office updates are paused after Build 16.0.17328.20004. In you need any support for feature update or office update extension, or any transition help needed, [submit a support request](https://aka.ms/TestBaseSupport).
+
+**Q: What if I need data from Test Base? Will I still access to my data?**
+**A:** You'll retain access to the service and data until May 31, 2024. Following this date, all customer data will be permanently deleted. Should you wish to retain automation test scripts or download test results for future reference, we encourage you to proactively plan your transition. Guidance to export your data check in our [documentation](https://aka.ms/testbase-doc-exportdata).
+
+**Q: Who do I contact for Test Base support?**
+**A:** Our team is dedicated to assisting you during this transition. If you have any feedback or questions regarding this decision, don't hesitate to contact our support team at [testbase_support@microsoft.com](mailto:testbase_support@microsoft.com), or [submit a support request](https://aka.ms/TestBaseSupport).
+
+**Q: What happens if I don't offboard before May 31, 2024?**
+**A:** After May 31, 2024, all customer data will be permanently deleted. Any active accounts in Test Base will be automatically offboarded. If you still need a copy of Test Base account records, proactively plan your transition, or contact us via [testbase_support@microsoft.com](mailto:testbase_support@microsoft.com) before May 31.
+**Q: How long will my billing records be kept?**
+**A:** Service level billing records retention policy follows Azure billing policy. To check service consumption details, refer to [View cost breakdown by Azure service - Microsoft Cost Management | Microsoft Learn](/azure/cost-management-billing/costs/cost-analysis-common-uses#view-cost-breakdown-by-azure-service). Usage level details in Test Base Billing Hub will be deleted after May 31. If you need usage records for future reference, refer to [Test Base documentation - Export your data](https://aka.ms/testbase-doc-exportdata).
+
+**Q: When will my last payment for Test Base usage be billed?**
+**A:** Test Base follows Azure billing policy. Check in [Pay your Microsoft Customer Agreement or Microsoft Online Subscription Program Azure bill - Microsoft Cost Management | Microsoft Learn](/azure/cost-management-billing/understand/pay-bill)
+
+**Q: What's the recommended transition or migration plan?**
+**A:** Our team is dedicated to assisting you during this transition. We would recommend you to:
+
+1. Export your data (Check [guidance](https://aka.ms/testbase-doc-exportdata)).
+2. Transit to other Microsoft compatibility supports (Check in [Does Test Base have an alternative solution?](#Does_have_solution))
+
+If you have any feedback or questions regarding this decision, don't hesitate to contact our support team at [testbase_support@microsoft.com](mailto:testbase_support@microsoft.com), or [submit a support request](https://aka.ms/TestBaseSupport).
+
+**Q: What are the implications for my organization?**
+**A:** Customers using Test Base for Microsoft 365 may expect:
+
+- Starting from March 4, the end-of-life (EOL) process for the Test Base for Microsoft 365 service will begin. From this date, no new features or updates are released for Test Base.
+- During the end-of-life period, you may: continue to use the service for testing, export your data, and make necessary arrangements for the transition.
+- You'll retain access to the service and your data until May 31, 2024.
+- Following this date, all customer data will be permanently deleted.
+
+## Testing
+
+**Q: How do we submit our packages to the Test Base team?**
**A:** Submit your packages directly to the Test Base environment using our self-serve portal. To submit your application package, navigate to the [Azure Portal](https://www.aka.ms/testbaseportal "Test Base Homepage") and upload a zipped folder containing your application's binaries, dependencies, and test scripts via the self-serve Test Base portal dashboard.
To submit your application package, navigate to the [Azure Portal](https://www.a
For assistance and more information, see the onboarding user guide or contact our team at <testbasepreview@microsoft.com>. **Q: What are Out-of-box (OOB) tests?**- **A:** Out-of-box (OOB) tests are standardized, default test runs where application packages are installed, launched and closed 30 times, and then uninstalled. The packages created for Test Base have the following test scripts: install, launch, close, and optionally the uninstall script.
The packages created for Test Base have the following test scripts: install, lau
The Out-of-box (OOB) tests provide you with standardized telemetry on your application to compare across Windows builds. **Q: Can we submit tests outside of the Out-of-box tests (install, launch, close, uninstall test scripts)?**- **A:** Yes, customers can also upload application packages for **functional tests** via the self-serve portal dashboard. **Functional tests** are tests that enable customers to execute their scripts to run custom functionality on their application. **Q: How long does KB installation take?**- **A:** The KB installation time can vary, the KB installation happens in between the install and launch scripts for OOB tests.
-## Testing
- **Q: Do you support functional tests?**- **A:** Yes, Test Base supports functional tests. Functional tests are tests that enable our customers to execute their scripts to run custom functionality on their application. To submit your application package for functional testing, upload the zipped folder containing your application's binaries, dependencies, and test scripts via our self-serve portal dashboard.
To submit your application package for functional testing, upload the zipped fol
For assistance and more information, see the onboarding user guide or contact our team at <testbasepreview@microsoft.com>. **Q: How does Test Base handle our test data?**- **A:** Test Base securely collects and manages your test data on the Azure environment. **Q: Can Test Base support our automated tests?**- **A:** Yes, Test Base supports automated tests, however, we don't support manual tests at this time due to service capabilities. **Q: What languages and frameworks of automated tests do you support?**- **A:** We support all languages and frameworks. We invoke all scripts through PowerShell. You also need to provide (upload) the dependent binaries of the required framework. **Q: How soon does Test Base provide test results?**- **A:** For each test that we run against the pre-release builds, we provide results within 24 hours on your [Azure Portal](https://www.aka.ms/testbaseportal "Test Base Homepage") dashboard. **Q: Can you reboot after installation?**- **A:** Yes, our process supports rebooting after installation. Be sure to select this option from the "Optional settings" drop list when setting your **Tasks** on the onboarding portal. For Out-of-box (OOB) tests, you can specify whether a reboot is needed for the _Install script._
While for functional tests, you can specify whether a reboot is required for eac
![How to select functional tests.](Media/functionalreboot.png) **Q: What Windows versions do you support?**- **A:** We currently support Windows 11 clients, Windows 10 clients, Windows Server 2016, Windows Server 2016 Core version, Windows Server 2019, and Windows Server 2019 Core version. **Q: What is the difference between Security Update tests and Feature Update tests?**-
-**A:** For Security update tests, we test against the **<ins>monthly pre-release security updates</ins>** on Windows, which is focused on keeping our users always secure and protected. For the Feature update tests, we test against the **<ins>bi-annual pre-release feature updates</ins>** which introduce new features and capabilities on Windows.
+**A:** For Security update tests, we test against the **<ins>monthly pre-release security updates</ins>** On Windows, which is focused on keeping our users always secure and protected. For the Feature update tests, we test against the **<ins>bi-annual pre-release feature updates</ins>** which introduce new features and capabilities on Windows.
**Q: How long would my script run?**- **A:** All customer scripts within the package have a script execution limit of 60 mins. Script executions after 60-mins fail with a timeout error. **Q: How do I investigate time-out failure?**- **A:** Follow the below mentioned steps: 1. Check video recording: 1. to confirm if any Windows pop-up blocked the script execution.
While for functional tests, you can specify whether a reboot is required for eac
2. Use VM snapshot to create VM to repro timeout and find out root cause. 3. Fix code issue continue testing. 4. If test running indeed exceeds 60 mins, split into multiple scripts below 60 mins.
- 1. Run all testing job in one central script which doesnΓÇÖt have time limit, monitor the status from multiple Test Base artifact scripts.
+ 1. Run all testing job in one central script which doesn't have time limit, monitor the status from multiple Test Base artifact scripts.
**Q: How can I pause my active packages?**- **A:** To pause your active packages, follow these steps: 1. Go to the ΓÇÿManage packagesΓÇÖ page by clicking the link in the navigation bar. 2. Select the packages that you want to pause by checking the boxes next to package names.
Note: The selected packages will be disabled for execution on all future OS upda
## Debugging options **Q: Do we get access to the Virtual Machines (VMs) in case of failures? What does Test Base share?**- **A:** For the service to be compliant and the pre-release updates be secure, only Microsoft has access to the VMs. However, customers can view test results and other test metrics on their portal dashboard, including crash and hang signals, reliability metrics, memory and CPU utilization etc. We also generate and provide logs of test runs on the dashboard for download and further analysis. We can also provide memory dumps for crash debugging as needed. **Q: If there are issues found during the testing, what are the next steps to resolve these issues?**- **A:** The Test Base team performs an initial triage process to determine the root cause of the error, and then depending on our findings, we route to the customer or internal teams within Microsoft for debugging. We always work closely with our customers in joint remediation to resolve any issues. **Q: Does Microsoft hold the release of the security patch until the issue is resolved? What alternate resolutions are available?**-
-**A:** The goal of Test Base is to ensure our joint end customers don't face any issues. We work hard with Software Vendors to address any issues before the release, but in case the fix is not feasible we have other resolutions such as shims and blocks.
+**A:** The goal of Test Base is to ensure our joint end customers don't face any issues. We work hard with Software Vendors to address any issues before the release, but in case the fix isn't feasible we have other resolutions such as shims and blocks.
## Security **Q: Where are my packages and binaries stored and what security precautions do you take to keep my data safe?**- **A:** Packages are uploaded and stored in Microsoft-managed Azure cloud storage. The data is encrypted in transit and at rest. When the system gets notified that one of your packages needs to be tested, a dedicated and isolated Microsoft-managed Azure Guest VM is provisioned with the OS image you selected. This VM lives within our Microsoft tenant and is provisioned within its own VNet/private subnet to prevent any lateral moves from any other Azure VM in our VM pool. The VM is configured to disallow any inbound traffic to protect the integrity of the Guest VM. In addition to these guardrails, your Test Base account and packages are uploaded as Azure resources and benefit from Azure RBAC. You can use Microsoft Entra ID plus Azure RBAC to control access to your account and packages. **Q: Who has access to the VM?**- **A:** Only our backend services can access the Microsoft-managed VMs that run your workloads. These VMs are configured to disallow any inbound traffic, including remote connections, to protect the integrity of the VM. ## Miscellaneous **Q: How will the service work with an on-prem server?**- **A:** We currently don't provide support for on-prem servers. However, if the server is exposing HTTP endpoint, we can connect to it over the internet. **Q: Who hosts the VMs?**- **A:** Microsoft provisions the VM for this service, taking the load of doing so from the customer. **Q: Does this service support web, mobile, or desktop applications?**- **A:** Currently, our focus is on desktop applications, however, we have plans to onboard web applications in the future, but we don't support mobile applications at this time. **Q: What is the difference between Test Base and SUVP?**- **A:** The biggest difference between Test Base and SUVP is that our partners onboard their applications onto the Test Base Azure environment for validation runs against pre-release updates instead of carrying out the tests themselves. In addition to pre-release security updates testing, we support pre-release feature updates testing on our platform. We have many other types of updates and OS testing on our roadmap. **Q: Is there a cost associated with the service?**- **A:** The cost of the service depends on when you sign up and how much you use it. Here are the details: - If you signed up before November 15, 2023, you'll receive 100 free hours (valued at $800) of Test Base usage under your subscription. These hours will expire in 6 months from the date of sign up. After the free hours are consumed or expired, you'll be charged $8 per hour for your usage. - If you sign up on or after November 15, 2023, you'll receive 100 free hours (valued at $800) of Test Base usage under your tenant. These hours will expire in 6 months from the date of sign up. After the free hours are consumed or expired, you'll be charged $8 per hour for your usage.-- Starting from November 15, 2023, if you are a Windows E3/E5 or Microsoft 365 E3/E5 customer, you'll receive an additional 500 hours (equivalent to $4,000) of Test Base usage under your tenant. These hours don't have an expiration date and can be used anytime. Note: Don't disable the service principal "Test Base for M365 - Billing", otherwise you may lose the possibility of getting the additional hours.
+- Starting from November 15, 2023, if you're a Windows E3/E5 or Microsoft 365 E3/E5 customer, you'll receive an additional 500 hours (equivalent to $4,000) of Test Base usage under your tenant. These hours don't have an expiration date and can be used anytime. Note: Don't disable the service principal "Test Base for M365 - Billing", otherwise you may lose the possibility of getting the additional hours.
**Q: How can I provide feedback about Test Base?**- **A:** To share your feedback about Test Base, select the **Feedback** icon at the bottom left of the portal. Include a screenshot with your submission to help Microsoft better understand your feedback. You can also submit product suggestions and upvote other ideas at <testbasepreview@microsoft.com>.