Updates from: 03/19/2021 04:12:50
Category Microsoft Docs article Related commit history on GitHub Change details
admin Choose Between Basic Mobility And Security And Intune https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/choose-between-basic-mobility-and-security-and-intune.md
Microsoft Intune and built-in Basic Mobility and Security both give you the abil
|Email profiles |Provision a native email profile on the device. |Yes|Yes| |WiFi profiles |Provision a native WiFi profile on the device. |No|Yes| |VPN profiles |Provision a native VPN profile on the device. |No|Yes|
-|Basic Mobility and Security application management |Deploy your internal line-of-business apps and from apps stores to users. |No|Yes|
+|Mobile application management |Deploy your internal line-of-business apps and from apps stores to users. |No|Yes|
|Mobile application protection |Enable your users to securely access corporate information using the Office mobile and line-of-business apps they know, while ensuring security of data by helping to restrict actions like copy, cut, paste, and save as, to only those apps managed approved for corporate data. Works even if the devices are not enrolled to Basic Mobility and Security. See Protect app data using MAM policies. |No|Yes| |Managed browser |Enable more secure web browsing using the Edge app. |No|Yes|
-|Zero touch enrollment programs Autopilot) |Enroll large numbers of corporate-owned devices, while simplifying user setup. |No|Yes|
+|Zero touch enrollment programs (AutoPilot) |Enroll large numbers of corporate-owned devices, while simplifying user setup. |No|Yes|
||| In addition to features listed in the preceding table, Basic Mobility and Security and Intune both include a set of remote actions that send commands to devices over the internet. For example, you can remove Office data from an employeeΓÇÖs device while leaving personal data in place (retire), remove Office apps from a employee's device (wipe), or reset a device to its factory settings (full wipe).
commerce Allowselfservicepurchase Powershell https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/allowselfservicepurchase-powershell.md
localization_priority: None -- commerce -
+- M365-subscription-management
+- Adm_O365
+
+- AdminSurgePortfolio
+- commerce
search.appverid: - MET150 description: "Learn how to use the AllowSelfServicePurchase PowerShell cmdlet to turn self-service purchase on or off."
The following table lists the available products and their **ProductId**.
|--|--| | Power Apps per user | CFQ7TTC0KP0P | | Power Automate per user | CFQ7TTC0KP0N |
+| Power Automate RPA | CFQ7TTC0KXG6 |
+| Power BI Premium (standalone) | CFQ7TTC0KXG7 |
| Power BI Pro | CFQ7TTC0L3PB | | Project Plan 1 | CFQ7TTC0KXND | | Project Plan 3 | CFQ7TTC0KXNC |
compliance Communication Compliance Feature Reference https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-feature-reference.md
To update the roles for these users for the new role group structure, and to sep
## Supervised users
-Before you start using communication compliance, you must determine who needs their communications reviewed. In the policy, user email addresses identify individuals or groups of people to supervise. Some examples of these groups are Microsoft 365 Groups, Exchange-based distribution lists, Yammer communities, and Microsoft Teams channels. You also can exclude specific users or groups from scanning with a specific exclusion group or a list of groups.
+Before you start using communication compliance, you must determine who needs their communications reviewed. In the policy, user email addresses identify individuals or groups of people to supervise. Some examples of these groups are Microsoft 365 Groups, Exchange-based distribution lists, Yammer communities, and Microsoft Teams channels. You also can exclude specific users or groups from scanning with a specific exclusion group or a list of groups. For more information about groups types supported in communication compliance policies, see [Get started with communication compliance](communication-compliance-configure.md#step-3-optional-set-up-groups-for-communication-compliance).
>[!IMPORTANT] >Users covered by communication compliance policies must have either a Microsoft 365 E5 Compliance license, an Office 365 Enterprise E3 license with the Advanced Compliance add-on, or be included in an Office 365 Enterprise E5 subscription. If you don't have an existing Enterprise E5 plan and want to try communication compliance, you can [sign up for a trial of Office 365 Enterprise E5](https://go.microsoft.com/fwlink/p/?LinkID=698279).
With communication compliance policies, you can choose to scan messages in one o
- **Microsoft Teams**: Chat communications in both public and private Microsoft Teams channels and individual chats can be scanned. When users are assigned to a communication compliance policy with Microsoft Teams coverage selected, chat communications for the users are automatically monitored across all Microsoft Teams where the users are a member. Microsoft Teams coverage is automatically included for pre-defined policy templates and is selected by default in the custom policy template. Teams chats matching communication compliance policy conditions may take up to 48 hours to process. Use the following group management configurations to supervise individual user chats and channel communications in Teams: - **For Teams chat communications:** Assign individual users or assign a [distribution group](https://support.office.com/article/Distribution-groups-E8BA58A8-FAB2-4AAF-8AA1-2A304052D2DE) to the communication compliance policy. This setting is for one-to-one or one-to-many user/chat relationships.
- - **For Teams Channel communications:** Assign every Microsoft Teams channel or Microsoft 365 group you want to scan that contains a specific user to the communication compliance policy. If you add the same user to other Microsoft Teams channels or Microsoft 365 groups, be sure to add these new channels and groups to the communication compliance policy.
+ - **For Teams Channel communications:** Assign every Microsoft Teams channel or Microsoft 365 group you want to scan that contains a specific user to the communication compliance policy. If you add the same user to other Microsoft Teams channels or Microsoft 365 groups, be sure to add these new channels and groups to the communication compliance policy. If any member of the channel is a supervised user within a policy and the *Inbound* direction is configured in a policy, all messages sent within the channel are subject to review and potential policy matches (even for users in the channel that aren't explicitly supervised). For example, User A is the owner or a member of a channel. User B and User C are members of the same channel and use language that is matched to the offensive language policy that supervises only User A. User B and User C create policy matches for conversations within the channel even though they aren't directly supervised in the offensive language policy. Teams conversations between User B and User C that are outside of the channel that includes User A would not be subject to the offensive language policy that includes User A. To exclude channel members from supervision when other members of the channel are explicitly supervised, turn off the *Inbound* communication direction setting in the applicable communication compliance policy.
- **For Teams chat communications with hybrid email environments**: Communication compliance can monitor chat messages for users for organizations with an Exchange on-premises deployment or an external email provider that have enabled Microsoft Teams. You must create a distribution group for the users with on-premises or external mailboxes to monitor. When creating a communication compliance policy, you'll assign this distribution group as the **Supervised users and groups** selection in the policy wizard. >[!IMPORTANT]
Complete the following steps to delete a Power Automate flow:
4. On the **Power Automate flows** page, select flow to delete. Select **Delete** from the flow control menu. 5. On the deletion confirmation dialog, select **Delete** to remove the flow or select **Cancel** to exit the deletion action.
-## Reports (preview)
+## Reports
The new **Reports** dashboard is the central location for viewing all communication compliance reports. Report widgets provide a quick view of insights most commonly needed for an overall assessment of the status of communication compliance activities. Information contained in the report widgets is not exportable. Detailed reports provide in-depth information related to specific communication compliance areas and offer the ability to filter, group, sort, and export information while reviewing.
compliance Create A Custom Sensitive Information Type In Scc Powershell https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-a-custom-sensitive-information-type-in-scc-powershell.md
When you upload your rule package XML file, the system validates the XML and che
- Each Custom Sensitive Information Type can have a maximum of 2048 keywords total. -- The maximum size of Keyword Dictionaries in a single tenant is 100 kilobytes compressed. Reference the same dictionary as many times as necessary when creating custom sensitive information types. Start with creating custom keyword lists in the sensitive information type and use keyword dictionaries if you have more than 2048 keywords in a keyword list or a keyword is larger than 50 characters in length.
+- The maximum size of Keyword Dictionaries in a single tenant is 1 MB compressed. Reference the same dictionary as many times as necessary when creating custom sensitive information types. Start with creating custom keyword lists in the sensitive information type and use keyword dictionaries if you have more than 2048 keywords in a keyword list or a keyword is larger than 50 characters in length.
+
+- A maximum of 50 keyword dictionary based sensitive information types are allowed in a tenant.
- Ensure each Entity element contains a recommendedConfidence attribute.
compliance Create A Keyword Dictionary https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-a-keyword-dictionary.md
description: "Learn the basic steps to creating a keyword dictionary in the Offi
Data loss prevention (DLP) can identify, monitor, and protect your sensitive items. Identifying sensitive items sometimes requires looking for keywords, particularly when identifying generic content (such as healthcare-related communication), or inappropriate or explicit language. Although you can create keyword lists in sensitive information types, keyword lists are limited in size and require modifying XML to create or edit them. Keyword dictionaries provide simpler management of keywords and at a much larger scale, supporting up to 1MB of terms (post compression) in the dictionary and support any language. The tenant limit is also 1MB after compression. 1MB of post compression limit means that all dictionaries combined across a tenant can have close to 1 million character.
+> [!NOTE]
+> There is a limit of 50 keyword dictionary based sensitive information types that can be created per tenant.
+ > [!NOTE] > Microsoft 365 Information Protection now supports in preview double byte character set languages for: > - Chinese (simplified)
compliance Create Apply Retention Labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-apply-retention-labels.md
You can also apply a retention label to a folder or document set, and you can se
After a retention label is applied to an item, you can view it in the details pane when that item's selected. ![Applied label shown in Details pane](../media/d06e585e-29f7-4c8c-afef-629c97268b8e.png)
-
+ For SharePoint, but not OneDrive, you can create a view of the library that contains the **Labels** column or **Item is a Record** column. This view lets you see at a glance the retention labels assigned to all items and which items are records. Note, however, that you can't filter the view by the **Item is a Record** column. For instructions how to add columns, see [Show or hide columns in a list or library](https://support.microsoft.com/en-us/office/show-or-hide-columns-in-a-list-or-library-b820db0d-9e3e-4ff9-8b8b-0b2dbefa87e2).
If you need to ensure that no one can turn off the policy, delete the policy, or
Event-based retention is another supported scenario for retention labels. For more information, see the following articles: - [Start retention when an event occurs](event-driven-retention.md)-- [Automate event-based retention](./event-driven-retention.md#automate-events-by-using-a-rest-apiautomate-events-by-using-a-rest-api)
+- [Automate event-based retention](./event-driven-retention.md#automate-events-by-using-a-rest-api)
- [Use retention labels to manage the lifecycle of documents stored in SharePoint](auto-apply-retention-labels-scenario.md)
compliance Create Sensitivity Labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-sensitivity-labels.md
To edit an existing label policy, select it, and then select the **Edit Policy**
This button starts the **Create policy** wizard, which lets you edit which labels are included and the label settings. When you complete the wizard, any changes are automatically replicated to the selected users and services.
-When you use built-in labeling for Office apps on Windows, macOS, iOS, and Android, users see new labels within four hours, and within one hour for Office on the web. However, allow up to 24 hours for changes to replicate to all apps and services.
+When you use built-in labeling for Office apps on Windows, macOS, iOS, and Android, users see new labels within four hours, and within one hour for Word, Excel, and PowerPoint on the web when you refresh the browser. However, allow up to 24 hours for changes to replicate to all apps and services.
### Additional label policy settings with Security & Compliance Center PowerShell
compliance File Plan Manager https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/file-plan-manager.md
To import new retention labels and modify existing retention labels:
![Blank file plan template opens in Excel](../media/file-plan-blank-template.png)
-3. Fill out the template, using the following information that describes the properties and valid values for each property. For import, each value has a maximum length of 64 characters. <br/>
-
+3. Fill out the template, using the following information that describes the properties and valid values for each property. For import, some values have a maximum length:
+
+ - **LabelName**: Maximum length of 64 characters
+ - **Comment** and **Notes**: Maximum length of 1024 characters
+ - All other values: Unlimited length
+ <br/>
+
|Property|Type|Valid values| |:--|:--|:--| |LabelName|String|This property specifies the name of the retention label.|
compliance Records Management https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/records-management.md
Footnotes:
<sup>1</sup> Supported by OneDrive and Exchange by retaining a copy in a secured location, but blocked by SharePoint.
-Message a user sees if they try to delete a labeled document in SharePoint:
-
-![Message that item wasn't deleted from SharePoint](../media/d0020726-1593-4a96-b07c-89b275e75c49.png)
- When you apply a retention label to a list item that has a document attachment, that document doesn't inherit the retention settings and can be deleted from the list item. In comparison, if that list item was declared a record with a retention label, the document attachment would inherit the retention settings and couldn't be deleted. <sup>2</sup>
compliance Sensitive Information Type Entity Definitions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitive-information-type-entity-definitions.md
No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_australia_bank_account_number finds content that matches the pattern. - A keyword from Keyword_australia_bank_account_number is found. - The regular expression Regex_australia_bank_account_number_bsb finds content that matches the pattern.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_australia_bank_account_number finds content that matches the pattern. - A keyword from Keyword_australia_bank_account_number is found.
No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression CEP_Regex_AzureRedisCacheConnectionString finds content that matches the pattern. - The regular expression CEP_CommonExampleKeywords doesn't find content that matches the pattern.
No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression CEP_Regex_AzureServiceBusConnectionString finds content that matches the pattern. - The regular expression CEP_CommonExampleKeywords doesn't find content that matches the pattern.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- tin no - tin#
-## Croatia social security number or equivalent identification
-This sensitive information type entity is only available in the EU Social Security Number or Equivalent ID sensitive information type.
-
-### Format
-
-11 digits without spaces and delimiters
-
-### Pattern
-
-11 digits:
-
-- 10 digits-- one check digit
-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
-
-- The function `Func_croatia_eu_ssn_or_equivalent` finds content that matches the pattern. -- A keyword from `Keywords_croatia_eu_ssn_or_equivalent` is found.
-
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
-
-- The function `Func_croatia_eu_ssn_or_equivalent` finds content that matches the pattern.
-
-```xml
- <!-- EU SSN or Equivalent Number -->
-<Entity id="d24e32a4-c0bb-4ba8-899d-6303b95742d9" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_croatia_eu_ssn_or_equivalent" />
- <Match idRef="Keywords_croatia_eu_ssn_or_equivalent" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_croatia_eu_ssn_or_equivalent" />
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keywords_croatia_eu_ssn_or_equivalent
--- personal identification number-- master citizen number-- national identification number-- social security number-- nationalnumber#-- ssn#-- ssn-- nationalnumber-- bnn#-- bnn-- personal id number-- personalidnumber#-- oib-- osobni identifikacijski broj- ## Cyprus drivers license number ### Format
A DLP policy has medium confidence that it's detected this type of sensitive inf
- tin# - unique identification number
-## Czech social security number or equivalent identification
-
-This sensitive information type entity is only available in the EU Social Security Number or Equivalent ID sensitive information type.
-
-### Format
-
-10 digits and a backslash in the specified pattern
-
-### Pattern
-
-10 digits and a backslash:
-
-- six digits that correspond to the birth date (YYMMDD): -- a backslash-- three digits that correspond to a serial number that separates persons born on the same date-- one check digit
-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
-- The function `Func_czech_republic_eu_ssn_or_equivalent` finds content that matches the pattern. -- A keyword from `Keywords_czech_republic_eu_ssn_or_equivalent` is found.
-
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
-- The function `Func_czech_republic_eu_ssn_or_equivalent` finds content that matches the pattern. -
-```xml
- <!-- EU SSN or Equivalent Number -->
-<Entity id="d24e32a4-c0bb-4ba8-899d-6303b95742d9" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_czech_republic_eu_ssn_or_equivalent" />
- <Match idRef="Keywords_czech_republic_eu_ssn_or_equivalent" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_czech_republic_eu_ssn_or_equivalent" />
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keywords_czech_republic_eu_ssn_or_equivalent
--- birth number-- national identification number-- personal identification number-- social security number-- nationalnumber#-- ssn#-- ssn-- national number-- personal id number-- personalidnumber#-- rč-- rodné číslo-- rodne cislo ## Denmark driver's license number
A DLP policy has low confidence that it's detected this type of sensitive inform
- sygesikringsnr - sygesikringsnummer
-## Denmark social security number or equivalent identification
-This sensitive information type entity is only available the EU Social Security Number or Equivalent ID sensitive information type.
-
-### Format
-
-10 digits and a hyphen in the specified pattern
-
-### Pattern
-
-10 digits and a hyphen:
-
-- six digits that correspond to the birth date (DDMMYY) -- a hyphen-- four digits that correspond to a sequence number-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
-- The function `Func_denmark_eu_ssn_or_equivalent` finds content that matches the pattern. -- A keyword from `Keywords_denmark_eu_ssn_or_equivalent` is found.
-
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
-- The function `Func_denmark_eu_ssn_or_equivalent` finds content that matches the pattern.
-
-```xml
- <!-- EU SSN or Equivalent Number -->
-<Entity id="d24e32a4-c0bb-4ba8-899d-6303b95742d9" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_denmark_eu_ssn_or_equivalent" />
- <Match idRef="Keywords_denmark_eu_ssn_or_equivalent" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_denmark_eu_ssn_or_equivalent" />
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keywords_denmark_eu_ssn_or_equivalent
--- personal identification number-- national identification number-- social security number-- nationalnumber#-- ssn#-- ssn-- national number-- personal id number-- personalidnumber#-- cpr-nummer-- personnummer ## Drug Enforcement Agency (DEA) number
These entities that are in the EU Social Security Number or equivalent identific
- [Czech](#czech-personal-identity-number) - [Denmark](#denmark-personal-identification-number) - [Finland](#finland-national-id)-- [France](#france-social-security-number-insee-or-equivalent-identification)
+- [France](#france-social-security-number-insee)
- [Germany](#germany-identity-card-number) - [Greece](#greece-national-id-card) - [Hungary](#hungary-social-security-number-taj)
A DLP policy has medium confidence that it's detected this type of sensitive inf
- date of expiry
-## France social security number (INSEE) or equivalent identification
+## France social security number (INSEE)
### Format
For IPv6, a DLP policy has high confidence that it's detected this type of sensi
- The regular expression Regex_ipv6_address finds content that matches the pattern. - No keyword from Keyword_ipaddress is found.
-For IPv4, a DLP policy is 95% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+For IPv4, a DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_ipv4_address finds content that matches the pattern. - A keyword from Keyword_ipaddress is found.
-For IPv6, a DLP policy is 95% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+For IPv6, a DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_ipv6_address finds content that matches the pattern. - No keyword from Keyword_ipaddress is found.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- date of expiry
-## Sweden social security number or equivalent identification
-This sensitive information type entity is only available in the EU Social Security Number or Equivalent ID sensitive information type.
-
-### Format
-
-12 digits without spaces and delimiters
-
-### Pattern
-
-12 digits:
-
-- eight digits that correspond to the birth date (YYYYMMDD) -- three digits that correspond to a serial number where:
- - the last digit in the serial number indicates gender by the assignment of an odd number for male and an even number for female
- - Before 1990, the assignment of a serial number corresponded to the county where the bearer of the number was born. Or (if born before 1947) where they had been living, according to tax records, on January 1, 1947, with a special code (usually 9 as the seventh digit) for immigrants.
-- one check digit
-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
-- The function `Func_sweden_eu_ssn_or_equivalent` finds content that matches the pattern. -- A keyword from `Keywords_sweden_eu_ssn_or_equivalent` is found.
-
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
-- The function `Func_sweden_eu_ssn_or_equivalent` finds content that matches the pattern.
-
-```xml
- <!-- EU SSN or Equivalent Number -->
-<Entity id="d24e32a4-c0bb-4ba8-899d-6303b95742d9" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_sweden_eu_ssn_or_equivalent" />
- <Match idRef="Keywords_sweden_eu_ssn_or_equivalent" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_sweden_eu_ssn_or_equivalent" />
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keywords_sweden_eu_ssn_or_equivalent
--- personal id number-- identification number-- personal id no-- identity no-- identification no-- personal identification no-- personnummer id-- personligt id-nummer-- unikt id-nummer-- personnummer-- identifikationsnumret-- personnummer#-- identifikationsnumret#- ## Sweden tax identification number This sensitive information type is only available for use in: - data loss prevention policies
A DLP policy has low confidence that it's detected this type of sensitive inform
- The function Func_randomized_formatted_ssn finds content that matches the pattern. - A keyword from Keyword_ssn is found.
-A DLP policy is 55% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_randomized_unformatted_ssn finds content that matches the pattern. - A keyword from Keyword_ssn is found.
compliance Sensitivity Labels Office Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-office-apps.md
Deploy this setting by using Group Policy, or by using the [Office cloud policy
If users have one of the Azure Information Protection clients installed ([unified labeling client](/azure/information-protection/rms-client/aip-clientv2) or [classic client](/azure/information-protection/rms-client/aip-client)), by default, the built-in labeling client is turned off in their Office apps.
-To use built-in labeling rather than the Azure Information Protection client for Office apps, use the instructions from the previous section but set the Group Policy setting **Use the Sensitivity feature in Office to apply and view sensitivity labels** to **1**.
+To use built-in labeling rather than the Azure Information Protection client for Office apps, we recommend you use the Group Policy setting **List of managed add-ins** as documented in [No Add-ins loaded due to group policy settings for Office 2013 and Office 2016 programs](https://support.microsoft.com/help/2733070/no-add-ins-loaded-due-to-group-policy-settings-for-office-2013-and-off).
-Alternatively, disable or remove the Office Add-in, **Azure Information Protection**. This method is suitable for a single computer, and ad-hoc testing. For instructions, see [View, manage, and install add-ins in Office programs](https://support.office.com/article/16278816-1948-4028-91e5-76dca5380f8d).
+For Microsoft Word 2016, Excel 2016, PowerPoint 2016, and Outlook 2016, specify the following programmatic identifiers (ProgID) for the Azure Information Protection client, and set the option to **0: The add-in is always disabled (blocked)**
-When you disable or remove this Office Add-in, the Azure Information Protection client remains installed so that you can continue to label files outside your Office apps. For example, by using File Explorer, or PowerShell.
+|Application |ProgID |
+|||
+|Word | `MSIP.WordAddin` |
+|Excel | `MSIP.ExcelAddin` |
+|PowerPoint | `MSIP.PowerPointAddin` |
+|Outlook | `MSIP.OutlookAddin` |
+| | |
+
+Deploy this setting by using Group Policy, or by using the [Office cloud policy service](https://docs.microsoft.com/DeployOffice/overview-office-cloud-policy-service).
+
+> [!NOTE]
+> If you use the Group Policy setting **Use the Sensitivity feature in Office to apply and view sensitivity labels** and set this to **1**, there are some situations where the Azure Information Protection client might still load in Office apps. Blocking the add-in from loading in each app prevents this happening.
+
+Alternatively, you can interactively disable or remove the **Microsoft Azure Information Protection** Office add-in from Word, Excel, PowerPoint, and Outlook. This method is suitable for a single computer, and ad-hoc testing. For instructions, see [View, manage, and install add-ins in Office programs](https://support.office.com/article/16278816-1948-4028-91e5-76dca5380f8d).
+
+Whichever method you choose, the changes take effect when Office apps restart. By disabling or removing this Office add-in, the Azure Information Protection client remains installed on the computer so that you can continue to label files outside your Office apps. For example, by using File Explorer, or PowerShell.
For information about which features are supported by the Azure Information Protection clients and the Office built-in labeling client, see [Choose your Windows labeling solution](/azure/information-protection/rms-client/use-client#choose-your-windows-labeling-solution) from the Azure Information Protection documentation.
compliance Whats New https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/whats-new.md
Watch the video below to learn how Compliance Manager can help simplify how your
### Communication compliance - [Updated role groups](communication-compliance-configure.md#step-1-required-enable-permissions-for-communication-compliance). Communication compliance role groups now match the role group structure available for the insider risk management solution.-- [Reports dashboard](communication-compliance-feature-reference.md#reports-preview). Your central location for viewing all communication compliance reports. Report widgets provide a quick view of insights most commonly needed for an overall assessment of the status of communication compliance activities.
+- [Reports dashboard](communication-compliance-feature-reference.md#reports). Your central location for viewing all communication compliance reports. Report widgets provide a quick view of insights most commonly needed for an overall assessment of the status of communication compliance activities.
- [Power Automate flows](communication-compliance-feature-reference.md#power-automate-flows). Set up flows to automate tasks for alerts and users, notify managers when users trigger an alerts, and more. - [ΓÇÿImprove classificationΓÇÖ remediation action](communication-compliance-investigate-remediate.md#step-3-decide-on-a-remediation-action). Alerts containing items that match trainable classifiers might benefit from feedback to help minimize false positives in your organization. The **Improve classification** option lets you provide feedback whether detected items match the classifier configured in the related communication compliance policy. You can even suggest other classifiers to associate with the item to improve match accuracy for future alerts.
enterprise Microsoft 365 Client Support Certificate Based Authentication https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-client-support-certificate-based-authentication.md
*This article applies to both Microsoft 365 Enterprise and Office 365 Enterprise.*
-Modern authentication is an umbrella term for a combination of authentication and authorization methods. These include:
+Modern authentication is an umbrella term for a combination of authentication and authorization methods. These methods include:
- **Authentication methods**: Multi-factor Authentication; Client Certificate-based authentication. - **Authorization methods**: Microsoft's implementation of Open Authorization (OAuth).
-Modern authentication is enabled through the use of an authentication library, like Active Directory Authentication Library (ADAL) or Microsoft Authentication Library (MSAL). Modern authentication is what clients use to authenticate and authorize access to Microsoft 365 resources. Modern authentication leverages OAuth and provides a secure mechanism for clients to access Microsoft 365 services, without requiring access to user credentials. At sign-in, the user authenticates directly with Azure Active Directory and receives an access/refresh token pair in return. The access token grants the client access to the appropriate resources in the Microsoft 365 tenant. A refresh token is used to obtain a new access or refresh token pair when the current access token expires.
+Modern authentication is enabled by using an authentication library, like Active Directory Authentication Library (ADAL) or Microsoft Authentication Library (MSAL). Modern authentication is what clients use to authenticate and authorize access to Microsoft 365 resources. Modern authentication uses OAuth and provides a secure mechanism for clients to access Microsoft 365 services, without requiring access to user credentials. At sign-in, the user authenticates directly with Azure Active Directory and receives an access/refresh token pair in return. The access token grants the client access to the appropriate resources in the Microsoft 365 tenant. A refresh token is used to obtain a new access or refresh token pair when the current access token expires.
Modern authentication supports different authentication mechanisms, like certificate-based authentication. Clients on Windows, Android, or iOS devices can use certificate-based authentication (CBA) to authenticate to Azure Active Directory using a client certificate on the device. Instead of a typical username/password, the certificate is used to obtain an access/refresh token pair from Azure Active Directory.
The latest versions of the following clients and platforms support certificate-b
<br> <br>
-| Clients | Android | iOS | Mac| Windows 10 <br> Modern Apps| Windows 10 <br> Desktop |
-|:|::|::|::|::|::|
-| Azure Active Directory Admin | N/A | N/A | N/A | N/A | ![Supported](../media/check-mark.png) |
-| Access | N/A | N/A | N/A | N/A | ![Supported](../media/check-mark.png) |
-| Azure Admin | N/A | N/A | N/A | N/A | N/A |
-| Company portal | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A |
-| Cortana | Planned | Planned | N/A | ![Supported](../media/check-mark.png) | N/A |
-| Delve | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | N/A |
-| Edge<sup>1</sup> | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | ![Supported](../media/check-mark.png) |
-| Excel | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) |
-| Exchange Online Admin | N/A | N/A | N/A | N/A | ![Supported](../media/check-mark.png) |
-| Forms | N/A | N/A | N/A | N/A | N/A |
-| Office 365 Admin | N/A | N/A | N/A | N/A | ![Supported](../media/check-mark.png) | |
-| Kaizala | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | N/A |
-| Office Lens| ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | ![Supported](../media/check-mark.png) | N/A |
-| Office mobile | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | N/A |
-| Office portal | N/A | N/A | N/A | ![Supported](../media/check-mark.png) | N/A |
-| OneDrive | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | Planned | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) |
-| OneNote | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) |
-| Outlook | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) |
-| Planner | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | N/A |
-| Power Apps | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | ![Supported](../media/check-mark.png) | N/A |
-| Power Automate | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | N/A |
-| Power BI | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) |
-| PowerPoint | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) |
-| Project | N/A | N/A | N/A | N/A | ![Supported](../media/check-mark.png) |
-| Publisher | N/A | N/A | N/A | N/A | ![Supported](../media/check-mark.png) |
-| Skype for Business | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | ![Supported](../media/check-mark.png) |
-| Skype for Business Admin | N/A | N/A | N/A | N/A | ![Supported](../media/check-mark.png) |
-| SharePoint | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | N/A |
-| SharePoint Online Admin | Planned | Planned | N/A | N/A | N/A |
-| Sticky Notes | N/A | N/A | N/A | ![Supported](../media/check-mark.png) | N/A |
-| Stream | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | N/A |
-| Sway | N/A | N/A | N/A | ![Supported](../media/check-mark.png) | N/A |
-| Teams | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | Planned |
-| To Do | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A |
-| Visio | N/A | ![Supported](../media/check-mark.png) | N/A | N/A | ![Supported](../media/check-mark.png) |
-| Whiteboard | Planned | Planned | N/A | ![Supported](../media/check-mark.png) | N/A |
-| Word | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) |
-| Workplace analysis | N/A | N/A | N/A | N/A | N/A |
-| Yammer | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | Planned | N/A | Planned |
>[!NOTE]
-><sup>1</sup> Edge for iOS and Android supports certificate-based authentication during account add flows. Edge for iOS and Android does not support certificate-based authentication when performing authentication against web sites, which are typically intranet sites. <br><br> In this scenario, a user navigates to a web site (usually on the intranet) where the web site requires the user to authenticate via a certificate. This does not involve modern authentication at all and does not leverage a Microsoft authentication library. This is due to a limitation with iOS: iOS prevents third-party apps from accessing the system keychain where the certificates are stored (only Apple apps and the [Safari webview controller](https://developer.apple.com/documentation/safariservices/sfsafariviewcontroller) can access the system keychain). <br><br> As Edge relies on the [WebKit](https://developer.apple.com/documentation/webkit) framework for rendering web sites, Edge is unable to access the system keychain and present the user with a certificate choice. This, unfortunately, is by design due to Apple's architecture.
+>Edge for iOS and Android supports certificate-based authentication during account add flows. Edge for iOS and Android does not support certificate-based authentication when performing authentication against web sites, which are typically intranet sites. <br><br> In this scenario, a user navigates to a web site (usually on the intranet) where the web site requires the user to authenticate via a certificate. This does not involve modern authentication at all and does not leverage a Microsoft authentication library. This is due to a limitation with iOS: iOS prevents third-party apps from accessing the system keychain where the certificates are stored (only Apple apps and the [Safari webview controller](https://developer.apple.com/documentation/safariservices/sfsafariviewcontroller) can access the system keychain). <br><br> As Edge relies on the [WebKit](https://developer.apple.com/documentation/webkit) framework for rendering web sites, Edge is unable to access the system keychain and present the user with a certificate choice. This, unfortunately, is by design due to Apple's architecture.
## Supported PowerShell modules
enterprise Microsoft 365 Client Support Conditional Access https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-client-support-conditional-access.md
Learn more about [Azure Active Directory Conditional Access](/azure/active-direc
## Supported clients & platforms The latest versions of the following clients and platforms support conditional access. For more information about platform support in Microsoft 365, see [System requirements for Microsoft 365](/microsoft-365/microsoft-365-and-office-resources).- <br> <br>
-| Clients | Android | iOS | Mac| Windows 10 <br> Modern Apps| Windows 10 <br> Desktop |
-|:|::|::|::|::|::|
-| Azure Active Directory Admin | N/A | N/A | N/A | N/A | ![Supported](../media/check-mark.png) |
-| Access | N/A | N/A | N/A | N/A | ![Supported](../media/check-mark.png) |
-| Azure Admin | N/A | N/A | N/A | N/A | N/A |
-| Company portal | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A |
-| Cortana | Planned | Planned | N/A | ![Supported](../media/check-mark.png) | N/A |
-| Delve | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | N/A |
-| Edge | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | ![Supported](../media/check-mark.png) |
-| Excel | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) |
-| Exchange Online Admin | N/A | N/A | N/A | N/A | ![Supported](../media/check-mark.png) |
-| Forms | N/A | N/A | N/A | N/A | N/A |
-| Office 365 Admin | N/A | N/A | N/A | N/A | ![Supported](../media/check-mark.png) | |
-| Kaizala | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | N/A |
-| Office Lens| ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | ![Supported](../media/check-mark.png) | N/A |
-| Office mobile | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | N/A |
-| Office portal | N/A | N/A | N/A | ![Supported](../media/check-mark.png) | N/A |
-| OneDrive | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) |
-| OneNote | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) |
-| Outlook | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) |
-| Planner | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | N/A |
-| Power Apps | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | Planned | N/A |
-| Power Automate | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | N/A |
-| Power BI | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) |
-| PowerPoint | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) |
-| Project | N/A | N/A | N/A | N/A | ![Supported](../media/check-mark.png) |
-| Publisher | N/A | N/A | N/A | N/A | ![Supported](../media/check-mark.png) |
-| Skype for Business | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | N/A ||
-| SharePoint | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | N/A |
-| SharePoint Online Admin | N/A | N/A | N/A | N/A | ![Supported](../media/check-mark.png) |
-| Sticky Notes | N/A | N/A | N/A | ![Supported](../media/check-mark.png) | N/A |
-| Stream | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | N/A |
-| Sway | N/A | N/A | N/A | ![Supported](../media/check-mark.png) | N/A |
-| Teams | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | ![Supported](../media/check-mark.png) |
-| To Do | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A |
-| Visio | N/A | ![Supported](../media/check-mark.png) | N/A | N/A | ![Supported](../media/check-mark.png) |
-| Whiteboard | Planned | ![Supported](../media/check-mark.png) | N/A | ![Supported](../media/check-mark.png) | N/A |
-| Word | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) |
-| Workplace analysis | N/A | N/A | N/A | N/A | N/A |
-| Yammer | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | ![Supported](../media/check-mark.png) |
## Supported PowerShell modules
enterprise Microsoft 365 Client Support Multi Factor Authentication https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-client-support-multi-factor-authentication.md
*This article applies to both Microsoft 365 Enterprise and Office 365 Enterprise.*
-To provide an additional level of security for sign-ins, clients may be configured to use multi-factor authentication (MFA), which uses both a user password and an additional user verification method based on:
+To provide an additional level of security for sign-ins, clients may be configured to use multi-factor authentication (MFA), which uses both a user password and another user verification method based on:
- Something in their possession that is not easily duplicated, such as a smart phone. - Something the user has uniquely and biologically, such as their fingerprints, face, or other biometric attribute
The latest versions of the following clients and platforms support multi-factor
<br> <br>
-| Clients | Android | iOS | Mac| Windows 10 <br> Modern Apps| Windows 10 <br> Desktop |
-|:|::|::|::|::|::|
-| Azure Active Directory Admin | N/A | N/A | N/A | N/A | ![Supported](../media/check-mark.png) |
-| Access | N/A | N/A | N/A | N/A | ![Supported](../media/check-mark.png) |
-| Azure Admin | N/A | N/A | N/A | N/A | N/A |
-| Company portal | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A |
-| Cortana | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | ![Supported](../media/check-mark.png) | N/A |
-| Delve | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | N/A |
-| Edge | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | ![Supported](../media/check-mark.png) |
-| Excel | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) |
-| Exchange Online Admin | N/A | N/A | N/A | N/A | ![Supported](../media/check-mark.png) |
-| Forms | N/A | N/A | N/A | N/A | N/A |
-| Office 365 Admin | N/A | N/A | N/A | N/A | ![Supported](../media/check-mark.png) | |
-| Kaizala | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | N/A |
-| Office Lens| ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | ![Supported](../media/check-mark.png) | N/A |
-| Office mobile | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | N/A |
-| Office portal | N/A | N/A | N/A | ![Supported](../media/check-mark.png) | N/A |
-| OneDrive | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) |
-| OneNote | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) |
-| Outlook | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) |
-| Planner | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | N/A |
-| Power Apps | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | ![Supported](../media/check-mark.png) | N/A |
-| Power Automate | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | N/A |
-| Power BI | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) |
-| PowerPoint | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) |
-| Project | N/A | N/A | N/A | N/A | ![Supported](../media/check-mark.png) |
-| Publisher | N/A | N/A | N/A | N/A | ![Supported](../media/check-mark.png) |
-| Skype for Business | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | ![Supported](../media/check-mark.png) |
-| Skype for Business Admin | N/A | N/A | N/A | N/A | ![Supported](../media/check-mark.png) |
-| SharePoint | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | N/A |
-| SharePoint Online Admin | N/A | N/A | N/A | N/A | ![Supported](../media/check-mark.png) |
-| Sticky Notes | N/A | N/A | N/A | ![Supported](../media/check-mark.png) | N/A |
-| Stream | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | N/A |
-| Sway | N/A | N/A | N/A | ![Supported](../media/check-mark.png) | N/A |
-| Teams | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | ![Supported](../media/check-mark.png) |
-| To Do | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A |
-| Visio | N/A | ![Supported](../media/check-mark.png) | N/A | N/A | ![Supported](../media/check-mark.png) |
-| Whiteboard | Planned | ![Supported](../media/check-mark.png) | N/A | ![Supported](../media/check-mark.png) | N/A |
-| Word | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) |
-| Workplace analysis | N/A | N/A | N/A | N/A | N/A |
-| Yammer | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | ![Supported](../media/check-mark.png) |
## Supported PowerShell modules
enterprise Microsoft 365 Client Support Single Sign On https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-client-support-single-sign-on.md
The latest versions of the following clients and platforms support single sign-o
<br> <br>
-| Clients | Android | iOS | Mac| Windows 10 <br> Modern Apps| Windows 10 <br> Desktop |
-|:|::|::|::|::|::|
-| Access | N/A | N/A | N/A | N/A | ![Supported](../media/check-mark.png) |
-| Company portal | N/A | ![Supported](../media/check-mark.png) | Planned | ![Supported](../media/check-mark.png) | N/A |
-| Cortana | N/A | N/A | N/A | ![Supported](../media/check-mark.png) | N/A |
-| Delve | Planned | ![Supported](../media/check-mark.png) | N/A | N/A | N/A |
-| Edge | ![Supported](../media/check-mark.png) | Planned | N/A | N/A | ![Supported](../media/check-mark.png) |
-| Excel | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) |
-| Kaizala | ![Supported](../media/check-mark.png) | Planned | N/A | N/A | N/A |
-| Office Lens| ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | N/A |
-| Office mobile | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | N/A |
-| Office portal | N/A | N/A | N/A | ![Supported](../media/check-mark.png) | N/A |
-| OneDrive | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | Planned | ![Supported](../media/check-mark.png) | Planned |
-| OneNote | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | Planned |
-| Outlook | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | Planned | ![Supported](../media/check-mark.png) |
-| Planner | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | N/A |
-| Power Apps | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | Planned | N/A |
-| Power Automate | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | N/A |
-| Power BI | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | ![Supported](../media/check-mark.png) | Planned |
-| PowerPoint | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) |
-| Project | N/A | N/A | N/A | N/A | ![Supported](../media/check-mark.png) |
-| Publisher | N/A | N/A | N/A | N/A | ![Supported](../media/check-mark.png) |
-| Skype for Business | Planned | Planned | N/A | N/A | N/A |
-| SharePoint | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | N/A |
-| Sticky Notes | N/A | N/A | N/A | N/A | ![Supported](../media/check-mark.png) |
-| Stream | Planned | Planned | N/A | N/A | N/A |
-| Sway | N/A | N/A | N/A | N/A | ![Supported](../media/check-mark.png) |
-| Teams | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | Planned | N/A | Planned |
-| To Do | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | ![Supported](../media/check-mark.png) | N/A |
-| Visio | N/A | ![Supported](../media/check-mark.png) | N/A | N/A | ![Supported](../media/check-mark.png) |
-| Whiteboard | N/A | ![Supported](../media/check-mark.png) | N/A | ![Supported](../media/check-mark.png) | N/A |
-| Word | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) |
-| Yammer | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | Planned |
## Supported PowerShell modules
includes Microsoft 365 Client Support Certificate Based Authentication Include https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/microsoft-365-client-support-certificate-based-authentication-include.md
<!-- This file is generated automatically. Changes made to this file will be overwritten.-->
-|Clients|Android|iOS|Mac|Windows 10 Desktop|Windows 10 Modern Apps|
+|Clients|Android|iOS|Mac|Windows 10<br>Desktop|Windows 10<br>Modern Apps|
|:-|:-|:-|:-|:-|:-| |ACCESS|N/A|N/A|N/A|Γ£ö|N/A| |AZURE ACTIVE DIRECTORY ADMIN|N/A|N/A|N/A|Γ£ö|N/A|
|EXCHANGE ADMIN|N/A|N/A|N/A|Γ£ö|N/A| |FORMS|N/A|N/A|N/A|N/A|N/A| |KAIZALA|Γ£ö|Γ£ö|N/A|N/A|N/A|
-|MICROSOFT ROOMS|N/A|N/A|N/A|N/A|N/A|
+|MICROSOFT ROOMS|Planned|Planned|N/A|N/A|N/A|
|OFFICE 365 ADMIN|Γ£ö|N/A|N/A|N/A|N/A| |OFFICE LENS|Γ£ö|Γ£ö|N/A|N/A|Γ£ö| |OFFICE MOBILE|Γ£ö|Γ£ö|N/A|N/A|N/A|
includes Microsoft 365 Client Support Conditional Access Include https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/microsoft-365-client-support-conditional-access-include.md
<!-- This file is generated automatically. Changes made to this file will be overwritten.-->
-|Clients|Android|iOS|Mac|Windows 10 Desktop|Windows 10 Modern Apps|
+|Clients|Android|iOS|Mac|Windows 10<br>Desktop|Windows 10<br>Modern Apps|
|:-|:-|:-|:-|:-|:-| |ACCESS|N/A|N/A|N/A|Planned|N/A| |AZURE ACTIVE DIRECTORY ADMIN|N/A|N/A|N/A|Planned|N/A|
|EXCHANGE ADMIN|N/A|N/A|N/A|Γ£ö|N/A| |FORMS|N/A|N/A|N/A|N/A|N/A| |KAIZALA|Planned|Planned|N/A|N/A|N/A|
+|MICROSOFT ROOMS|Planned|Planned|N/A|N/A|N/A|
|OFFICE 365 ADMIN|Planned|N/A|N/A|N/A|N/A| |OFFICE LENS|Planned|Planned|N/A|N/A|N/A| |OFFICE MOBILE|Planned|Planned|N/A|N/A|N/A|
includes Microsoft 365 Client Support Modern Authentication Include https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/microsoft-365-client-support-modern-authentication-include.md
<!-- This file is generated automatically. Changes made to this file will be overwritten.-->
-|Clients|Android|iOS|Mac|Windows 10 Desktop|Windows 10 Modern Apps|
+|Clients|Android|iOS|Mac|Windows 10<br>Desktop|Windows 10<br>Modern Apps|
|:-|:-|:-|:-|:-|:-| |ACCESS|N/A|N/A|N/A|Γ£ö|N/A| |AZURE ACTIVE DIRECTORY ADMIN|N/A|N/A|N/A|Γ£ö|N/A|
|EXCHANGE ADMIN|N/A|N/A|N/A|Γ£ö|N/A| |FORMS|N/A|N/A|N/A|N/A|N/A| |KAIZALA|Γ£ö|Γ£ö|N/A|N/A|N/A|
+|MICROSOFT ROOMS|Planned|Planned|N/A|N/A|N/A|
|OFFICE 365 ADMIN|Γ£ö|N/A|N/A|N/A|N/A| |OFFICE LENS|Γ£ö|Γ£ö|N/A|N/A|Γ£ö| |OFFICE MOBILE|Γ£ö|Γ£ö|N/A|N/A|N/A|
includes Microsoft 365 Client Support Single Sign On Include https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/microsoft-365-client-support-single-sign-on-include.md
<!-- This file is generated automatically. Changes made to this file will be overwritten.-->
-|Clients|Android|iOS|Mac|Windows 10 Desktop|Windows 10 Modern Apps|
+|Clients|Android|iOS|Mac|Windows 10<br>Desktop|Windows 10<br>Modern Apps|
|:-|:-|:-|:-|:-|:-| |ACCESS|N/A|N/A|N/A|Γ£ö|N/A| |COMPANY PORTAL|N/A|Γ£ö|Planned|N/A|Γ£ö|
|EDGE|Γ£ö|Planned|N/A|Γ£ö|N/A| |EXCEL|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |KAIZALA|Γ£ö|Planned|N/A|N/A|N/A|
+|MICROSOFT ROOMS|Planned|Planned|N/A|N/A|N/A|
|OFFICE LENS|Γ£ö|Γ£ö|N/A|N/A|N/A| |OFFICE MOBILE|Γ£ö|Γ£ö|N/A|N/A|N/A| |OFFICE.COM|N/A|N/A|N/A|N/A|Γ£ö|
security Api Create App Web https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/api-create-app-web.md
appSecret = '' # Paste your own app secret here to test, then store it in a safe
url = "https://login.windows.net/%s/oauth2/token" % (tenantId)
-resourceAppIdUri = 'https://api.securitycenter.windows.com'
+resourceAppIdUri = 'https://api.security.microsoft.com'
body = { 'resource' : resourceAppIdUri,
aadToken = jsonResponse["access_token"]
1. Run the following command: ```bash
- curl -i -X POST -H "Content-Type:application/x-www-form-urlencoded" -d "grant_type=client_credentials" -d "client_id=%CLIENT_ID%" -d "scope=https://securitycenter.onmicrosoft.com/windowsatpservice/.default" -d "client_secret=%CLIENT_SECRET%" "https://login.microsoftonline.com/%TENANT_ID%/oauth2/v2.0/token" -k
+ curl -i -X POST -H "Content-Type:application/x-www-form-urlencoded" -d "grant_type=client_credentials" -d "client_id=%CLIENT_ID%" -d "scope=https://api.security.microsoft.com/.default" -d "client_secret=%CLIENT_SECRET%" "https://login.microsoftonline.com/%TENANT_ID%/oauth2/v2.0/token" -k
``` A successful response will look like this:
security Office 365 Evaluation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/office-365-evaluation.md
You'll have a 30-day window with the evaluation to monitor and report on advance
### Roles
-Exchange Online roles are required to set up Defender for Office 365 in evaluation mode.
+**Exchange Online roles are required** to set up Defender for Office 365 in evaluation mode. Assigning a Microsoft 365 compliance or security admin role won't work.
- [Learn about permissions in Exchange Online](/exchange/permissions-exo/permissions-exo) - [Learn about assigning admin roles](../../admin/add-users/assign-admin-roles.md) The following roles are needed:
-|Task|Role|
+|Task|Role (in Exchange Online)|
||| |Get a free trial or buy Microsoft Defender for Office 365 (Plan 2)|Billing admin role OR Global admin role| |Create evaluation policy|Remote and Accepted Domains role; Security admin role|
The following roles are needed:
|View evaluation report|Security admin role OR Security reader role| | - ### Enhanced filtering Your Exchange Online Protection policies, such as bulk and spam protection, will remain the same. However, the evaluation turns on enhanced filtering for connectors, which may impact your mail flow and Exchange Online Protection policies unless bypassed.
solutions Cloud Architecture Models https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/cloud-architecture-models.md
This series of topics illustrates several architecture approaches for mergers, a
|**Item**|**Description**| |:--|:--|
-|[![Thumb image for Teams logical architecture poster](../media/solutions-architecture-center/msft-tenant-to-tenant-migration-thumb.png)](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/downloads/Microsoft-365-tenant-to-tenant-migration.pdf) <br/> [PDF](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/downloads/Microsoft-365-tenant-to-tenant-migration.pdf) \| [Visio](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/downloads/Microsoft-365-tenant-to-tenant-migration.vsdx) <br>Updated October 2020 |This model contains: <ul><li>A mapping of business scenarios to architecture approaches</li><li>Design considerations</li><li>Single event migration flow example</li><li>Phased migration flow example</li><li>Tenant move or split flow example</li></ul>|
+|[![Thumb image for Teams logical architecture poster](../media/solutions-architecture-center/msft-tenant-to-tenant-migration-thumb.png)](https://download.microsoft.com/download/b/a/1/ba19dfe7-96e2-4983-8783-4dcff9cebe7b/microsoft-365-tenant-to-tenant-migration.pdf) <br/> [PDF](https://download.microsoft.com/download/b/a/1/ba19dfe7-96e2-4983-8783-4dcff9cebe7b/microsoft-365-tenant-to-tenant-migration.pdf) \| [Visio](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/downloads/Microsoft-365-tenant-to-tenant-migration.vsdx) <br>Updated October 2020 |This model contains: <ul><li>A mapping of business scenarios to architecture approaches</li><li>Design considerations</li><li>Single event migration flow example</li><li>Phased migration flow example</li><li>Tenant move or split flow example</li></ul>|
<a name="security"></a> ### Microsoft cloud security for enterprise architects
solutions Deploy Threat Protection Configure https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/deploy-threat-protection-configure.md
Microsoft 365 Defender unifies alerts, incidents, automated investigation and re
|Configuration, protection, and detection capabilities|Automation, investigation, remediation, and education capabilities| |||
-|[Safe Attachments](../security/office-365-security/atp-safe-attachments.md)<br/>[Safe Links](../security/office-365-security/atp-safe-links.md)<br/>[Safe Documents](../security/office-365-security/safe-docs.md)<br/>[ATP for SharePoint, OneDrive, and Microsoft Teams](../security/office-365-security/atp-for-spo-odb-and-teams.md)<br/>[Anti-phishing in Defender for Office 365 protection](../security/office-365-security/set-up-anti-phishing-policies.md#exclusive-settings-in-atp-anti-phishing-policies)|[Threat Trackers](../security/office-365-security/threat-trackers.md)<br/>[Threat Explorer](../security/office-365-security/threat-explorer.md)<br/>[Automated investigation and response](../security/office-365-security/office-365-air.md)<br/>[Attack Simulator](../security/office-365-security/attack-simulator.md)|
+|[Safe Attachments](../security/office-365-security/atp-safe-attachments.md)<br/>[Safe Links](../security/office-365-security/atp-safe-links.md)<br/>[Safe Documents](../security/office-365-security/safe-docs.md)<br/>[ATP for SharePoint, OneDrive, and Microsoft Teams](../security/office-365-security/atp-for-spo-odb-and-teams.md)<br/>[Anti-phishing in Defender for Office 365 protection](../security/office-365-security/set-up-anti-phishing-policies.md#exclusive-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365)|[Threat Trackers](../security/office-365-security/threat-trackers.md)<br/>[Threat Explorer](../security/office-365-security/threat-explorer.md)<br/>[Automated investigation and response](../security/office-365-security/office-365-air.md)<br/>[Attack Simulator](../security/office-365-security/attack-simulator.md)|
| With Microsoft Defender for Office 365, people across your organization can communicate and collaborate more securely, with threat protection for their email content and Office documents.
With Microsoft Defender for Office 365, people across your organization can comm
![Process for deploying Microsoft Defender for Endpoint](../mediatp-steps.png)
-1. [Prepare your Microsoft Defender for Endpoint deployment](/windows/security/threat-protection/microsoft-defender-atp/deployment-phases).
-2. [Set up your Microsoft Defender for Endpoint deployment](/windows/security/threat-protection/micros.oft-defender-atp/production-deployment)
+1. [Prepare your environment for Microsoft Defender for Endpoint deployment](/windows/security/threat-protection/microsoft-defender-atp/deployment-phases).
+2. [Set up your Microsoft Defender for Endpoint deployment](/windows/security/threat-protection/micros.oft-defender-atp/production-deployment).
3. [Onboard to the Microsoft Defender for Endpoint service](/windows/security/threat-protection/microsoft-defender-atp/onboarding). 4. [Complete your top security administrative tasks](/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation).
With Microsoft Defender for Office 365, people across your organization can comm
1. [Set up the portal and other basic requirements](/cloud-app-security/general-setup). 2. [Set up cloud discovery](/cloud-app-security/set-up-cloud-discovery) and [connect apps](/cloud-app-security/enable-instant-visibility-protection-and-governance-actions-for-your-apps).
-3. [Deploy Conditional Access app control for featured apps](/cloud-app-security/proxy-deployment-aad).
+3. [Deploy Conditional Access App Control for featured apps](/cloud-app-security/proxy-deployment-aad).
4. [Use the investigation tools and dashboards](/cloud-app-security/investigate). ### More information about Microsoft Cloud App Security
solutions Deploy Threat Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/deploy-threat-protection.md
Watch this video for an overview of the deployment process.
<br><br> > [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4vsI7]
->[!Note]
->This video uses the previous names of threat protection products and features, but the concepts are the same. An update to this video is in progress.
->
- Use this article as a guide for implementing your threat protection solution. ## Threat protection in Microsoft 365 E5