+ Title: "Step 1 - Prevent a former employee from logging in and block access to Microsoft 365 services"

+# Step 6 - Remove and delete the Microsoft 365 license from a former employee

+> [!NOTE]

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. This offering provides additional security features for devices. [Learn more about Defender for Business](../../security/defender-business/mdb-overview.md).

+[Top 10 ways to secure Microsoft 365 for business plans](../security-and-compliance/secure-your-business-data.md)

+> [!NOTE]

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. This offering provides additional security features for devices. [Learn more about Defender for Business](../../security/defender-business/mdb-overview.md).

+## See also

+[Top 10 ways to secure Microsoft 365 for business plans](../security-and-compliance/secure-your-business-data.md)

+> [!NOTE]

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. This offering provides additional security features for devices. [Learn more about Defender for Business](../../security/defender-business/mdb-overview.md).

+## See also

+[Top 10 ways to secure Microsoft 365 for business plans](../security-and-compliance/secure-your-business-data.md)

+- Microsoft Defender for Business (included in Microsoft 365 Business Premium; also available as a standalone plan)

+- **Microsoft 365 Business Premium** includes Intune and Azure Active Directory Premium P1, Microsoft Defender for Office 365 Plan 1, and Microsoft Defender for Business.

+ Microsoft 365 Business Premium offers a set of policy templates for securing your devices and app data. It offers a good level of security and threat protection for most businesses under 300 users. For more information, see [Microsoft 365 Business Premium Overview](../../business-premium/index.md) and [Overview of Microsoft Defender for Business](../../security/defender-business/mdb-overview.md).

+ Microsoft 365 E5 offers the highest level of security and threat protection of all the Microsoft 365 subscriptions. For more information, see [Microsoft 365 for enterprise overview](../../enterprise/microsoft-365-overview.md).

+## See also

+[Top 10 ways to secure Microsoft 365 for business plans](../security-and-compliance/secure-your-business-data.md)

+> [!NOTE]

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. This offering provides additional security features for devices. [Learn more about Defender for Business](../../security/defender-business/mdb-overview.md).

+## See also

+[Top 10 ways to secure Microsoft 365 for business plans](../security-and-compliance/secure-your-business-data.md)

+> [!NOTE]

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. This offering provides additional security features for devices. [Learn more about Defender for Business](../../security/defender-business/mdb-overview.md).

+## See also

+[Top 10 ways to secure Microsoft 365 for business plans](../security-and-compliance/secure-your-business-data.md)

+> [!NOTE]

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. This offering provides additional security features for devices. [Learn more about Defender for Business](../../security/defender-business/mdb-overview.md).

+## See also

+[Top 10 ways to secure Microsoft 365 for business plans](../security-and-compliance/secure-your-business-data.md)

+> [!NOTE]

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. This offering provides additional security features for devices. [Learn more about Defender for Business](../../security/defender-business/mdb-overview.md).

+## See also

+[Top 10 ways to secure Microsoft 365 for business plans](../security-and-compliance/secure-your-business-data.md)

+> [!NOTE]

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. This offering provides additional security features for devices. [Learn more about Defender for Business](../../security/defender-business/mdb-overview.md).

+12. Finally, choose **Add** to save the policy, and assign it to devices.

+## See also

+[Top 10 ways to secure Microsoft 365 for business plans](../security-and-compliance/secure-your-business-data.md)

+> [!NOTE]

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. This offering provides additional security features for devices. [Learn more about Defender for Business](../../security/defender-business/mdb-overview.md).

+|Help protect files and folders on PCs from unauthorized access with BitLocker <br/> |BitLocker protects data by encrypting the computer hard drives and protect against data exposure if a computer is lost or stolen. For more information, see [BitLocker FAQ](/windows/security/information-protection/BitLocker/BitLocker-frequently-asked-questions). <br/> |

+|Turn off device screen when idle for this amount of time <br/> |Makes sure that company data is protected if a user is idle. A user may be working in a public location, like a coffee shop, and step away or be distracted for just a moment, leaving their device vulnerable to random glances. This setting lets you control how long the user can be idle before the screen shuts off. <br/> |

+## See also

+[Top 10 ways to secure Microsoft 365 for business plans](../security-and-compliance/secure-your-business-data.md)

+> [!NOTE]

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. This offering provides additional security features for devices. [Learn more about Defender for Business](../../security/defender-business/mdb-overview.md).

+## See also

+[Top 10 ways to secure Microsoft 365 for business plans](../security-and-compliance/secure-your-business-data.md)

+> [!NOTE]

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. This offering provides additional security features for devices. [Learn more about Defender for Business](../../security/defender-business/mdb-overview.md).

+## See also

+[Top 10 ways to secure Microsoft 365 for business plans](../security-and-compliance/secure-your-business-data.md)

+> [!NOTE]

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. This offering provides additional security features for devices. [Learn more about Defender for Business](../../security/defender-business/mdb-overview.md).

+ 

+ 

+ 

+ 

+## See also

+[Top 10 ways to secure Microsoft 365 for business plans](../security-and-compliance/secure-your-business-data.md)

+> [!NOTE]

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. This offering provides additional security features for devices. [Learn more about Defender for Business](../../security/defender-business/mdb-overview.md).

+After you [set up device policies](protection-settings-for-windows-10-pcs.md), it may take up to a few hours for the policy to take effect on users' devices. You can confirm that the policies took effect by looking at various Windows Settings screens on the users' devices. Because the users won't be able to modify the Windows Update and Microsoft Defender Antivirus settings on their Windows 10 devices, many options will be grayed out.

+[Top 10 ways to secure Microsoft 365 for business plans](../security-and-compliance/secure-your-business-data.md)

+> [!NOTE]

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. This offering provides additional security features for devices. [Learn more about Defender for Business](../../security/defender-business/mdb-overview.md).

+## See also

+[Top 10 ways to secure Microsoft 365 for business plans](../security-and-compliance/secure-your-business-data.md)

+> [!NOTE]

+> If you're using Microsoft 365 for Government - GCC, Microsoft 365 for Government - GCC High and Office 365 Government - DoD, you won't be able to provide feedback on a post.

+We understand that when you use Microsoft products and services, youΓÇÖre entrusting us with one of your most valuable assets: your data. We make sure the feedback we receive is stored and handled under Microsoft governance rules, and that it can only be accessed for approved uses. We donΓÇÖt use your email, chat, files, or other personal content to target ads to you. When we collect data, we use it to make your experiences better. Thank you for being a part of our community!

+Microsoft cloud-only accounts have a pre-defined password policy that cannot be changed. The only items you can change are the number of days until a password expires and whether or not passwords expire at all.

+> [!NOTE]

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. This offering provides additional security features for devices. [Learn more about Defender for Business](../../security/defender-business/mdb-overview.md).

+

+> [!NOTE]

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. This offering provides additional security features for devices. [Learn more about Defender for Business](../../security/defender-business/mdb-overview.md).

+- If you have existing Office applications on user computers, read [prepare for Office client installation](../misc/prepare-for-office-client-deployment.md) to understand steps you might need to take before you can set up Microsoft 365 for business to install Office 2016 on user computers.

+## See also

+[Top 10 ways to secure Microsoft 365 for business plans](secure-your-business-data.md)

+If you have a file that you think was missed or wrongly classified as malware, you can submit that file to Microsoft for malware analysis. Users and IT admins can submit a file for analysis. Visit [https://www.microsoft.com/wdsi/filesubmission](https://www.microsoft.com/wdsi/filesubmission).

+## See also

+[Top 10 ways to secure Microsoft 365 for business plans](secure-your-business-data.md)

+[Overview of Microsoft Defender for Business](../../security/defender-business/mdb-overview.md) (Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022)

+ Title: Top 10 ways to secure Microsoft 365 for business plans

+description: "Protect your business email and data from cyberthreats, including ransomware, phishing, and malicious attachments."

+If you are a small or medium-size organization using one of Microsoft's business plans, you can use the guidance in this article to increase the security of your organization. This guidance helps your organization achieve the goals described in the Harvard Kennedy School [Cybersecurity Campaign Handbook](https://go.microsoft.com/fwlink/p/?linkid=2015598).

+> If you need help with the steps in this article, consider [working with a Microsoft small business specialist](https://go.microsoft.com/fwlink/?linkid=2186871). With Business Assist, you and your employees get around-the-clock access to small business specialists as you grow your business, from onboarding to everyday use.

+## Security tasks to complete

+| 1 | [Protect against lost or stolen passwords](#1-set-up-multi-factor-authentication) |  |  |

+| 2 | [Train your users](#2-train-your-users) |  |  |

+| 3 | [Use dedicated admin accounts](#3-use-dedicated-admin-accounts)| |  |

+| 4 | [Protect against malware](#4-protect-against-malware) |  <br/>(protection for email) |  <br/>(increased protection for email and devices) |

+| 5 | [Protect against ransomware](#5-protect-against-ransomware) |  <br/>(protection for email and cloud storage) |  <br/>(increased protection for devices, email, and cloud storage) |

+| 6 | [Stop auto-forwarding for email](#6-stop-auto-forwarding-for-email) |  |  |

+| 7 | [Use encryption](#7-use-office-message-encryption) |  |  |

+| 8 | [Protect your email from phishing attacks](#8-protect-your-email-from-phishing-attacks) |  <br/>(antiphishing protection) |  <br/>(advanced antiphishing protection) |

+| 9 | [Protect against malicious attachments, files, and URLs in email and Office files](#9-protect-against-malicious-attachments-files-and-urls) | |  <br/>(Safe Links and Safe Attachments) |

+| 10 | [Increase protection for your organization's devices](#10-increase-protection-for-your-organizations-devices) | |  <br/>(enterprise-grade device protection) |

+If you have Microsoft Business Premium, the quickest way to setup security and begin collaborating safely is to follow the guidance in this library: [Microsoft 365 Business Premium](../../business-premium/index.md). This guidance was developed in partnership with the Microsoft Defending Democracy team to protect all small business customers against cyberthreats that are launched by sophisticated hackers.

+Protect against lost or stolen passwords by using multifactor authentication (MFA). When multifactor authentication is set up, it requires people to use a code on their phone to sign into Microsoft 365. This extra step can prevent hackers from taking over if they know your password.

+Multifactor authentication is also called 2-step verification. Individuals can add 2-step verification to most accounts easily, for example, to their Google or Microsoft accounts. Here's how to [add two-step verification to your personal Microsoft account](https://go.microsoft.com/fwlink/p/?linkid=2016403).

+### To set up multi-factor authentication, you turn on security defaults

+For most organizations, security defaults offer a good level of added sign-in security. For more information, see [What are security defaults?](/azure/active-directory/fundamentals/concept-fundamentals-security-defaults)

+If your subscription is new, security defaults might already be turned on for you automatically.

+> [!TIP]

+> For more details and recommendations, see [Set up multi-factor authentication for users](set-up-multi-factor-authentication.md).

+The administrative accounts you use to administer your Microsoft 365 environment include elevated privileges. These are valuable targets for hackers and cyberattackers. Use admin accounts only for administration. Admins should have a separate user account for regular, non-administrative use and only use their administrative account when necessary to complete a task associated with their job function. Additional recommendations:

+## 4: Protect against malware

+Your Microsoft 365 environment includes protection against malware. You can increase your malware protection by:

+- Blocking attachments with certain file types

+- Using antivirus/antimalware protection on your devices

+### Block attachments with certain file types

+You can increase your malware protection by blocking attachments with file types that are commonly used for malware. To bump up malware protection in email, view a [short training video](increase-threat-protection.md#raise-the-level-of-protection-against-malware-in-mail), or complete the following steps:

+For more information, see [Antimalware protection in EOP](../../security/office-365-security/anti-malware-protection.md).

+### Use antivirus and antimalware protection

+Microsoft Defender Antivirus provides strong antivirus and antimalware protection, and is built into the Windows operating system.

+If your organization is using Microsoft 365 Business Premium, you get additional device protection that includes:

+- Next-generation protection

+- Firewall protection

+- Web content filtering

+These capabilities are included in Microsoft Defender for Business, an offering that will begin rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022.

+[Learn more about Microsoft Defender for Business](../../security/defender-business/mdb-overview.md).

+You get ransomware protection for email hosted in Microsoft 365 and for files that are stored in OneDrive. If you have Microsoft 365 Business Premium, you get additional ransomware protection for your organization's devices.

+> You can also add the files you want to block to the anti-malware list in [Step 4: Protect against malware](#4-protect-against-malware).

+- [Better together: Microsoft Defender Antivirus and Office 365](../../security/defender-endpoint/office-365-microsoft-defender-antivirus.md)

+> [!TIP]

+> For more information, see [Send, view, and reply to encrypted messages in Outlook for PC](https://support.microsoft.com/office/eaa43495-9bbb-4fca-922a-df90dee51980).

+> [!TIP]

+> For more information, see [Set up anti-phishing policies in Defender for Office 365](../../security/office-365-security/configure-atp-anti-phishing-policies.md).

+## 9: Protect against malicious attachments, files, and URLs

+### Set up Safe Attachments

+To create a Safe Attachments policy, view a [short training video](increase-threat-protection.md), or complete the following steps:

+> [!TIP]

+> For more information, see [Set up anti-phishing policies in Defender for Office 365](../../security/office-365-security/configure-atp-anti-phishing-policies.md).

+### Set up Safe Links

+> [!TIP]

+> For more information, see [Safe Links in Microsoft Defender for Office 365](../../security/office-365-security/atp-safe-links.md).

+## 10: Increase protection for your organization's devices

+Microsoft Defender Antivirus is built into the Windows operating system and provides good protection against viruses and malware. However, you can increase protection for your organization's devices by onboarding them to Microsoft Defender for Business, a new offering for small and medium-sized businesses like yours. With Defender for Business, your organization's devices are better protected from ransomware, malware, phishing, and other threats.

+**Beginning March 1, 2022, [Microsoft Defender for Business](../../security/defender-business/index.yml) capabilities are being added to Microsoft 365 Business Premium**.

+To learn more, see the following resources:

+- [Overview of Microsoft Defender for Business](../../security/defender-business/mdb-overview.md)

+- [Set up and configure Microsoft Defender for Business](../../security/defender-business/mdb-setup-configuration.md)

+- [Get started using the Microsoft 365 Defender portal](../../security/defender-business/mdb-get-started.md)

+[Microsoft 365 Reports in the admin center](../activity-reports/activity-reports.md) (video)

+[Secure Windows devices](/misc/m365bp-secure-windows-devices) (article)\

+[How to submit malware and non-malware to Microsoft for analysis](/microsoft-365/security/office-365-security/submitting-malware-and-non-malware-to-microsoft-for-analysis) (article)

+> [!NOTE]

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. This offering provides additional security features for devices. [Learn more about Defender for Business](../../security/defender-business/mdb-overview.md).

+- Go to the admin center at <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">https://admin.microsoft.com</a> and select **Endpoint Managemen**t (select **Show all** if **Endpoint Manager** is not visible)

+[Tutorial: Configure hybrid Azure Active Directory join for managed domains](/azure/active-directory/devices/hybrid-azuread-join-managed-domains) (article)

+[Top 10 ways to secure Microsoft 365 for business plans](../security-and-compliance/secure-your-business-data.md)

+- **If you have more than 50 employees**, the [FastTrack Onboarding Center](https://go.microsoft.com/fwlink/?LinkId=517115) is available to help you with your deployment.

+## See also

+[Top 10 ways to secure Microsoft 365 for business plans](../security-and-compliance/secure-your-business-data.md)

+4. On the **Secure your Windows 10 computers** pane, select the options you want to turn on.

+To set up your mobile devices, see [Set up mobile devices for Microsoft 365 Business Premium users](set-up-mobile-devices.md),

+To increase protection, see [Top 10 ways to secure Microsoft 365 for business plans](../security-and-compliance/secure-your-business-data.md).

+

+<!--## Buffer time and appointment timing

+-->

+- [Try or buy Microsoft 365 Business Premium on your own](#get-microsoft-365-business-premium-on-your-own)

+|Email | Use multi-factor authentication, advanced anti-phishing, Safe Links and Safe Attachments, and encrypted email for sensitive information.| [Set up multi-factor authentication](m365-campaigns-multifactor-authentication.md) <br/><br/>[Protect against phishing attacks](m365-campaigns-phishing-and-attacks.md)<br/><br/>[Encrypt or label your sensitive email](send-encrypted-email.md) |

+|iPhones and Android devices |Use multi-factor authentication, set up Microsoft mobile apps, and require a PIN | [Set up multi-factor authentication](m365-campaigns-multifactor-authentication.md)<br/><br/>[Set up mobile devices](../business/set-up-mobile-devices.md?toc=/microsoft-365/campaigns/toc.json)|

+|Bring-your-own-devices (BYOD) for Mac and Windows PCs |Keep Office up to date, keep operating systems updated, and enable security features. | [Protect unmanaged Windows and Mac devices](m365bp-protect-pcs-macs.md) |

+|Managed Windows devices |Use managed devices for key staff and secure these devices. | [Set up managed devices](../business/set-up-windows-devices.md?toc=/microsoft-365/campaigns/toc.json) |

+- Protect your work files on all of your iOS, Android, and Windows devices with enterprise-grade security that is simple to manage.

+- Help for users to set up devices for secure access.

+- For small and medium-sized businesses: [Get Microsoft 365 Business Premium](get-microsoft-365-business-premium.md)

+ Title: "Turn on security defaults for Microsoft 365 Business Premium"

+f1.keywords:

+- NOCSH

+audience: Admin

+ms.localizationpriority: medium

+- Adm_O365

+- M365-subscription-management

+- M365-identity-device-management

+- M365-Campaigns

+- m365solution-smb

+- Adm_O365

+- MiniMaven

+- MSB365

+search.appverid:

+- BCS160

+- MET150

+- MOE150

+description: "Learn how security defaults can help protect your organization from identity-related attacks by providing preconfigured security settings for Microsoft 365 Business Premium."

+# Turn on security defaults for Microsoft 365 Business Premium

+Security defaults help protect your organization from identity-related attacks by providing preconfigured security settings that Microsoft manages on behalf of your organization. These settings include enabling multi-factor authentication (MFA) for all admins and user accounts. For most organizations, security defaults offer a good level of additional sign-in security.

+For more information about security defaults and the policies they enforce, see [What are security defaults?](/azure/active-directory/fundamentals/concept-fundamentals-security-defaults)

+If your subscription was created on or after October 22, 2019, security defaults might have been automatically enabled for you&mdash;you should check your settings to confirm.

+To enable security defaults in your Azure Active Directory (Azure AD) or to check to see if they're already enabled:

+1. Sign in to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a> with security administrator, Conditional Access administrator, or Global admin credentials.

+2. In the left pane, select **Show All,** and then under **Admin centers**, select **Azure Active Directory**.

+3. In the left pane of the **Azure Active Directory admin center,** select **Azure Active Directory**.

+4. From the left menu of the Dashboard, in the **Manage** section, select **Properties**.

+ :::image type="content" source="../media/m365-campaigns-conditional-access/azure-ad-properties.png" alt-text="Screenshot of the Azure Active Directory admin center showing the location of the Properties menu item.":::

+5. At the bottom of the **Properties** page, select **Manage Security defaults**.

+6. In the right pane, you'll see the **Enable Security defaults** setting. If **Yes** is selected, then security defaults are already enabled and no further action is required. If security defaults are not currently enabled, then select **Yes** to enable them, and then select **Save**.

+> [!NOTE]

+> If you've been using Conditional Access policies, you'll need to turn them off before using security defaults.

+>

+> You can use either security defaults or Conditional Access policies, but you can't use both at the same time.

+## Consider using Conditional Access

+If your organization has complex security requirements or you need more granular control over your security policies, then you should consider using Conditional Access instead of security defaults to achieve a similar or higher security posture.

+Conditional Access lets you create and define policies that react to sign-in events and request additional actions before a user is granted access to an application or service. Conditional Access policies can be granular and specific, empowering users to be productive wherever and whenever, but also protecting your organization.

+Security defaults are available to all customers, while Conditional Access requires a license for one of the following plans:

+- Azure Active Directory Premium P1 or P2

+- Microsoft 365 Business Premium

+- Microsoft 365 E3 or E5

+- Enterprise Mobility & Security E3 or E5

+If you want to use Conditional Access to configure policies equivalent to those enabled by security defaults, check out the following step-by-step guides:

+- [Require MFA for administrators](/azure/active-directory/conditional-access/howto-conditional-access-policy-admin-mfa)

+- [Require MFA for Azure management](/azure/active-directory/conditional-access/howto-conditional-access-policy-azure-management)

+- [Block legacy authentication](/azure/active-directory/conditional-access/howto-conditional-access-policy-block-legacy)

+- [Require MFA for all users](/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa)

+- [Require Azure AD MFA registration](/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy) - Requires Azure AD Identity Protection, which is part of Azure Active Directory Premium P2

+To learn more about Conditional Access, see [What is Conditional Access?](/azure/active-directory/conditional-access/overview) For more information about creating Conditional Access policies, see [Create a Conditional Access policy](/azure/active-directory/authentication/tutorial-enable-azure-mfa#create-a-conditional-access-policy).

+> [!NOTE]

+> If you have a plan or license that provides Conditional Access but haven't yet created any Conditional Access policies, you're welcome to use security defaults. However, you'll need to turn off security defaults before you can use Conditional Access policies.

+ Title: "Increase threat protection for Microsoft 365 Business Premium"

+f1.keywords:

+- NOCSH

+audience: Admin

+ms.localizationpriority: medium

+- Adm_O365

+- M365-subscription-management

+- M365-Campaigns

+- m365solution-smb

+- Adm_O365

+- MiniMaven

+- MSB365

+- admindeeplinkMAC

+- admindeeplinkEXCHANGE

+- admindeeplinkSPO

+search.appverid:

+- BCS160

+- MET150

+description: "Get help with increasing the level of protection in Microsoft 365 Business Premium"

+# Increase threat protection for Microsoft 365 Business Premium

+This article helps you increase the protection in your Microsoft 365 subscription to protect against phishing, malware, and other threats. These recommendations are appropriate for organizations with an increased need for security, like political campaigns, law offices, and health care clinics.

+Before you begin, check your Microsoft Secure Score. Microsoft Secure Score analyzes your organization's security based on your regular activities and security settings and assigns a score. Begin by taking note of your current score. Taking the actions recommended in this article increases your score. The goal isn't to achieve the max score, but to be aware of opportunities to protect your environment that don't negatively affect productivity for your users.

+For more information, see [Microsoft Secure Score](../security/defender/microsoft-secure-score.md).

+## Raise the level of protection against malware in mail

+Your Office 365 or Microsoft 365 environment includes protection against malware, but you can increase this protection by blocking attachments with file types that are commonly used for malware. To bump up malware protection in email:

+1. Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077143" target="_blank">Office 365 Security & Compliance Center</a> and sign in with your admin account credentials.

+2. In the left navigation pane, under **Threat management**, choose **Policy** \> **Anti-Malware**.

+3. Double-click the default policy to edit this company-wide policy.

+4. Click **Settings**.

+5. Under **Common Attachment Types Filter**, select **On**. The file types that are blocked are listed in the window directly below this control. Make sure you add these filetypes:

+ `ade, adp, ani, bas, bat, chm, cmd, com, cpl, crt, hlp, ht, hta, inf, ins, isp, job, js, jse, lnk, mda, mdb, mde, mdz, msc, msi, msp, mst, pcd, reg, scr, sct, shs, url, vb, vbe, vbs, wsc, wsf, wsh, exe, pif`

+ You can add or delete file types later, if needed.

+6. Click **Save.**

+For more information, see [Anti-malware protection in EOP](../security/office-365-security/anti-malware-protection.md).

+## Protect against ransomware

+Ransomware restricts access to data by encrypting files or locking computer screens. It then attempts to extort money from victims by asking for "ransom," usually in the form of cryptocurrencies like Bitcoin, in exchange for access to data.

+You can protect against ransomware by creating one or more mail flow rules to block file extensions that are commonly used for ransomware (these were added in the [raise the level of protection against malware in mail](#raise-the-level-of-protection-against-malware-in-mail) step), or to warn users who receive these attachments in email.

+In addition to the files that you blocked in the previous step, it's also good practice to create a rule to warn users before opening Office file attachments that include macros. Ransomware can be hidden inside macros, so warn users to not open these files from people they don't know.

+To create a mail transport rule:

+1. Go to the admin center at <https://admin.microsoft.com> and choose **Admin centers** \> **Exchange**.

+2. In the **mail flow** category, click **rules**.

+3. Click **+**, and then click **Create a new rule**.

+4. Click **More options** at the bottom of the dialog box to see the full set of options.

+5. Apply the settings in the following table for the rule. Leave the rest of the settings at the default, unless you want to change them.

+6. Click **Save**.

+|Setting|Warn users before opening attachments of Office files|

+|||

+|Name|Anti-ransomware rule: warn users|

+|Apply this rule if . . .|Any attachment . . . file extension matches . . .|

+|Specify words or phrases|Add these file types: <br/> `dotm, docm, xlsm, sltm, xla, xlam, xll, pptm, potm, ppam, ppsm, sldm`|

+|Do the following . . .|Notify the recipient with a message|

+|Provide message text|Do not open these types of files from people you do not know because they might contain macros with malicious code.|

+For more information, see:

+- [Ransomware: how to reduce risk](https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare-critical-services-heres-how-to-reduce-risk/)

+- [Restore your OneDrive](https://support.microsoft.com//office/fa231298-759d-41cf-bcd0-25ac53eb8a15)

+## Stop auto-forwarding for email

+Hackers who gain access to a user's mailbox can steal your mail by setting the mailbox to automatically forward email. This can happen even without the user's awareness. You can prevent this from happening by configuring a mail flow rule.

+To create a mail transport rule, either watch [this short video](https://support.office.com/article/f9d693ba-5c78-47c0-b156-8e461e062aa7) or follow these steps:

+1. In the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>, click **Admin centers** \> **Exchange**.

+2. In the **mail flow** category, click **rules**.

+3. Click **+**, and then click **Create a new rule**.

+4. Click **More options** at the bottom of the dialog box to see the full set of options.

+5. Apply the settings in the following table. Leave the rest of the settings at the default, unless you want to change them.

+6. Click **Save**.

+|Setting|Warn users before opening attachments of Office files|

+|||

+|Name|Prevent auto forwarding of email to external domains|

+|Apply this rule if ...|The sender . . . is external/internal . . . Inside the organization|

+|Add condition|The message properties . . . include the message type . . . Auto-forward|

+|Do the following ...|Block the message . . . reject the message and include an explanation.|

+|Provide message text|Auto-forwarding email outside this organization is prevented for security reasons.|

+## Protect your email from phishing attacks

+If you've configured one or more custom domains for your Office 365 or Microsoft 365 environment, you can configure targeted anti-phishing protection. Anti-phishing protection, part of Microsoft Defender for Office 365, can help protect your organization from malicious impersonation-based phishing attacks and other phishing attacks. If you haven't configured a custom domain, you don't need to do this.

+We recommend that you get started with this protection by creating a policy to protect your most important users and your custom domain.

+To create an anti-phishing policy in Defender for Office 365, watch [this short training video](https://support.office.com/article/86c425e1-1686-430a-9151-f7176cce4f2c), or complete the following steps:

+1. Go to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077143" target="_blank">Office 365 Security & Compliance Center</a>.

+2. In the left navigation pane, under **Threat management**, choose **Policy**.

+3. On the **Policy** page, choose **Anti-phishing**.

+4. On the **Anti-phishing** page, select **+ Create**. A wizard launches that steps you through defining your anti-phishing policy.

+5. Specify the name, description, and settings for your policy as recommended in the chart below. For more information, see [Learn about anti-phishing policy in Microsoft Defender for Office 365 options](../security/office-365-security/set-up-anti-phishing-policies.md).

+6. After you've reviewed your settings, choose **Create this policy** or **Save**, as appropriate.

+|Setting or option|Recommended setting|

+|||

+|Name|Domain and most valuable staff|

+|Description|Ensure most important staff and our domain are not being impersonated.|

+|Add users to protect|Select **+ Add a condition, The recipient is**. Type user names or enter the email address of the business owners, partners, or candidate, managers, and other important staff members. You can add up to 20 internal and external addresses that you want to protect from impersonation.|

+|Add domains to protect|Select **+ Add a condition, The recipient domain is**. Enter the custom domain associated with your Microsoft 365 subscription, if you defined one. You can enter more than one domain.|

+|Choose actions|If email is sent by an impersonated user: Choose **Redirect message to another email address**, and then type the email address of the security administrator; for example, *Alice<span><span>@contoso.com*. <br/> If email is sent by an impersonated domain: Choose **Quarantine message**.|

+|Mailbox intelligence|By default, mailbox intelligence is selected when you create a new anti-phishing policy. Leave this setting **On** for best results.|

+|Add trusted senders and domains|Here you can add your own domain, or any other trusted domains.|

+|Applied to|Select **The recipient domain is**. Under **Any of these**, select **Choose**. Select **+ Add**. Select the check box next to the name of the domain, for example, *contoso.<span><span>com*, in the list, and then select **Add**. Select **Done**.|

+For more information, see [Set up anti-phishing policies in Defender for Office 365](../security/office-365-security/set-up-anti-phishing-policies.md).

+## Protect against malicious attachments, files, and links with Defender for Office 365

+

+First, make sure, in the admin center at <https://admin.microsoft.com> that you have the new admin center preview turned on. Turn on the toggle next to the text **The new admin center**.

+ 

+If you don't see the **Setup** page with cards in your tenant yet, see how to complete these steps in Security & Compliance Center. See [Set up Safe Attachments in the Security & Compliance Center](#set-up-safe-attachments-in-the-security--compliance-center) and [Set up Safe Links in the Security & Compliance Center](#set-up-safe-links-in-the-security--compliance-center).

+1. In the left nav, choose **Setup**.

+2. On the **Setup** page, choose **View** on the **Increase protection from advanced threats** card.

+ 

+3. On the **Increase protection from advanced threats** page, choose **Get started**.

+4. On the pane that opens, select the check boxes next to **Links and attachments in email**, **Scan files in SharePoint, OneDrive, and Teams**, and **Scan links in Office desktop and Office Online apps** under **Scan items for malicious content**.

+ Under **Links and attachments in email**, Type in All Users, or the specific users whose email you want scanned.

+ 

+5. Choose **Create policies** to turn on Safe Attachments and Safe Links.

+### Set up Safe Attachments in the Security & Compliance Center

+People regularly send, receive, and share attachments, such as documents, presentations, spreadsheets, and more. It's not always easy to tell whether an attachment is safe or malicious just by looking at an email message. Microsoft Defender for Office 365 includes Safe Attachment protection, but this protection is not turned on by default. We recommend that you create a new rule to begin using this protection. This protection extends to files in SharePoint, OneDrive, and Microsoft Teams.

+To create a Safe Attachment policy, either watch [this short video](https://support.office.com/article/e7e68934-23dc-4b9c-b714-e82e27a8f8a5), or complete the following steps:

+1. Go to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077143" target="_blank">Office 365 Security & Compliance Center</a> and sign in with your admin account.

+2. In the left navigation pane, under **Threat management**, choose **Policy**.

+3. On the Policy page, choose **Safe Attachments**.

+4. On the Safe attachments page, apply this protection broadly by selecting the **Turn on ATP for SharePoint, OneDrive, and Microsoft Teams** check box.

+5. Select **+** to create a new policy.

+6. Apply the settings in the following table.

+7. After you review your settings, choose **Create this policy** or **Save**, as appropriate.

+|Setting or option|Recommended setting|

+|||

+|Name|Block current and future emails with detected malware.|

+|Description|Block current and future emails and attachments with detected malware.|

+|Save attachments unknown malware response|Select **Block - Block the current and future emails and attachments with detected malware**.|

+|Redirect attachment on detection|Enable redirection (select this box) <br/> Enter the admin account or a mailbox setup for quarantine. <br/> Apply the above selection if malware scanning for attachments times out or error occurs (select this box).|

+|Applied to|The recipient domain is . . . select your domain.|

+For more information, see [Set up anti-phishing policies in Defender for Office 365](../security/office-365-security/set-up-anti-phishing-policies.md).

+### Set up Safe Links in the Security & Compliance Center

+Hackers sometimes hide malicious websites in links in email or other files. Safe Links, part of Microsoft Defender for Office 365, can help protect your organization by providing time-of-click verification of web addresses (URLs) in email messages and Office documents. Protection is defined through Safe Links policies.

+We recommend that you do the following:

+- Modify the default policy to increase protection.

+- Add a new policy targeted to all recipients in your domain.

+To set up Safe Links, watch [this short training video](https://support.office.com/article/61492713-53c2-47da-a6e7-fa97479e97fa), or complete the following steps:

+1. Go to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077143" target="_blank">Office 365 Security & Compliance Center</a> and sign in with your admin account.

+2. In the left navigation pane, under **Threat management**, choose **Policy**.

+3. On the Policy page, choose **Safe Links**.

+To modify the default policy:

+1. On the Safe links page, under **Policies that apply to the entire organization**, select the **Default** policy.

+2. Under **Settings that apply to content except email**, select **Microsoft 365 Apps for enterprise, Office for iOS and Android**.

+3. Click **Save**.

+To create a new policy targeted to all recipients in your domain:

+1. On the Safe links page, under **Policies that apply to the entire organization**, click **+** to create a new policy.

+2. Apply the settings listed in the following table.

+3. Click **Save**.

+|Setting or option|Recommended setting|

+|||

+|Name|Safe links policy for all recipients in the domain|

+|Select the action for unknown potentially malicious URLs in messages|Select **On - URLs will be rewritten and checked against a list of known malicious links when user clicks on the link**.|

+|Use Safe Attachments to scan downloadable content|Select this box.|

+|Applied to|The recipient domain is . . . select your domain.|

+For more information, see [Safe Links in Defender for Office 365](../security/office-365-security/safe-links.md).

+## Turn on the Unified Audit Log

+After you turn on the audit log search in the Security & Compliance Center, you can retain the admin and other user activity in the log and search it.

+You must be assigned the Audit Logs role in Exchange Online to turn audit log search on or off in your Microsoft 365 subscription. By default, this role is assigned to the Compliance Management and Organization Management role groups on the Permissions page in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2059104" target="_blank">Exchange admin center</a>. Global admins in Microsoft 365 are members of this group by default.

+1. To turn on the audit log search, go to the admin center at <https://admin.microsoft.com> and then choose **Security** under **Admin centers** in the left nav.

+2. On the **Microsoft 365 Security** page, choose **More resources**, and then **Open** on the **Office 365 Security & Compliance Center** card.

+ 

+3. On the security and compliance page, choose **Search** and then **Audit log search**.

+4. On the top of the **Audit log search** page, choose **Turn on auditing**.

+After the feature is turned on, you can search for files, folders, and many activities. For more information, see [search the audit log](../compliance/search-the-audit-log-in-security-and-compliance.md).

+## Tune-up anonymous sharing settings for SharePoint and OneDrive files and folders

+(change default anonymous link expiration to 14 days, change default sharing type to "Specific People")

+To change the sharing settings for OneDrive and SharePoint:

+1. Go to the admin center at <https://admin.microsoft.com> and then choose **SharePoint** under **Admin centers** in the left nav.

+2. In the SharePoint admin center, go to **Policies** \> <a href="https://go.microsoft.com/fwlink/?linkid=2185222" target="_blank">**Sharing**</a>.

+3. On the **Sharing** page, under **File and folder links**, select **Specific people**, and under **Advanced settings for "Anyone" links**, select **These links must expire within this many days**, and type in 14 (or another number of days you want to restrict the link lifetime to).

+ 

+## Activity alerts

+You can use activity alerts to track admin and user activities and detect malware and data loss prevention incidents in your organization. Your subscription includes a set of default policies, but you can also create custom ones. For more information, see [alert policies](../compliance/alert-policies.md). For example, if you store an important file in SharePoint that you don't want anyone to share externally, you can create a notification that alerts you if someone does share it.

+The following figure shows the default policies that are included with Microsoft 365.

+

+## Disable or manage calendar sharing

+You can prevent people in your organization from sharing their calendars, or you can also manage what they can share. For example, you can restrict the sharing to free/busy times only.

+1. Go to the admin center at <https://admin.microsoft.com> and choose **Settings** \> **Org Settings** > <a href="https://go.microsoft.com/fwlink/p/?linkid=2053743" target="_blank">**Services**</a>.

+1. Choose **Calendar**, and choose whether people in your organization can share their calendars with people outside who have Office 365 or Exchange, or with anyone.

+ If you choose the share with anyone option, you can decide to also only share free/busy information.

+3. Choose **Save changes** on the bottom of the page.

+ The following figure shows calendar sharing not allowed.

+ 

+ The following figure shows the settings when calendar sharing is allowed with an email link with only free/busy information.

+ 

+If your users are allowed to share their calendars, see [these instructions](https://support.office.com/article/7ecef8ae-139c-40d9-bae2-a23977ee58d5) for how to share from Outlook on the web.

+ Title: "Set up multifactor authentication for Microsoft 365 Business Premium"

+f1.keywords:

+- NOCSH

+audience: Admin

+ms.localizationpriority: medium

+- Adm_O365

+- M365-subscription-management

+- M365-identity-device-management

+- M365-Campaigns

+- m365solution-smb

+- Adm_O365

+- MiniMaven

+- MSB365

+search.appverid:

+- BCS160

+- MET150

+- MOE150

+description: "Set up multifactor authentication for mobile devices."

+# Set up multifactor authentication on your mobile device

+Multi-factor authentication provides more security for your business. After your admin has required you to use MFA, you can set up the Microsoft Authenticator app to let you log into key apps securely with your phone.

+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE2MmQR]

+See more at [Set up multifactor authentication in Microsoft 365](https://support.office.com/article/a32541df-079c-420d-9395-9d59354f7225)

+## Use the Outlook app in your devices

+After your admin has required you to use MFA and you've set up an authenticator app as a second form of authentication, we recommend that you install and only use the Outlook app to access your Microsoft 365 email. See [Set up mobile devices](../business/set-up-mobile-devices.md) for how to install Office apps, including Outlook, on your phone.

+ Title: "Protect your administrator accounts in Microsoft 365 Business Premium"

+f1.keywords:

+- NOCSH

+audience: Admin

+ms.localizationpriority: medium

+- Adm_O365

+- M365-subscription-management

+- M365-Campaigns

+- m365solution-smb

+- Adm_O365

+- MiniMaven

+- MSB365

+search.appverid:

+- BCS160

+- MET150

+description: "Learn how to set up and protect your administrator accounts in Microsoft 365 Business Premium."

+# Protect your administrator accounts in Microsoft 365 Business Premium

+Because admin accounts come with elevated privileges, they're valuable targets for hackers and cyber criminals. This article describes:

+- How to set up an additional administrator account for emergencies.

+- How to protect these accounts.

+When you sign up for Microsoft 365 and enter your information, you automatically become the Global admin. A Global admin has the ultimate control of user accounts and all the other settings in the Microsoft admin center, but there are many different kinds of admin accounts with varying degrees of access. See [about admin roles](/office365/admin/add-users/about-admin-roles) for information about the different access levels for each kind of admin role.

+## Create additional admin accounts

+Use admin accounts only for administration. Admins should have a separate user account for regular use of Office apps and only use their administrative account when necessary to manage accounts and devices, and while working on other admin functions. It's also a good idea to remove the Microsoft 365 license from the admin accounts so you don't have to pay for them.

+You'll want to set up at least one additional Global admin account to give admin access to another trusted employee. You can also create separate admin accounts for user management (this role is called **User management administrator**). For more information, see [about admin roles](/office365/admin/add-users/about-admin-roles).

+To create additional admin accounts:

+ 1. Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=837890" target="_blank">admin center</a> and then choose **Users** \> **Active users** in the left nav.

+ 

+ 2. On the **Active users** page, select **Add a user** at the top of the page, and on the **New user** panel, enter the name and other information.

+ 3. Expand the **Roles** section, and choose **Global administrator** to give this user global admin access. You can also choose **Customized administrator** and choose any of the roles that are displayed.

+ Enter an alternate email in the **Alternative email address** text box. You can use this address to recover your password information if you get locked out. For Global admins, a billing statement will also be sent to this address.

+ 

+ 4. In the **Product licenses** section, move the selector for **Microsoft 365 Business** to **Off** and the **Create user without product license** to **On**.

+ 

+## Create an emergency admin account

+You should also create a backup account that isn't set up with multi-factor authentication (MFA) so you don't accidentally lock yourself out (for example if you lose your phone that you're using as a second form of verification). Make sure that the password for this account is a phrase or at least 16 characters long. This is often referred to as a "break-glass account."

+## Create a user account for yourself

+Use your user account to participate in collaboration with your organization, including checking mail. This means your admin credentials might be similar to *Alice.Chavez<span></span>@Contoso.org* and your regular user account might be similar to *Alice<span></span>@Contoso.com*.

+To create a new user account:

+1. Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=837890" target="_blank">admin center</a> and then choose **Users** \> **Active users** in the left nav.

+2. On the **Active users** page, select **Add a user** at the top of the page, and on the **New user** panel, enter the name and other information.

+3. Expand the **Roles** section, and choose **User (no administrative access)**.

+4. In the **Product licenses** section, move the selector for **Microsoft 365 Business** to **On**.

+## Turn on security defaults

+Security defaults help protect your organization from identity-related attacks by providing preconfigured security settings that Microsoft manages on behalf of your organization. These settings include enabling multi-factor authentication (MFA) for all admins and user accounts. For more information about security defaults and to learn how to enable them on, see [Turn on security defaults](m365-campaigns-conditional-access.md).

+## Additional recommendations

+- Before using admin accounts, close out all unrelated browser sessions and apps, including personal email accounts. You can also use in private, or incognito browser windows.

+- After completing admin tasks, be sure to sign out of the browser session.

+ Title: "Protect unmanaged Windows 10 PCs and Macs in Microsoft 365 Business Premium"

+f1.keywords:

+- NOCSH

+audience: Admin

+ms.localizationpriority: medium

+- Adm_O365

+- M365-subscription-management

+- M365-identity-device-management

+- M365-Campaigns

+- m365solution-smb

+- Adm_O365

+- MiniMaven

+- MSB365

+search.appverid:

+- BCS160

+- MET150

+- MOE150

+description: "Protect unmanaged or bring-your-own devices (BYOD) with Microsoft 365 Business Premium."

+# Protect unmanaged Windows 10 PCs and Macs in Microsoft 365 Business Premium

+You can manage Windows 10 PCs and Macs by enrolling them in Microsoft Intune, which allows you to ensure they're healthy and secure before accessing data in your environment. However, many campaigns and small businesses include staff who bring their own devices (BYOD), which will not be managed by the organization. For these unmanaged PCs and Macs, use this article to ensure that minimum security capabilities are configured.

+<!--A Windows 10 PC is considered managed after you have completed the following two steps:

+1. You (or the admin) set up device and data protection policies in the [setup wizard](../business/set-up.md).

+2. You have [connected your computer to Azure Active Directory](../business/set-up-windows-devices.md) and use your Microsoft 365 username and password to sign in.

+3. -->

+## Protect a computer running Windows 10 or a Mac

+<!--If you have a PC that is running Windows 10 that is not connected to Microsoft 365, or a Mac, the Microsoft 365 protections do not apply to it, but here are some things you can do to keep your data secure on these devices as well:

+-->

+If your Windows 10 PC or Mac is not managed by your organization, be sure to configure these security capabilities.

+## [Windows 10](#tab/Windows10)

+**Turn on device encryption**<p>

+Device encryption is available on a wide range of Windows devices and helps protect your data by encrypting it. If you turn on device encryption, only authorized individuals will be able to access your device and data. See [turn on device encryption](https://support.microsoft.com/help/4028713/windows-10-turn-on-device-encryption) for instructions.

+ If device encryption isn't available on your device, you can turn on standard [BitLocker encryption](https://support.microsoft.com/help/4028713/windows-10-turn-on-device-encryption) instead. (BitLocker isn't available on Windows 10 Home edition.)

+**Protect your device with Windows Security**<p>

+If you have Windows 10, you'll get the latest antivirus protection with Windows Security. When you start up Windows 10 for the first time, Windows Security is on and actively helping to protect your PC by scanning for malware (malicious software), viruses, and security threats. Windows Security uses real-time protection to scan everything you download or run on your PC.

+Windows Update downloads updates for Windows Security automatically to help keep your PC safe and protect it from threats.

+If you have an earlier version of Windows and are using Microsoft Security Essentials, it's a good idea to move to Windows Security. For more information, see [help protect my device with Windows Security](https://support.microsoft.com/help/17464/windows-10-help-protect-my-device-with-windows-security).

+**Turn on Windows Firewall**<p>

+You should always run Windows Firewall even if you have another firewall turned on. Turning off Windows Firewall might make your device (and your network, if you have one) more vulnerable to unauthorized access. See [Turn Windows Firewall on or off](https://support.microsoft.com/help/4028544/windows-10-turn-windows-defender-firewall-on-or-off) for instructions.

+## [Mac](#tab/Mac)

+**Use FileVault to encrypt your Mac disk**<p>

+Disk encryption protects data when devices are lost or stolen. FileVault full-disk encryption helps prevent unauthorized access to the information on your startup disk. See [use FileVault to encrypt the startup disk on your Mac](https://support.apple.com/HT204837) for instructions.

+**Protect your mac from malware**<p>

+Microsoft recommends that you install and use reliable antivirus software on your Mac. See the following article for a list of choices: [Best Mac antivirus 2019](https://www.macworld.co.uk/feature/mac-software/mac-antivirus-3672182/).

+You can also reduce the risk of malware by using software only from reliable sources. The settings in Security & Privacy preferences allow you to specify the sources of software installed on your Mac. For more information, see [protect your Mac from malware](https://support.apple.com/kb/PH25087).

+**Turn on firewall protection**<p>

+Use firewall settings to protect your Mac from unwanted contact initiated by other computers when you're connected to the Internet or a network. Without this protection, your Mac might be more vulnerable to unauthorized access. See [about the application firewall](https://support.apple.com/HT201642) for instructions.

+ Title: "How security recommendations can affect your users"

+f1.keywords:

+- NOCSH

+audience: Admin

+ms.localizationpriority: medium

+- Adm_O365

+- M365-subscription-management

+- M365-identity-device-management

+- M365-Campaigns

+- m365solution-smb

+- Adm_O365

+- MiniMaven

+- MSB365

+search.appverid:

+- BCS160

+- MET150

+- MOE150

+description: "Learn how security recommendations for Microsoft 365 Business Premium affect your users and protect your data."

+# How security recommendations affect your users

+The security recommendations for Microsoft 365 in this solution make it much harder for hackers to gain access to your environment. The tradeoff is that your users will need to be aware of how to work within this more secure environment. We understand a little extra patience is required, but it's worth it to keep your organization protected.

+

+## Use secure email practices

+All users should be aware of and use these email practices to help keep their email secure:

+- Set up email to use multi-factor authentication with the authenticator app.

+- Verify legitimate emails and look for safety tips from Advanced Phishing in Defender for Office 365 Protection.

+- Open only safe links and attachments, as verified by Safe Links and Safe Attachments.

+Learn more about [multi-factor authentication](m365-campaigns-multifactor-authentication.md) and [phishing and other attacks](m365-campaigns-phishing-and-attacks.md).

+Download an [infographic](m365-campaigns-protect-campaign-infographic.md) with tips for you and the members of your team.

+## Set up iPhones and Android devices

+All users you add to your environment will need to take a few minutes to [setup iPhones and Android devices](../business/set-up-mobile-devices.md?toc=%2Fmicrosoft-365%2Fcampaigns%2Ftoc.json) to work securely:

+- Set up devices to use multi-factor authentication with the authenticator app.

+- Use Microsoft mobile apps, including Outlook Mobile, Word, OneDrive, and other Microsoft apps from the app store. The native mail apps that are included on iPhones and Android devices aren't supported.

+- Require a PIN for users to unlock their device.

+After setting these up, your users will be prompted to use the authenticator app when accessing your organization data on these devices, including mail.

+## Keep BYOD Macs and Windows 10 PCs fresh

+It's also important that users keep their primary work device up to date:

+- Install the latest versions of Office desktop apps and keep these fresh with updates, when prompted.

+- Stay on top of operating system updates, such as Windows updates.

+For [unmanaged Windows 10 and Mac devices](m365bp-protect-pcs-macs.md), users have the responsibility to ensure that basic security features are enabled.

+**Enable basic security capabilities on BYOD Windows 10 and Mac devices**

+|**Windows 10**|**Mac**|

+|:--|:|

+|Turn on BitLocker device protection<p><p> Ensure Windows Defender remains on <p>Turn on Windows Firewall| Use FileVault to encrypt the Mac disk <p><p>Use a reliable antivirus software <p>Turn on firewall protection|

+To learn more about these recommendations, see [Protect your account and devices from hackers and malware](https://support.office.com/article/Protect-your-account-and-devices-from-hackers-and-malware-066d6216-a56b-4f90-9af3-b3a1e9a327d6#ID0EAABAAA=Windows_10).

+## Collaborate using Microsoft Teams, OneDrive, SharePoint Online, and other tools

+Your users might be tempted to share and store your organization files in places other than Microsoft 365. Microsoft 365 makes it as easy as possible to collaborate and share securely. You can [share files and videos](share-files-and-videos.md) directly from Microsoft Teams, OneDrive, Stream, and even from within a file. Sharing from within these tools helps keep your data from leaking. You can add additional protection to sensitive data to prevent sharing outside your organization.

+## Set up managed Windows 10 devices

+We recommend that your most important staff members use freshly acquired Windows 10 devices that you manage. We'll show you how to [manage and secure these devices](../business/set-up-windows-devices.md?toc=/microsoft-365/campaigns/toc.json). This ensures that staff members who are the highest value target to hackers receive the most protection.

+ Title: "Secure Windows devices"

+f1.keywords:

+- CSH

+audience: Admin

+f1_keywords:

+- 'O365E_BCSSetup4WindowsConfig'

+ms.localizationpriority: medium

+- M365-subscription-management

+- M365-identity-device-management

+- Core_O365Admin_Migration

+- MiniMaven

+- MSB365

+- OKR_SMB_M365

+- seo-marvel-mar

+- AdminSurgePortfolio

+search.appverid:

+- BCS160

+- MET150

+- MOE150

+ROBOTS: NO INDEX, NO FOLLOW

+ms.assetid: 21e5551f-fa35-4f13-9418-f80d668b6a2b

+description: "Learn about configuring the settings of the default device policy that any Windows device will receive upon signing in to their work or school account."

+# Secure Windows devices

+This article applies to Microsoft 365 Business Premium.

+The settings that you configure here are part of the default device policy for Windows 10 or 11. All users who connect a Windows device, including mobile devices and PCs, by signing in with their work account will automatically receive these settings. We recommend that you accept the default policy during setup and add policies later that target specific groups of users.

+

+## Settings to secure Windows 10 devices

+By default all settings are **On**. The following settings are available: <br/><br/>

+|Setting <br/> |Description <br/> |

+|:--|:--|

+|Help protect PCs from viruses and other threats using Windows Defender Antivirus <br/> |Requires that Windows Defender Antivirus is turned on to protect PCs from the dangers of being connected to the internet. <br/> |

+|Help protect PCs from web-based threats in Microsoft Edge <br/> |Turns on settings in Edge that help protect users from malicious sites and downloads. <br/> |

+|Help protect files and folders on PCs from unauthorized access with BitLocker <br/> |BitLocker protects data by encrypting the computer hard drives and protect against data exposure if a computer is lost or stolen. For more information, see [BitLocker FAQ](/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions). <br/> |

+|Turn off device screen when idle for this amount of time <br/> |Makes sure that company data is protected if a user is idle. A user may be working in a public location, like a coffee shop, and step away or be distracted for just a moment, leaving their device vulnerable to random glances. This setting lets you control how long the user can be idle before the screen shuts off. <br/> |

+ Title: Set up Microsoft 365 Business Premium

+description: See how to set up Microsoft 365 Business Premium

+search.appverid: MET150

+audience: Admin

+localization_priority: Normal

+f1.keywords: NOCSH

+- SMB

+- M365-security-compliance

+# Set up Microsoft 365 Business Premium

+You have several options for setting up and configuring Microsoft 365 Business Premium. You can:

+- [Use a guided setup experience for basic setup and configuration](#guided-process-for-basic-setup)

+- [Work through the setup process manually](#manual-setup-and-configuration)

+- [Work with a partner, such as a Microsoft Cloud Solution Provider (CSP)](#work-with-a-microsoft-partner)

+Use this article as a guide.

+## Guided process for basic setup

+Microsoft 365 Business Premium includes a guided process for basic setup. Tasks include connecting to a custom domain, adding users, assigning licenses, installing Outlook on mobile devices, reviewing data protection settings, and applying a mobile app protection policy.

+To see how the guided setup works, watch the following video: <br/><br/>

+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE471FJ?autoplay=false]

+After you have finished the guided setup, there are additional steps to complete to help ensure that your security and compliance capabilities are properly set up and applied. These steps include:

+- [Securing Windows devices](m365bp-secure-windows-devices.md)

+- [Deploying Microsoft 365 apps](../admin/setup/install-applications.md)

+- [Setting up and configuring your new Defender for Business capabilities](../security/defender-business/mdb-setup-configuration.md)

+[Learn more about the differences between the guided setup process and the Setup page](../admin/setup/o365-setup-wizard-and-setup-page.md).

+> [!TIP]

+> See the following section for more details about setting up and configuring Microsoft 365 Business Premium.

+## Manual setup and configuration

+The following table describes how to set up and configure Microsoft 365 Business Premium, step by step.

+| Phase | Task | Guidance |

+||||

+| **Planning** | Plan your setup and configuration process | [Plan your setup of Microsoft 365 for business](../admin/setup/plan-your-setup.md) |

+| | Review the requirements | [Microsoft 365 Business Premium requirements](https://www.microsoft.com/microsoft-365/business/microsoft-365-business-premium?activetab=pivot:overviewtab) |

+| **Basic setup** | Use a custom domain like `rob@contoso.com` with Microsoft 365 | [Add a domain to Microsoft 365](../admin/setup/add-domain.md) |

+| | Add users and assign licenses in Microsoft 365 | [Add users and assign licenses at the same time](../admin/add-users/add-users.md) |

+| | Assign admin roles to users who'll perform certain functions, such as: <br/>- Managing features<br/>- Managing user accounts<br/>- Managing devices<br/>- Viewing or managing your organization's security and compliance information | [Learn about admin roles](../admin/add-users/about-admin-roles.md) <br/><br/> [Assign admin roles](../admin/add-users/assign-admin-roles.md) |

+| | Install Microsoft 365 Apps (like Word, Excel, PowerPoint, and more) | [Install Office applications](../admin/setup/install-applications.md) |

+| **Securing your organization** | Review your security checklist so you'll know what needs to be configured | [Secure your Microsoft 365 for business plan](../admin/security-and-compliance/secure-your-business-data.md) |

+| | Require everyone to use an additional verification method when they sign in to Microsoft 365 | [Set up multifactor authentication](../admin/security-and-compliance/set-up-multi-factor-authentication.md) |

+| **Protecting email and content** | Set up advanced anti-phishing protection to guard against malicious impersonation-based phishing attacks and other phishing attacks | [Protect your email from phishing attacks](../admin/security-and-compliance/secure-your-business-data.md) |

+| | Set up Safe Attachments to protect your organization from malicious email attachments | [Protect against malicious attachments and files with Safe Attachments](../admin/security-and-compliance/secure-your-business-data.md) |

+| | Set up Safe Links to protect your organization by providing time-of-click verification of web addresses (URLs) in email messages and Office documents | [Set up Safe Links](../admin/security-and-compliance/secure-your-business-data.md) |

+| | Set data loss prevention policies to prevent sensitive information from being shared | [Set up compliance features](../admin/security-and-compliance/set-up-compliance.md) |

+| **Managing and protecting devices** | Secure your organization's Windows devices | [Secure Windows devices](m365bp-secure-windows-devices.md) <br/><br/>[Set or edit application protection settings for Windows 10 devices](../admin/devices/protection-settings-for-windows-10-devices.md) |

+| | Secure Microsoft 365 apps on mobile devices | [Set app protection settings for Android or iOS devices](../admin/devices/app-protection-settings-for-android-and-ios.md) |

+| | Set up Microsoft Defender for Business (when available for your tenant) | [Overview of Microsoft Defender for Business](../security/defender-business/mdb-overview.md)<br/><br/>[Use the wizard to set up Defender for Business](../security/defender-business/mdb-use-wizard.md) |

+| **File storage and migrating content** | Set up file storage and how sharing will work | [Set up file storage and sharing in Microsoft 365](../admin/setup/set-up-file-storage-and-sharing.md) |

+| | Import or migrate email and contacts | [Migrate email and contacts to Microsoft 365](../admin/setup/migrate-email-and-contacts-admin.md) |

+| | Move the company files that everyone needs to access to SharePoint. SharePoint typically replaces the use of a file share or network drive. | [Move files to SharePoint](../admin/setup/files-to-sharepoint.md) |

+| | Move your existing work files, such as personal work files or sensitive business files, to OneDrive. | [Move files to OneDrive](../admin/setup/files-to-onedrive.md) |

+| **Training admins and your security team** | Learn how to use the admin center | [Overview of the Microsoft 365 admin center](../admin/admin-overview/admin-center-overview.md) |

+| | Use the free training video library for Microsoft 365 admins | [Admin training video library](../admin/admin-video-library.yml) |

+| | Learn how to use the Microsoft 365 Defender portal | [Get started using the Microsoft 365 Defender portal](../security/defender-business/mdb-get-started.md) |

+> [!TIP]

+> Need some help? Consider getting [Business Assist for Microsoft 365](https://support.microsoft.com/en-us/office/business-assist-for-microsoft-365-37deb8fe-61cc-4cf9-9ad1-1c8d93475070)

+## Work with a Microsoft partner

+Microsoft has a list of solution providers who are authorized to sell offerings, including Microsoft 365 Business Premium.

+To find a solution provider in your area, take the following steps:

+1. Go to the **Microsoft Solution Providers** page ([https://www.microsoft.com/solution-providers](https://www.microsoft.com/solution-providers)).

+

+2. In the search box, fill in your location and company size.

+3. In the **Search for products, services, skills, industries** box, put `Microsoft 365`, and then select **Go**.

+4. Review the list of results. Select a provider to learn more about their expertise and the services they provide.

+Also see [Find your partner or reseller](../admin/manage/find-your-partner-or-reseller.md).

+## See also

+- [Overview of Microsoft Defender for Business](../security/defender-business/mdb-overview.md) (now included with Microsoft 365 Business Premium!)

+- [Business subscriptions and billing documentation](../commerce/index.yml)

+- [Overview of Microsoft 365 Lighthouse](../lighthouse/m365-lighthouse-overview.md) (for Microsoft CSPs)

+- [Top 10 ways to secure Microsoft 365 for business plans](../admin/security-and-compliance/secure-your-business-data.md)

+ Title: "Setup overview for Microsoft 365 for Campaigns"

+# Set up Microsoft 365 for Campaigns

+2. For unmanaged devices, users set up their [PCs and Macs](m365bp-protect-pcs-macs.md).

+ Title: Microsoft Security Guidance - Political campaigns & nonprofits

+f1.keywords:

+ - NOCSH

+audience: ITPro

+ - Ent_O365

+ - Strat_O365_Enterprise

+ - M365-security-compliance

+ms.localizationpriority: high

+search.appverid:

+ - MET150

+ - Strat_O365_Enterprise

+ - seo-marvel-apr2020

+ms.assetid: 10d1004b-42b6-4e2b-aaa2-18ddd9118f64

+description: "Summary: Planning and implementation guidance for fast-moving organizations that have an increased threat profile."

+ms.technology: mdo

+# Microsoft Security Guidance for Political Campaigns, Nonprofits, and Other Agile Organizations

+**Applies to**

+- Microsoft 365 Business Premium

+- Microsoft 365 for Campaigns

+- [Exchange Online Protection](../security/office-365-security/exchange-online-protection-overview.md)

+- [Microsoft Defender for Office 365 plan 1 and plan 2](../security/office-365-security/defender-for-office-365.md)

+ **Summary:** Planning and implementation guidance for fast-moving organizations that have an increased threat profile.

+If your organization is agile, you have a small IT team, and your threat profile is higher than average, this guidance is designed for you. This solution demonstrates how to quickly build an environment with essential cloud services that include secure controls from the start. This guidance includes prescriptive security recommendations for protecting data, identities, email, and access from mobile devices.

+## Security solution guidance

+This guidance describes how to implement a secure cloud environment. The solution guidance can be used by any organization. It includes extra help for agile organizations with BYOD access and guest accounts. You can use this guidance as a starting-point for designing your own environment. We welcome your feedback at [CloudAdopt@microsoft.com](mailto:CloudAdopt@microsoft.com).

+****

+|Item|Description|

+|||

+|**Microsoft Security Guidance for Political Campaigns** <br> [:::image type="content" source="../media/d370ce28-ca40-4930-9a2c-907312aa06c8.png" alt-text="Thumbnail for mini poster about security guidance.":::](https://download.microsoft.com/download/B/4/D/B4D520C3-4D0C-4B4D-BFB9-09F0651C2775/MSFT_Cloud_architecture_security%20for%20political%20campaigns.pdf) <br> [PDF](https://download.microsoft.com/download/B/4/D/B4D520C3-4D0C-4B4D-BFB9-09F0651C2775/MSFT_Cloud_architecture_security%20for%20political%20campaigns.pdf) \| [Visio](https://download.microsoft.com/download/B/4/D/B4D520C3-4D0C-4B4D-BFB9-09F0651C2775/MSFT_Cloud_architecture_security%20for%20political%20campaigns.vsdx)|This guidance uses a political campaign organization as an example. Use this guidance as a starting point for any environment.|

+|**Microsoft Security Guidance for Nonprofits** <br> [:::image type="content" source="../media/e4784889-1c69-4067-9a8f-31d31d1eceea.png" alt-text="Thumbnail for security guidance download.":::](https://download.microsoft.com/download/9/4/3/94389612-C679-4061-8DF2-D9A15D72B65F/Microsoft_Cloud%20Architecture_Security%20for%20Nonprofits.pdf) <br> [PDF](https://download.microsoft.com/download/9/4/3/94389612-C679-4061-8DF2-D9A15D72B65F/Microsoft_Cloud%20Architecture_Security%20for%20Nonprofits.pdf) \| [Visio](https://download.microsoft.com/download/9/4/3/94389612-C679-4061-8DF2-D9A15D72B65F/Microsoft_Cloud%20Architecture_Security%20for%20Nonprofits.vsdx)|This guide is slightly revised for nonprofit organizations. For example, it references Office 365 Nonprofit plans. The technical guidance is the same as the political campaign solution guide.|

+|

+## See Also

+[Microsoft cloud for IT architects illustrations](../solutions/cloud-architecture-models.md)

+- commerce_purchase

+- commerce_purchase

+- commerce_billing

+- commerce_billing

+- commerce_billing

+- AdminSurgePortfolio

+- commerce_billing

+- AdminSurgePortfolio

+- commerce_billing

+- commerce_billing

+- AdminSurgePortfolio

+- commerce_billing

+- AdminSurgePortfolio

+- commerce_billing

+- commerce_billing

+- AdminSurgePortfolio

+- AdminSurgePortfolio

+- commerce_purchase

+- commerce_subscription

+- commerce_purchase

+- AdminSurgePortfolio

+- commerce_licensing

+- commerce_licensing

+- [Manage auto-claim policies](#manage-auto-claim-policies)

+ - [Before you begin](#before-you-begin)

+ - [Turn the auto-claim policy feature on or off](#turn-the-auto-claim-policy-feature-on-or-off)

+ - [Turn on auto-claim policies](#turn-on-auto-claim-policies)

+ - [Turn off auto-claim policies](#turn-off-auto-claim-policies)

+ - [Create an auto-claim policy](#create-an-auto-claim-policy)

+ - [Turn a policy on or off](#turn-a-policy-on-or-off)

+ - [Edit the policy friendly name](#edit-the-policy-friendly-name)

+ - [Add or remove backup products](#add-or-remove-backup-products)

+ - [Add a backup product](#add-a-backup-product)

+ - [Remove a backup product](#remove-a-backup-product)

+ - [Change the assigning apps and services](#change-the-assigning-apps-and-services)

+ - [Change the assigning order for backup products](#change-the-assigning-order-for-backup-products)

+ - [View an auto-claim policy report](#view-an-auto-claim-policy-report)

+ - [Next steps](#next-steps)

+ - [Related content](#related-content)

+- AdminSurgePortfolio

+- AdminSurgePortfolio

+- AdminSurgePortfolio

+- commerce_purchase

+- AdminSurgePortfolio

+- AdminSurgePortfolio

+- AdminSurgePortfolio

+- AdminSurgePortfolio

+If you want to cancel your subscription, the easiest way to do that is to [turn off recurring billing](renew-your-subscription.md). When you turn off recurring billing, you can continue to use your subscription until it expires at the end of the subscription term. If you want to cancel immediately, use the information and steps in this article to do that.

+- You must be a Global or Billing admin to do the tasks in this article. For more information, see [About admin roles](../../admin/add-users/about-admin-roles.md).

+- Before you cancel a subscription, make sure your users [save their data](#save-your-data).

+- If you added your own domain name to use with your subscription, you must [remove the domain](../../admin/get-help-with-domains/remove-a-domain.md) before you cancel your subscription.

+- If you have a domain subscription, to prevent any other charges for that subscription, [turn off recurring billing](renew-your-subscription.md).

+## Determine your cancellation options

+> [!IMPORTANT]

+> Before you continue, [determine if you have a billing profile](../billing-and-payments/manage-billing-profiles.md#view-my-billing-profiles).

+You can only cancel and receive a prorated credit or refund if you cancel within 72 hours after the start or renewal of your subscription. If you cancel during this limited time window, the prorated amount is either credited towards your next invoice or returned to you in the next billing cycle.

+If you need to cancel within 72 hours after the start or renewal of your subscription, go to [Steps to cancel your subscription](#steps-to-cancel-your-subscription) later in this article.

+If more than 72 hours have passed, [turn off recurring billing](renew-your-subscription.md). This prevents you from being charged again for your subscription, and lets you keep your access to your products and services for the remainder of your subscription.

+If you cancel after you start or renew your subscription, you receive a prorated credit or refund. The amount is either credited towards your next invoice or returned to you in the next billing cycle.

+The steps to cancel your trial or paid subscription depend on the number of licenses in your subscription. The following table explains what steps you can take, based on your number of licenses.

+|25 or fewer licenses | [Use the steps below to cancel](#steps-to-cancel-your-subscription) your trial or paid subscription online in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>. |

+|More than 25 licenses | Reduce the number of licenses to 25 or fewer and then [use the steps below to cancel](#steps-to-cancel-your-subscription). |

+If you canΓÇÖt reduce the number of licenses, [turn off recurring billing](renew-your-subscription.md). This prevents you from being charged again for your subscription, and lets you keep your access to your products and services for the remainder of your subscription.

+If you're unable to cancel your subscription, [contact support](../../admin/get-help-support.md) for help.

+> [!NOTE]

+> If you have multiple subscriptions to the same product, such as Microsoft 365 Business Premium, canceling one subscription wonΓÇÖt impact the purchased licenses or services inside the others.

+1. In the Microsoft 365 admin center, go to the **Billing** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=842054" target="_blank">Your products</a> page.

+> If you explicitly delete a subscription, then it skips the **Expired** and **Disabled** states and the SharePoint Online data and content, including OneDrive, is deleted immediately.

+## Save your data

+- To save a document library or list content (such as contacts) from a SharePoint Online environment (OneDrive for Business or team sites) to file shares or to a local computer, see [Information about manual migration of SharePoint Online content](/sharepoint/troubleshoot/migration-tool/content-manual-migration).

+## Next steps

+### Close your account (optional)

+- AdminSurgePortfolio

+- customer-email

+- commerce_ssp

+- AdminSurgePortfolio

+- AdminSurgePortfolio

+- commerce_subscriptions

+- commerce_subscriptions

+- commerce_subscriptions

+- customer-email

+- commerce_subscriptions

+- AdminSurgePortfolio

+- AdminSurgePortfolio

+- AdminSurgePortfolio

+- commerce_purchase

+- **Child items**. The number of child items added to the review set. Only child items that are file attachments and cloud attachments are added to the review set as individual files. Other types of child items, such as email signatures and images, are extracted from a parent item and then processed by Optical Character Recognition (OCR) to extract any text from the child item. Text extracted from these types of child items is then added to its parent item so you can view it in the review set. By not adding child items to the review set as a separate file, Advanced eDiscovery helps streamline the review process by limiting the number of potentially immaterial items in the review set.

+Make sure you understand the [principles of retention](retention.md#the-principles-of-retention-or-what-takes-precedence) before you use retention labels to supplement a retention policy for specific SharePoint, OneDrive, or Exchange items. Typically, you'll use retention labels to retain specific items longer than an applied retention policy, but they can also be used to override automatic deletion at the end of the retention period, or apply a different deletion period.

+As a typical example: The majority of content on your SharePoint sites need to be retained for three years, which is covered with a retention policy. But you have some contract documents that must be retained for seven years. These exceptions can be addressed with retention labels. After assigning the retention policy to all SharePoint sites, you apply the retention labels to the contract documents. All SharePoint items will be retained for three years, and just the contract documents will be retained for seven years.

+For more examples of how retention labels can be used as exceptions to retention policies, see [Combining retention policies and retention labels](retention.md#combining-retention-policies-and-retention-labels).

+## Tenant setting for editing record properties

+If you'll use retention labels to declare items as records (rather than regulatory records) in SharePoint and OneDrive, consider whether you need to change the default tenant setting that allows users to edit the properties for a labeled record when files are larger than 0 bytes.

+To change this default, go to the [Microsoft 365 compliance center](https://compliance.microsoft.com/) > **Records management** > **Records management settings** > **Retention labels** > **Allow editing of record properties** and then turn off the setting **Allow users to edit record properties**.

+Understand how you can use [record versioning to update records stored in SharePoint or OneDrive](record-versioning.md).

+> [!NOTE]

+> You can't delete items from a review set and you can't delete review sets from a case. To delete a review set (and delete the data in it), you have to delete the Advanced eDiscovery case the review set is located in. For more information, see [Close or delete an Advanced eDiscovery case](close-or-delete-case.md).

+You supply root keys used with service encryption and you manage these keys using Azure Key Vault. Microsoft manages all other keys. This option is called Customer Key, and it is currently available for Exchange Online, SharePoint Online, and OneDrive for Business. (Previously referred to as Advanced Encryption with BYOK. See [Enhancing transparency and control for Office 365 customers](https://www.microsoft.com/en-us/microsoft-365/blog/2015/04/21/enhancing-transparency-and-control-for-office-365-customers/) for the original announcement.)

+- admindeeplinkCOMPLIANCE

+Editing properties for a locked record is allowed by default but can be blocked by a tenant setting in the [Microsoft 365 compliance center](https://compliance.microsoft.com/) > **Records management** > **Records management settings** > **Retention labels** > **Allow editing of record properties**.

+Deleting labeled items in SharePoint and OneDrive can be blocked as a tenant setting in the [Microsoft 365 compliance center](https://compliance.microsoft.com/) > **Records management** > **Records management settings** > **Retention labels** > **Deletion of items**.

+You don't have to choose between using retention policies only or retention labels only. Both methods can be used together and in fact, complementary each other for a more comprehensive solution.

+The following examples are just some of the ways in which you can combine retention policies and retention labels for the same location.

+For more information about how retention policies and retention labels work together and how to determine their combined outcome, see the section on this page that explains the [principles of retention and what takes precedence](#the-principles-of-retention-or-what-takes-precedence).

+**Example for users to override automatic deletion**

+Scenario: By default, content in users' OneDrive accounts is automatically deleted after five years but users must have the option to override this for specific documents.

+**Example to retain items for longer**

+Scenario: By default, SharePoint items are automatically retained and then deleted after five years, but documents in specific libraries must be retained for ten years.

+1. You create and configure a retention policy that automatically retains and then deletes content after five years, and apply the policy to all SharePoint and Microsoft 365 Groups instances.

+2. You create and configure a retention label that automatically retains content for ten years. You publish this label to SharePoint site admins, so that they can apply it as a default label to be inherited by all items in specific document libraries.

+**Example to delete items in a shorter time period**

+Scenario: By default, emails aren't retained but are automatically deleted after ten years. However, emails related to a specific project that has a prerelease code name must be automatically deleted after one year.

+1. You create and configure a retention policy that automatically deletes content after ten years, and apply the policy to all Exchange recipients.

+2. You create and configure a retention label that automatically deletes content after one year. Options for applying this label to relevant emails include:

+ - You create an auto-labeling policy that identifies content by using the project code name as the keyword, and apply the policy to all Exchange recipients

+ - You publish the label and instruct users involved in the project how to create an automatic rule in Outlook that applies this label

+ - You publish the label and instruct users to create a folder in Outlook for all emails related to the project and they apply the published label to the folder, and then create an Outlook rule to move all project-related emails to this folder

+The site uses the power of a SharePoint Syntex model running on a SharePoint document library to classify documents and extract metadata. The site provides prebuilt document libraries to get you started quickly, but you can also create your own as needed. The site includes the following featured libraries:

+- **Models** ΓÇô Use the model in this library to classify documents and extract metadata. Users can create their own models to fit their needs and add them to this library.

+### Add other workflows

+The Contracts Management site contains the components you need to get started, but you can also include additional components, such as:

+- Use a [Power Automate flow](/power-automate/getting-started) to trigger a workflow when a new contract is added to the **Contract requests** library.

+- Build additional [SharePoint Syntex models](/microsoft-365/contentunderstanding/#models).

+- Use the [content assembly](content-assembly.md) feature on the **Templates** library.

+- Create a [contracts management solution](solution-manage-contracts-in-microsoft-365.md) by using SharePoint Syntex together with other components of Microsoft 365.

+ >

+ > - Target tenant:

+ >

+ > Test-MigrationServerAvailability -Endpoint "[the name of your cross-tenant migration endpoint]"

+ >

+ > Get-OrganizationRelationship | fl name, DomainNames, MailboxMoveEnabled, MailboxMoveCapability

+ >

+ > - Source tenant:

+ >

+ > Get-OrganizationRelationship | fl name, DomainNames, MailboxMoveEnabled, MailboxMoveCapability

+> [!NOTE]

+> This feature is not available for Microsoft 365 Government, Microsoft 365 operated by 21Vianet, or Microsoft 365 Germany.

+ - Make sure both an on-premises test user, as well as a hybrid test user homed in Office 365, can login to the Skype for Business desktop client (if you want to use modern authentication with Skype) and Microsoft Outlook (if you want to use modern authentication with Exchange).

+ - Make sure the SignInOptions setting in Microsoft Office is not configured to its most restrictive setting. For more information, see [How to allow Office to connect to the internet](/office365/troubleshoot/access-management/office-feature-disabled).

+|**Last updated:** 02/28/2022 -  [Change Log subscription](https://endpoints.office.com/version/USGOVDoD?allversions=true&format=rss&clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7)|**Download:** the full list in [JSON format](https://endpoints.office.com/endpoints/USGOVDoD?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7)|

+|**Last updated:** 02/28/2022 -  [Change Log subscription](https://endpoints.office.com/version/USGOVGCCHigh?allversions=true&format=rss&clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7)|**Download:** the full list in [JSON format](https://endpoints.office.com/endpoints/USGOVGCCHigh?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7)|

+|**Last updated:** 02/28/2022 - |

+<!--USGovDoD endpoints version 2022022800-->

+<!--File generated 2022-02-28 17:00:06.0774-->

+28 | Default<BR>Required | No | `activity.windows.com, dod.activity.windows.us` | **TCP:** 443

+29 | Default<BR>Required | No | `dod-mtis.cortana.ai` | **TCP:** 443

+<!--USGovGCCHigh endpoints version 2022022800-->

+<!--File generated 2022-02-28 17:00:08.4114-->

+28 | Default<BR>Required | No | `activity.windows.com, gcc-high.activity.windows.us` | **TCP:** 443

+29 | Default<BR>Required | No | `gcch-mtis.cortana.ai` | **TCP:** 443

+<!--Worldwide endpoints version 2022022800-->

+<!--File generated 2022-02-28 17:00:02.6221-->

+52 | Default<BR>Optional<BR>**Notes:** OneNote 3rd party supporting services and CDNs | No | `s.ytimg.com, www.youtube.com` | **TCP:** 443

+68 | Default<BR>Optional<BR>**Notes:** Portal and shared: 3rd party office integration. (including CDNs) | No | `*.helpshift.com, connect.facebook.net, firstpartyapps.oaspapps.com, prod.firstpartyapps.oaspapps.com.akadns.net, telemetryservice.firstpartyapps.oaspapps.com, wus-firstpartyapps.oaspapps.com` | **TCP:** 443

+114 | Default<BR>Optional<BR>**Notes:** Office Mobile URLs | No | `*.appex.bing.com, *.appex-rf.msn.com, c.bing.com, c.live.com, d.docs.live.net, directory.services.live.com, docs.live.net, partnerservices.getmicrosoftkey.com, signup.live.com` | **TCP:** 443, 80

+156 | Default<BR>Required | No | `*.activity.windows.com, activity.windows.com` | **TCP:** 443

+Several options are available if you need help. First, check to see if there are any known issues:

+- Review the current health of customer tenant

+ 1. In the left navigation pane of Lighthouse, select **Service health**.

+ 2. View detailed information about current and past issues.

+- Review the current health of the Lighthouse tenant

+ 1. Go to the Microsoft 365 admin center at <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">https://admin.microsoft.com</a>.

+ 2. In the left navigation pane, select **Health** > **Service health**.

+ 3. In the list of services, find **Microsoft 365 suite**, and then expand it to show all the services in the suite.

+ 4. Find **Microsoft 365 Lighthouse** and check the health.

+- See if the issue is listed in [Known issues with Microsoft 365 Lighthouse](/office365/troubleshoot/microsoft-365-lighthouse/lighthouse-known-issues).

+If you're experiencing an issue that isn't listed in any of these resources, then follow the instructions in this article to view self-help options or to create a service request.

+[Known issues with Microsoft 365 Lighthouse](m365-lighthouse-known-issues.md) (article)\

+ Title: "Known issues with Microsoft 365 Lighthouse"

+f1.keywords: NOCSH

+audience: Admin

+ms.localizationpriority: medium

+- M365-subscription-management

+- Adm_O365

+- AdminSurgePortfolib

+- M365-Lighthouse

+search.appverid: MET150

+description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthouse, see a list of known issues for Lighthouse by feature area."

+# Known issues with Microsoft 365 Lighthouse

+This article lists the known issues for Microsoft 365 Lighthouse by feature area. For more information about Lighthouse, see [Overview of Microsoft 365 Lighthouse](m365-lighthouse-overview.md).

+## Users

+| Issue | Description | Solution |

+| - | - | - |

+| **Helpdesk Agent is unable to reset a user password** | Managed Service Provider (MSP) technicians who are members of the Helpdesk Agent group are unable to reset passwords for users in customer tenants. When they try to reset the password for a user, they get the following error message: "You don't have permission to do this. [Learn more](m365-lighthouse-configure-portal-security.md)" | To work around the permissions issue, Helpdesk Agents should reset passwords by using the Microsoft 365 admin center or Azure Active Directory. |

+## Devices

+| Issue | Description | Solution |

+| - | - | - |

+| **Deleted policy appears** | After a device compliance policy has been deleted from Intune, it will temporarily continue to be visible in Lighthouse. If MSP technicians attempt to do a policy comparison that includes a policy that's been deleted, the technicians get the following error: "Something went wrong. Please refresh the page and try again." | To resolve the error, clear the deleted policy from the policy comparison and compare only existing policies. |

+## Threat management

+| Issue | Description | Solution |

+| - | - | - |

+| **Threat name is missing** | When MSP technicians view the list of threats from the Threat Management page, some threats may be missing the name of the threat. This will occur when the device that the threat was detected on was recently removed from Intune. | The issue will resolve within 48 hours. No additional steps are required. |

+## Baselines

+| Issue | Description | Solution |

+| - | - | - |

+| **Conflicting settings when comparing block legacy authentication and MFA deployment steps** | If a customer tenant has deployed block legacy authentication and one of the MFA deployment steps, a comparison test will erroneously describe these settings as conflicting. | No workaround is required. The settings don't actually conflict and users in the customer tenant aren't impacted. |

+## Windows 365

+| Issue | Description | Solution |

+| - | - | - |

+| **Retry provisioning error** | MSP technicians get a "You don't have permissions to do this" error message when attempting to retry provisioning of a Cloud PC. | To work around this issue, sign in to the customer tenant and then reprovision Cloud PCs from the Microsoft Endpoint Manger admin center. For instructions, see [Reprovision a Cloud PC](/windows-365/enterprise/reprovision-cloud-pc). |

+## Audit logs

+| Issue | Description | Solution |

+|--|--|--|

+| **Deactivate and Reactivate actions are not listed in audit logs** | The following activities are currently not reported on the Audit logs page in Lighthouse: <ul><li>Name: offboardTenant \| Action: Inactivate a customer</li> <li>Name: resetTenantOnboardingStatus \| Action: Reactive customer</li></ul> | There's no workaround, but we're working on a fix. These activities will appear in audit logs once the fix is deployed in the service. |

+| **Filter is not showing all users** | When MSP technicians try to filter by using **Initiated By**, the list of all User Principal Names (UPNs) ΓÇô corresponding to email IDs of the technicians who initiated actions generating audit logs ΓÇô isn't fully displayed under the filter.<br><br>Note that the audit logs themselves will be fully displayed; only the ability to filter them by using **Initiated By** is impacted. | There's no workaround, but we're working on a fix. The filter will revert to its expected behavior ΓÇô displaying the full list of UPNs to filter by ΓÇô once the fix is deployed in the service. |

+## Delegated Admin PermissionsΓÇ»(DAP)

+| Issue | Description | Solution |

+| - | - | - |

+| **Permissions delay when changing DAP roles** | If an MSP technician is added to or removed from the Admin Agent or Helpdesk Agent group, there may be a delay in reflecting the appropriate permissions within Lighthouse. | The issue will resolve within 30 minutes. No additional steps are required. |

+## Granular Delegated Admin PermissionsΓÇ»(GDAP)

+> [!NOTE]

+> GDAP is currently in [Technical Preview](/partner-center/announcements/2022-february#6) (Public Preview) to allow partners to assign granular permissions before GDAP is generally available.

+| Issue | Description | Solution |

+| - | - | - |

+| **Various GDAP permission issues across Lighthouse** | <ul><li>GDAP Security Administrators are unable to view risky users, dismiss risks, or confirm compromised users.</li><li>GDAP Security Readers are unable to view risky users.</li><li>GDAP Global Administrators see an error message when trying to view service health.</li></ul> | Before GDAP General Availability, the workaround is to assign the user a Global Administrator GDAP role or Admin Agent DAP role. For instructions on how to assign the Global Administrator GDAP role, see [Obtain granular admin permissions to manage a customer's service](/partner-center/gdap-obtain-admin-permissions-to-manage-customer). For instructions on how to assign the Admin Agent DAP role, see [Assign roles and permissions to users](/partner-center/permissions-overview). For a list of actions in Lighthouse that require certain Azure Active Directory roles in the partner tenant, see [Configure Microsoft 365 Lighthouse portal security](/microsoft-365/lighthouse/m365-lighthouse-configure-portal-security).

+## Localization

+| Issue | Description | Solution |

+| - | - | - |

+| **Translation issues** | Users may experience language translation issues when the language of their browser, or their language selection in Lighthouse, is anything other than English. | To minimize translation issues in Lighthouse, make sure that the browser's language selection matches that of the language setting in the Lighthouse portal. To change the language selection in Lighthouse, sign in to Lighthouse and select the gear icon at the top of the page to open the Portal settings page, select **Language + region**, and then select the appropriate language and regional formats. |

+## Related content

+[Microsoft 365 Lighthouse FAQ](m365-lighthouse-faq.yml) (article)\

+[Troubleshoot and resolve problems and error messages in Microsoft 365 Lighthouse](m365-lighthouse-troubleshoot.md) (article)\

+[Get help and support for Microsoft 365 Lighthouse](m365-lighthouse-get-help-and-support.md) (article)

+| Ineligible - Geo check failed | You and your customer don't reside in the same geographic region, which is required by Lighthouse. | Verify that the customer resides in your geographic region. If not, then you can't manage the tenant in Lighthouse. |

+[Known issues with Microsoft 365 Lighthouse](m365-lighthouse-known-issues.md) (article)\

+You can view service health for the tenants you manage in Microsoft 365 Lighthouse. Service health includes incidents and advisories for several services, including Microsoft Intune, Azure Active Directory (Azure AD) identity services, and mobile device management (MDM) cloud services. You can also see how many of your managed tenants are affected by incidents. For example, if one of your tenants is experiencing problems, you can check the Service health page to determine whether it's a known issue with a resolution in progress or whether a recent change may be impacting them. This could save you time troubleshooting and reduce support calls.

+If you can't sign in to Lighthouse, you can use the [Microsoft 365 service health status page](https://status.office365.com/) to check for known issues preventing you from logging in to your partner tenant. Also, sign up to follow [@MSFT365status](https://twitter.com/MSFT365Status) on Twitter to see information on specific service incidents.

+[How to check Microsoft 365 service health](/microsoft-365/enterprise/view-service-health) (article)\

+[Known issues with Microsoft 365 Lighthouse](m365-lighthouse-known-issues.md) (article)

+ Title: Compare security features in Microsoft 365 plans for small and medium-sized businesses

+# Compare Microsoft Defender for Business to Microsoft 365 Business Premium

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. Defender for Business as a standalone subscription is in preview, and will roll out gradually to customers and IT Partners who [sign-up here](https://aka.ms/mdb-preview) to request it. Preview includes an [initial set of scenarios](mdb-tutorials.md#try-these-preview-scenarios), and we will be adding capabilities regularly.

+Microsoft offers a wide variety of cloud solutions and services, including several different plans for small and medium-sized businesses. For example, [Microsoft 365 Business Premium](../../business/microsoft-365-business-overview.md) includes security and device management capabilities, along with productivity features, like Office apps. This article is designed to help clarify what security features, such as device protection, are included in Microsoft 365 Business Premium, Microsoft Defender for Business, and Microsoft Defender for Endpoint.

+Microsoft Defender for Business is available as a standalone offering or as part of Microsoft 365 Business Premium (beginning March 1, 2022).

+>

+> **Got a minute?**

+> Please take our <a href="https://microsoft.qualtrics.com/jfe/form/SV_0JPjTPHGEWTQr4y" target="_blank">short survey about Microsoft Defender for Business</a>. We'd love to hear from you!

+>

+**Use this article to**:

+- [Compare Microsoft Defender for Business (standalone) to Microsoft 365 Business Premium](#compare-security-features-in-microsoft-defender-for-business-to-microsoft-365-business-premium)

+- [Compare Defender for Business (standalone) to Microsoft Defender for Endpoint enterprise offerings](#compare-microsoft-defender-for-business-to-microsoft-defender-for-endpoint-plans-1-and-2)

+**You don't have to have a Microsoft 365 subscription to buy and use Microsoft Defender for Business.** Microsoft Defender for Business is included in Microsoft 365 Business Premium, and it is available as a standalone security solution for small and medium-sized businesses. If you already have Microsoft 365 Business Basic or Standard, consider adding either upgrading to Microsoft 365 Business Premium or adding Microsoft Defender for Business to get more threat protection capabilities.

+> This article is intended to provide a high-level overview of threat protection features included in Microsoft Defender for Business (as a standalone plan) and Microsoft 365 Business Premium (which includes Defender for Business). This article is not intended to serve as a service description or licensing contract document. For more information, see [Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance)

+**Beginning March 1, 2022, Defender for Business will start rolling out as part of Microsoft 365 Business Premium. Defender for Business as a standalone offering is still in preview.**

+The following table compares security features and capabilities in Defender for Business (standalone) to Microsoft 365 Business Premium.

+ <br/><br/>

+| Feature/Capability | [Microsoft Defender for Business](mdb-overview.md)<br/>(standalone; currently in preview) | [Microsoft 365 Business Premium](../../business/microsoft-365-business-overview.md)<br/>(includes Defender for Business) |

+|:|:|:|

+| Email protection | Yes <br/>- [Email scanning with Microsoft Defender Antivirus](../defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus.md) | Yes <br/>- [Exchange Online Protection](../office-365-security/exchange-online-protection-overview.md) <br/>- [Email scanning with Microsoft Defender Antivirus](../defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus.md) |

+| Antispam protection | Yes <br/>- For devices | Yes <br/>- For devices<br/>- For Microsoft 365 email content, such as messages and attachments |

+| Antimalware protection | Yes<br/>- For devices | Yes <br/>- For devices<br/>- For Microsoft 365 email content, such as messages and attachments |

+| [Next-generation protection](../defender-endpoint/microsoft-defender-antivirus-in-windows-10.md) <br/> (antivirus and antimalware protection) | Yes<br/>- Microsoft Defender Antivirus is included in Windows 10 and later | Yes <br/>- Microsoft Defender Antivirus is included in Windows 10 and later<br/>- Next-generation protection policies for onboarded devices |

+| [Attack surface reduction](../defender-endpoint/overview-attack-surface-reduction.md) <br/>(ASR rules in Windows 10 or later and firewall protection) | Yes | Yes |

+| [Endpoint detection and response](../defender-endpoint/overview-endpoint-detection-response.md) <br/>(behavior-based detection and manual response actions) | Yes | Yes |

+| [Automated investigation and response](../defender-endpoint/automated-investigations.md) | Yes | Yes |

+| [Threat & vulnerability management](../defender-endpoint/tvm-dashboard-insights.md) | Yes | Yes |

+| Centralized management and reporting | Yes | Yes |

+| [APIs](../defender-endpoint/apis-intro.md) <br/>(for integration with custom apps or reporting solutions) | Yes | Yes |

+Defender for Business brings enterprise-grade capabilities of Defender for Endpoint to small and medium-sized businesses.

+The following table compares security features and capabilities in Defender for Business to Microsoft Defender for Endpoint Plans 1 and 2. <br/><br/>

+- [See the requirements for Microsoft Defender for Business](mdb-requirements.md)

+- [Get Microsoft Defender for Business](get-defender-business.md)

+- [Learn how to set up and configure Microsoft Defender for Business](mdb-setup-configuration.md)

+# Get Microsoft Defender for Business

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. Defender for Business as a standalone subscription is in in preview, and will roll out gradually to customers and IT Partners who [sign-up here](https://aka.ms/mdb-preview) to request it. Preview includes an [initial set of scenarios](mdb-tutorials.md#try-these-preview-scenarios), and we will be adding capabilities regularly.

+- [Get Microsoft 365 Business Premium](#get-microsoft-365-business-premium)

+If you have signed up for a trial, after you receive your acceptance email, you can [activate your trial and assign user licenses](#activate-your-trial), and then proceed to your [next steps](#next-steps).

+>

+> **Got a minute?**

+> Please take our <a href="https://microsoft.qualtrics.com/jfe/form/SV_0JPjTPHGEWTQr4y" target="_blank">short survey about Microsoft Defender for Business</a>. We'd love to hear from you!

+>

+Microsoft has a list of solution providers who are authorized to sell offerings, including Microsoft 365 Business Premium and Microsoft Defender for Business.

+## Get Microsoft 365 Business Premium

+*Beginning March 1, 2022, Defender for Business will start rolling out as part of Microsoft 365 Business Premium*.

+See [Try or buy Microsoft 365 Business Premium](../../business-premium/get-microsoft-365-business-premium.md).

+Participating in the preview program enables you to try out Defender for Business as a standalone subscription. The preview program is available to:

+- Small and medium-sized businesses (up to 300 employees) who do not already have Microsoft 365 Business Premium

+When you receive your acceptance email, here's how to activate your trial subscription:

+4. Use one of the following procedures:

+ - If you're setting up a Microsoft 365 subscription for the first time, select **Go to guided setup** and complete the following steps:

+ a. Either install your Office apps now, or choose **Continue** to skip this step. (You can install your Office apps later.)

+ b. If your company has a domain, you can add it now (this option is recommended). Alternately, you could choose to use your default `.onmicrosoft.com` domain for now.

+ c. Add users and assign licenses. Each user you list will be assigned a license automatically. See [Add users and assign licenses at the same time](../../admin/add-users/add-users.md).

+ - If you're adding a trial to an existing Microsoft 365 tenant, follow these steps to assign your new licenses to users:

+ a. Go to the Microsoft 365 admin center ([https://admin.microsoft.com/](https://admin.microsoft.com/)) and sign in.

+ b. In the navigation pane, choose **Users** > **Active users**. Review the list of users.

+ c. To assign licenses, follow the guidance in [Assign licenses to users](../../admin/manage/assign-licenses-to-users.md).

+- [Set up and configure Microsoft Defender for Business](mdb-setup-configuration.md).

+- [Find out how to get help and support for Microsoft Defender for Business](mdb-get-help.md)

+# View and edit your security policies and settings in Microsoft Defender for Business

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. Defender for Business as a standalone subscription is in in preview, and will roll out gradually to customers and IT Partners who [sign-up here](https://aka.ms/mdb-preview) to request it. Preview includes an [initial set of scenarios](mdb-tutorials.md#try-these-preview-scenarios), and we will be adding capabilities regularly.

+After you've onboarded your organization's devices to Microsoft Defender for Business, your next step is to view and if necessary, edit your security policies and settings. Security policies include:

+In Defender for Business, security policies are applied to devices through [device groups](mdb-create-edit-device-groups.md#what-is-a-device-group).

+>

+> **Got a minute?**

+> Please take our <a href="https://microsoft.qualtrics.com/jfe/form/SV_0JPjTPHGEWTQr4y" target="_blank">short survey about Microsoft Defender for Business</a>. We'd love to hear from you!

+>

+Defender for Business features a [simplified configuration process](mdb-simplified-configuration.md) that helps streamline the setup and configuration process. If you select the simplified configuration process, you can view and manage your security policies in the Microsoft 365 Defender portal ([https://security.microsoft.com/](https://security.microsoft.com/)). However, you're not limited to this option. If you've been using Microsoft Endpoint Manager (which includes Microsoft Intune), you can keep using your Endpoint Manager.

+In addition to security policies that are applied to devices, there are other settings you can view and edit in Defender for Business. For example, you specify the time zone to use, and you can onboard (or offboard) devices.

+> You might see more settings in your tenant than are listed in this article. This article highlights the most important settings that you should review in Defender for Business.

+The following table describes settings to view (and if necessary, edit) in Defender for Business.

+| **Endpoints** | **Device management** > **Onboarding** | Onboard devices to Defender for Business by using a downloadable script. To learn more, see [Onboard devices to Microsoft Defender for Business](mdb-onboard-devices.md). |

+| **Endpoints** | **Device management** > **Offboarding** | Offboard (remove) devices from Defender for Business. When you offboard a device, it no longer sends data to Defender for Business, but data received prior to offboarding is retained. To learn more, see [Offboarding a device](mdb-onboard-devices.md#offboarding-a-device). |

+- [Get started using Microsoft Defender for Business](mdb-get-started.md)

+- [Manage devices in Microsoft Defender for Business](mdb-manage-devices.md)

+- [View and manage incidents in Microsoft Defender for Business](mdb-view-manage-incidents.md)

+- [View or edit policies in Microsoft Defender for Business](mdb-view-edit-policies.md)

+# Device groups in Microsoft Defender for Business

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. Defender for Business as a standalone subscription is in in preview, and will roll out gradually to customers and IT Partners who [sign-up here](https://aka.ms/mdb-preview) to request it. Preview includes an [initial set of scenarios](mdb-tutorials.md#try-these-preview-scenarios), and we will be adding capabilities regularly.

+In Microsoft Defender for Business, policies are applied to devices through certain collections that are called device groups.

+>

+> **Got a minute?**

+> Please take our <a href="https://microsoft.qualtrics.com/jfe/form/SV_0JPjTPHGEWTQr4y" target="_blank">short survey about Microsoft Defender for Business</a>. We'd love to hear from you!

+>

+A device group is a collection of devices that are grouped together because of certain specified criteria, such as operating system version. Devices that meet the criteria are included in that device group, unless you exclude them. In Microsoft Defender for Business, policies are applied to devices by using device groups.

+Defender for Business includes default device groups that you can use. The default device groups include all the devices that are onboarded to Defender for Business. However, you can also create new device groups to assign policies with specific settings to certain devices.

+Currently, in Defender for Business, you can create a new device group while you are in the process of creating or editing a policy, as described in the following procedure:

+- [View and manage incidents in Microsoft Defender for Business](mdb-view-manage-incidents.md)

+- [Respond to and mitigate threats in Microsoft Defender for Business](mdb-respond-mitigate-threats.md)

+# Manage your custom rules for firewall policies in Microsoft Defender for Business

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. Defender for Business as a standalone subscription is in in preview, and will roll out gradually to customers and IT Partners who [sign-up here](https://aka.ms/mdb-preview) to request it. Preview includes an [initial set of scenarios](mdb-tutorials.md#try-these-preview-scenarios), and we will be adding capabilities regularly.

+Microsoft Defender for Business includes firewall policies that help protect your devices from unwanted network traffic. You can use custom rules to define exceptions for your firewall policies. That is, you can use custom rules to block or allow specific connections.

+To learn more about firewall policies and settings, see [Firewall in Microsoft Defender for Business](mdb-firewall.md).

+>

+> **Got a minute?**

+> Please take our <a href="https://microsoft.qualtrics.com/jfe/form/SV_0JPjTPHGEWTQr4y" target="_blank">short survey about Microsoft Defender for Business</a>. We'd love to hear from you!

+>

+- [View and manage incidents in Microsoft Defender for Business](mdb-view-manage-incidents.md)

+- [Respond to and mitigate threats in Microsoft Defender for Business](mdb-respond-mitigate-threats.md)

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. Defender for Business as a standalone subscription is in in preview, and will roll out gradually to customers and IT Partners who [sign-up here](https://aka.ms/mdb-preview) to request it. Preview includes an [initial set of scenarios](mdb-tutorials.md#try-these-preview-scenarios), and we will be adding capabilities regularly.

+>

+> **Got a minute?**

+> Please take our <a href="https://microsoft.qualtrics.com/jfe/form/SV_0JPjTPHGEWTQr4y" target="_blank">short survey about Microsoft Defender for Business</a>. We'd love to hear from you!

+>

+> Email notifications are a convenient way to help keep your security team informed, in real time. But there are others! For example, whenever your security team signs into the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), they'll see cards highlighting new threats, alerts, and vulnerabilities. Defender for Business is designed to highlight important information that your security team cares about as soon as they sign in.

+> Your security team can also choose **Incidents** in the navigation pane to view information. To learn more, see [View and manage incidents in Microsoft Defender for Business](mdb-view-manage-incidents.md).

+- [Step 4: Onboard devices to Microsoft Defender for Business](mdb-onboard-devices.md)

+ Title: Firewall in Microsoft Defender for Business

+description: Learn about Windows Defender Firewall in Microsoft Defender for Business, including configuration settings

+# Firewall in Microsoft Defender for Business

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. Defender for Business as a standalone subscription is in in preview, and will roll out gradually to customers and IT Partners who [sign-up here](https://aka.ms/mdb-preview) to request it. Preview includes an [initial set of scenarios](mdb-tutorials.md#try-these-preview-scenarios), and we will be adding capabilities regularly.

+Microsoft Defender for Business includes firewall capabilities with [Windows Defender Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security). Firewall protection helps secure devices with rules that determine which network traffic is permitted to enter or flow from devices.

+- [Default firewall settings in Defender for Business](#default-firewall-settings-in-defender-for-business)

+- [Firewall settings you can configure in Defender for Business](#firewall-settings-you-can-configure-in-defender-for-business)

+>

+> **Got a minute?**

+> Please take our <a href="https://microsoft.qualtrics.com/jfe/form/SV_0JPjTPHGEWTQr4y" target="_blank">short survey about Microsoft Defender for Business</a>. We'd love to hear from you!

+>

+Microsoft Defender for Business includes default firewall policies and settings to help protect your organization's devices from day one. As soon as your organization's devices are onboarded to Microsoft Defender for Business, your default firewall policy works as follows:

+In Microsoft Defender for Business, you can define exceptions to block or allow incoming connections. You define these exceptions by creating custom rules. See [Manage custom rules for firewall policies](mdb-custom-rules-firewall.md).

+Microsoft Defender for Business includes firewall protection through Windows Defender Firewall. The following table lists settings that can be configured for firewall protection in Microsoft Defender for Business. <br/><br/>

+- [Manage firewall settings in Microsoft Defender for Business](mdb-custom-rules-firewall.md)

+- [View and manage incidents in Microsoft Defender for Business](mdb-view-manage-incidents.md)

+- [Respond to and mitigate threats in Microsoft Defender for Business](mdb-respond-mitigate-threats.md)

+ Title: Get help and support for Microsoft Defender for Business

+description: Find out how to get help or contact support in Microsoft Defender for Business

+# Get help and support for Microsoft Defender for Business

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. Defender for Business as a standalone subscription is in in preview, and will roll out gradually to customers and IT Partners who [sign-up here](https://aka.ms/mdb-preview) to request it. Preview includes an [initial set of scenarios](mdb-tutorials.md#try-these-preview-scenarios), and we will be adding capabilities regularly.

+If you need help with Microsoft Defender for Business, select the Help icon (?) in the upper right corner of the screen. Type your question or issue. Several options, such as quick answers or help articles, will be listed.

+- [Microsoft Defender for Business - Frequently asked questions and answers](mdb-faq.yml)

+- [Microsoft Defender for Business troubleshooting](mdb-troubleshooting.yml)

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. Defender for Business as a standalone subscription is in in preview, and will roll out gradually to customers and IT Partners who [sign-up here](https://aka.ms/mdb-preview) to request it. Preview includes an [initial set of scenarios](mdb-tutorials.md#try-these-preview-scenarios), and we will be adding capabilities regularly.

+After you've signed up for Microsoft Defender for Business, you'll want to get acquainted with the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)). This article includes the following sections:

+The Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) is your one-stop shop for using and managing Microsoft Defender for Business. It includes a welcome banner and callouts to help you get started, cards that surface relevant information, and a navigation bar to give you easy access to the various features and capabilities.

+| **Home** | Takes you to your home page in Microsoft 365 Defender. The home page includes cards that highlight any active threats that were detected, along with recommendations to help secure your organizationΓÇÖs data and devices. <br/><br/>Recommendations are included in Defender for Business can save your security team time and effort. Recommendations are based on industry best practices. To learn more about recommendations, see [Security recommendations - threat and vulnerability management](../defender-endpoint/tvm-security-recommendation.md). |

+| **Incidents** | Takes you to your list of recent incidents. As alerts are triggered, incidents are created. An incident can include multiple alerts. Make sure to review your incidents regularly. <br/><br/>To learn more about incidents, see [View and manage incidents in Microsoft Defender for Business](mdb-view-manage-incidents.md).|

+| **Learning hub** | Provides access to security training and other resources through learning paths that are included with your subscription. You can filter by product, skill level, role, and more. The Learning hub can help your security team ramp up on security features & capabilities in Defender for Business and more Microsoft offerings, such as [Microsoft Defender for Endpoint](../defender-endpoint/microsoft-defender-endpoint.md) and [Microsoft Defender for Office 365](../office-365-security/defender-for-office-365.md). |

+| **Endpoints** > **Search** | Enables you to search for one or more devices that were onboarded to Microsoft Defender for Business. |

+| **Endpoints** > **Device inventory** | Enables you to search for one or more devices that were onboarded to Microsoft Defender for Business. |

+| **Endpoints** > **Device configuration** | Lists your security policies by operating system and by type. <br/><br/>To learn more about your security policies, see [View or edit policies in Microsoft Defender for Business](mdb-view-edit-policies.md). |

+| **Settings** | Enables you to edit settings for the Microsoft 365 Defender portal and Microsoft Defender for Business. For example, you can onboard (or offboard) and your organizationΓÇÖs devices (also referred to as endpoints). You can also define rules, such as alert suppression rules, and set up indicators to block or allow certain files or processes. |

+See the learning module, [Detect and respond to security issues](/learn/modules/m365-detect-respond-security-issues-defender-endpoint/), to get an overview of incidents and response actions. You'll learn about the incident queue, alerts, and response actions that you can take. This course will help you get started working with incidents in Defender for Business.

+> Although the learning module ([Detect and respond to security issues](/learn/modules/m365-detect-respond-security-issues-defender-endpoint/)) is actually for Microsoft Defender for Endpoint, the basic concepts and overall flow are similar to what you'll see in Defender for Business.

+Now that you have an overview of Defender for Business, try one or more of the following tasks:

+- [Try tutorials and simulations in Microsoft Defender for Business](mdb-tutorials.md)

+- [Manage devices in Microsoft Defender for Business](mdb-manage-devices.md)

+- [View and manage incidents in Microsoft Defender for Business](mdb-view-manage-incidents.md)

+- [Respond to and mitigate threats in Microsoft Defender for Business](mdb-respond-mitigate-threats.md)

+- [View or edit policies in Microsoft Defender for Business](mdb-view-edit-policies.md)

+ Title: Microsoft 365 Lighthouse and Microsoft Defender for Business

+description: Learn how Microsoft Defender for Business integrates with Microsoft 365 Lighthouse

+# Microsoft 365 Lighthouse and Microsoft Defender for Business

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. Defender for Business as a standalone subscription is in in preview, and will roll out gradually to customers and IT Partners who [sign-up here](https://aka.ms/mdb-preview) to request it. Preview includes an [initial set of scenarios](mdb-tutorials.md#try-these-preview-scenarios), and we will be adding capabilities regularly.

+If you're a Microsoft Cloud Solution Provider (CSP) and you have [Microsoft 365 Lighthouse](../../lighthouse/m365-lighthouse-overview.md), you can manage security for your customers (small and medium-sized businesses). Microsoft Defender for Business is designed to integrate with Microsoft 365 Lighthouse. When these capabilities become available, you'll be able to view security incidents across tenants in your Microsoft 365 Lighthouse portal ([https://lighthouse.microsoft.com](https://lighthouse.microsoft.com)).

+- [Microsoft Defender for Business](mdb-overview.md)

+ Title: Manage devices in Microsoft Defender for Business

+description: Learn how to manage devices in Microsoft Defender for Business

+# Manage devices in Microsoft Defender for Business

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. Defender for Business as a standalone subscription is in in preview, and will roll out gradually to customers and IT Partners who [sign-up here](https://aka.ms/mdb-preview) to request it. Preview includes an [initial set of scenarios](mdb-tutorials.md#try-these-preview-scenarios), and we will be adding capabilities regularly.

+In Microsoft Defender for Business, you can manage devices as follows:

+- [Onboard a device to Defender for Business](#onboard-a-device)

+- [Offboard a device from Defender for Business](#offboard-a-device)

+ If you don't have any devices listed yet, [Onboard devices to Microsoft Defender for Business](mdb-onboard-devices.md)

+See [Onboard devices to Microsoft Defender for Business](mdb-onboard-devices.md).

+- [View and manage incidents in Microsoft Defender for Business](mdb-view-manage-incidents.md)

+- [Respond to and mitigate threats in Microsoft Defender for Business](mdb-respond-mitigate-threats.md)

+- [Create or edit device groups](mdb-create-edit-device-groups.md)

+ Title: Understand next-generation protection configuration settings in Microsoft Defender for Business

+description: Understand configuration settings for next-generation protection in Microsoft Defender for Business

+# Understand next-generation configuration settings in Microsoft Defender for Business

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. Defender for Business as a standalone subscription is in in preview, and will roll out gradually to customers and IT Partners who [sign-up here](https://aka.ms/mdb-preview) to request it. Preview includes an [initial set of scenarios](mdb-tutorials.md#try-these-preview-scenarios), and we will be adding capabilities regularly.

+Next-generation protection in Defender for Business includes robust antivirus and antimalware protection. Your default policies are designed to protect your devices and users without hindering productivity; however, you can also customize your policies to suit your business needs. And, if you're using Microsoft Endpoint Manager, you can use that to manage your security policies.

+- [Other preconfigured settings in Defender for Business](#other-preconfigured-settings-in-defender-for-business)

+| **Allow users to access the Windows Security app** | Turn this setting on to enable users to open the Windows Security app on their devices. Users wonΓÇÖt be able to override settings that you configure in Microsoft Defender for Business, but they'll be able to run a quick scan if need be, or view any detected threats. |

+The following security settings are preconfigured in Defender for Business:

+The following table describes settings that are preconfigured for Defender for Business and how those settings correspond to what you might see in Microsoft Endpoint Manager (or Microsoft Intune). If you're using the [simplified configuration process in Defender for Business](mdb-simplified-configuration.md) (preview), you don't need to edit these settings.

+- [View and manage incidents in Microsoft Defender for Business](mdb-view-manage-incidents.md)

+- [Respond to and mitigate threats in Microsoft Defender for Business](mdb-respond-mitigate-threats.md)

+- [Manage firewall settings in Microsoft Defender for Business](mdb-custom-rules-firewall.md)

+- [Policy CSP - Defender](/windows/client-management/mdm/policy-csp-defender)

+ Title: Onboard devices to Microsoft Defender for Business

+description: Learn about device onboarding options in Microsoft Defender for Business

+# Onboard devices to Microsoft Defender for Business

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. Defender for Business as a standalone subscription is in in preview, and will roll out gradually to customers and IT Partners who [sign-up here](https://aka.ms/mdb-preview) to request it. Preview includes an [initial set of scenarios](mdb-tutorials.md#try-these-preview-scenarios), and we will be adding capabilities regularly.

+With Microsoft Defender for Business, you have several options to choose from for onboarding your organization's devices. This article walks you through your options and includes an overview of how onboarding works.

+This article also includes information about [Running a detection test for Windows devices](#run-a-detection-test) and [Offboarding a device](#offboarding-a-device).

+>

+> **Got a minute?**

+> Please take our <a href="https://microsoft.qualtrics.com/jfe/form/SV_0JPjTPHGEWTQr4y" target="_blank">short survey about Microsoft Defender for Business</a>. We'd love to hear from you!

+>

+| **Automatic onboarding**<br/>(*available to customers who are already using Microsoft Endpoint Manager*) | Automatic onboarding sets up a connection between Defender for Business and Microsoft Endpoint Manager, and then onboards Windows devices to Defender for Business. In order to use this option, your devices must already be enrolled in Endpoint Manager.<br/><br/>To learn more, see [Use automatic onboarding for Windows devices enrolled in Microsoft Endpoint Manager](#automatic-onboarding-for-windows-devices-enrolled-in-microsoft-endpoint-manager). | Windows |

+| **Microsoft Intune** or **Microsoft Endpoint Manager**<br/>(*available to customers who are using Microsoft Intune or Endpoint Manager*) | [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) and [Mobile Device Management](/mem/intune/enrollment/device-enrollment) are part of Endpoint Manager. If you were already using Endpoint Manager before you got Defender for Business, you can opt to continue using Endpoint Manager to onboard and manage devices<br/><br/>To use this method, see [Microsoft Endpoint Manager](#microsoft-endpoint-manager). | Windows <br/>macOS<br/>iOS<br/>Android OS |

+The automatic onboarding option applies to Windows devices only. Automatic onboarding is available if your organization was already using Microsoft Endpoint Manager, Microsoft Intune, or Mobile Device Management (MDM) in Microsoft Intune before you got Defender for Business, and you already have Windows devices enrolled in Endpoint Manager.

+To learn more about automatic onboarding, see step 3 in [Use the wizard to set up Microsoft Defender for Business](mdb-use-wizard.md).

+If you were already using Endpoint Manager (which includes Microsoft Intune and Mobile Device Management), before you got Defender for Business, you can continue to use Endpoint Manager to onboard your organization's devices. With Endpoint Manager, you can onboard computers, tablets, and phones, including iOS and Android devices.

+After you've onboarded Windows devices to Defender for Business, you can run a detection test on a Windows device to make sure that everything is working correctly.

+> Offboarding a device causes the devices to stop sending data to Defender for Business. However, data received prior to offboarding is retained for up to six (6) months.

+- [Step 5: Configure your security settings and policies in Microsoft Defender for Business](mdb-configure-security-settings.md)

+- [Get started using Microsoft Defender for Business](mdb-get-started.md)

+ Title: Overview of Microsoft Defender for Business

+description: Learn about Microsoft Defender for Business, including setup, getting started, and how to use the services

+# Overview of Microsoft Defender for Business

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. Defender for Business as a standalone subscription is in in preview, and will roll out gradually to customers and IT Partners who [sign-up here](https://aka.ms/mdb-preview) to request it. Preview includes an [initial set of scenarios](mdb-tutorials.md#try-these-preview-scenarios), and we will be adding capabilities regularly.

+Microsoft Defender for Business is a new endpoint security solution that was designed especially for the small and medium-sized business (up to 300 employees). With this endpoint security solution, your organization's devices are better protected from ransomware, malware, phishing, and other threats.

+Watch the following video to learn more about Defender for Business:

+[:::image type="content" source="mediB-MicrosoftMechanics)

+This article describes what's included in Defender for Business, with links to learn more about these features and capabilities.

+>

+> **Got a minute?**

+> Please take our <a href="https://microsoft.qualtrics.com/jfe/form/SV_0JPjTPHGEWTQr4y" target="_blank">short survey about Microsoft Defender for Business</a>. We'd love to hear from you!

+>

+With Defender for Business, you can help protect the devices and data your business uses with:

+- **Enterprise-grade security**. Defender for Business brings powerful endpoint security capabilities from our industry-leading [Microsoft Defender for Endpoint](../defender-endpoint/microsoft-defender-endpoint.md) solution and optimizes those capabilities for IT administrators to support small and medium-sized businesses.

+- **An easy-to-use security solution**. Defender for Business offers streamlined experiences that guide you to action with recommendations and insights into the security of your endpoints. No specialized knowledge is required, because Defender for Business offers wizard-driven configuration and default security policies that are designed to help protect your organization's devices from day one.

+- **Flexibility for your environment**. Defender for Business can work with your business environment, whether you're using the Microsoft Cloud, on-premises technology, or non-Microsoft productivity solutions. Defender for Business works with components that are built into Windows, and with apps for macOS, iOS, and Android devices.

+- **Integration with Microsoft 365 Lighthouse**. If you're a Managed Service Provider (MSP) using [Microsoft 365 Lighthouse](../../lighthouse/m365-lighthouse-overview.md), more capabilities are available. If your customers are using Microsoft 365 Business Premium together with Defender for Business, you can view security incidents and alerts across customer tenants that are onboarded to Microsoft 365 Lighthouse.

+- **Provide you with an overview of Defender for Business** so you know whatΓÇÖs included and how it works

+ - [Compare security features in Microsoft Defender for Business to other plans](compare-mdb-m365-plans.md)

+ - [Find out how to get Microsoft Defender for Business](get-defender-business.md)

+ - [See how to set up and configure Defender for Business](mdb-setup-configuration.md)

+- **Help you get started using Defender for Business**, starting with the Microsoft 365 Defender portal

+- [Learn more about the simplified configuration process in Microsoft Defender for Business](mdb-simplified-configuration.md)

+- [Find out how to get Microsoft Defender for Business](get-defender-business.md)

+ Title: Understand policy order in Microsoft Defender for Business

+description: Learn about order of priority with policies in Microsoft Defender for Business

+# Understand policy order in Microsoft Defender for Business

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. Defender for Business as a standalone subscription is in in preview, and will roll out gradually to customers and IT Partners who [sign-up here](https://aka.ms/mdb-preview) to request it. Preview includes an [initial set of scenarios](mdb-tutorials.md#try-these-preview-scenarios), and we will be adding capabilities regularly.

+Microsoft Defender for Business includes predefined policies to help ensure the devices your employees use are protected. Your security team can add new policies as well. For example, suppose that you want to apply certain settings to some devices, and different settings to other devices. You can do that by adding policies, such as next-generation protection policies or firewall policies.

+>

+> **Got a minute?**

+> Please take our <a href="https://microsoft.qualtrics.com/jfe/form/SV_0JPjTPHGEWTQr4y" target="_blank">short survey about Microsoft Defender for Business</a>. We'd love to hear from you!

+>

+- Policies are assigned an order of priority.

+- Devices receive the first applied policy only.

+- You can change the order of priority for policies.

+- Default policies are given the lowest order of priority.

+- [Get started using Defender for Business](mdb-get-started.md)

+- [View and manage incidents in Microsoft Defender for Business](mdb-view-manage-incidents.md)

+- [Respond to and mitigate threats in Microsoft Defender for Business](mdb-respond-mitigate-threats.md)

+ Title: Reports in Microsoft Defender for Business

+description: Get an overview of the reports that are available in Microsoft Defender for Business

+# Reports in Microsoft Defender for Business

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. Defender for Business as a standalone subscription is in in preview, and will roll out gradually to customers and IT Partners who [sign-up here](https://aka.ms/mdb-preview) to request it. Preview includes an [initial set of scenarios](mdb-tutorials.md#try-these-preview-scenarios), and we will be adding capabilities regularly.

+| **Threat protection** | The threat protection report provides information about alerts and alert trends. Use the **Alert trends** column to view information about alerts that were triggered over the last 30 days. Use the **Alert status** column to view current snapshot information about alerts, such as categories of unresolved alerts and their classification. To access this report, in the navigation pane, choose **Reports** > **Endpoints** > **Threat protection**. <br/><br/>**TIP**: You can also use the **Incidents** list to view information about alerts. In the navigation pane, choose **Incidents** to view and manage current incidents. To learn more, see [View and manage incidents in Microsoft Defender for Business](mdb-view-manage-incidents.md). |

+| **Device health and compliance** | The device health and compliance report provides information about device health and trends. You can use this report to determine whether Defender for Business sensors are working correctly on devices and the current status of Microsoft Defender Antivirus. To access this report, in the navigation pane, choose **Reports** > **Endpoints** > **Device health and compliance**. <br/><br/>**TIP**: You can use the **Device inventory** list to view information about your organization's devices. In the navigation pane, choose **Device inventory**. To learn more, see [Manage devices in Microsoft Defender for Business](mdb-manage-devices.md). |

+| **Vulnerable devices** | The vulnerable devices report provides information about devices and trends. Use the **Trends** column to view information about devices that had alerts over the last 30 days. Use the **Status** column to view current snapshot information about devices that have alerts. To access this report, in the navigation pane, choose **Reports** > **Endpoints** > **Vulnerable devices**.<br/><br/>**TIP**: You can use the **Device inventory** list to view information about your organization's devices. In the navigation pane, choose **Device inventory**. To learn more, see [Manage devices in Microsoft Defender for Business](mdb-manage-devices.md). |

+>

+> **Got a minute?**

+> Please take our <a href="https://microsoft.qualtrics.com/jfe/form/SV_0JPjTPHGEWTQr4y" target="_blank">short survey about Microsoft Defender for Business</a>. We'd love to hear from you!

+>

+- [Get started using Microsoft Defender for Business](mdb-get-started.md)

+- [View and manage incidents in Microsoft Defender for Business](mdb-view-manage-incidents.md)

+- [Manage devices in Microsoft Defender for Business](mdb-manage-devices.md)

+ Title: Requirements for Microsoft Defender for Business

+description: Microsoft Defender for Business license, hardware, and software requirements

+# Microsoft Defender for Business requirements

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. Defender for Business as a standalone subscription is in in preview, and will roll out gradually to customers and IT Partners who [sign-up here](https://aka.ms/mdb-preview) to request it. Preview includes an [initial set of scenarios](mdb-tutorials.md#try-these-preview-scenarios), and we will be adding capabilities regularly.

+This article describes the requirements for Microsoft Defender for Business.

+>

+> **Got a minute?**

+> Please take our <a href="https://microsoft.qualtrics.com/jfe/form/SV_0JPjTPHGEWTQr4y" target="_blank">short survey about Microsoft Defender for Business</a>. We'd love to hear from you!

+>

+The following table lists the basic requirements to configure and use Microsoft Defender for Business. <br/><br/>

+| Subscription | Microsoft 365 Business Premium <br/> or <br/>Microsoft Defender for Business (standalone; currently in preview). <br/><br/> See [How to get Microsoft Defender for Business](get-defender-business.md).<br/><br/>Note that if you have multiple subscriptions, the highest subscription takes precedence. For example, if you have Microsoft Defender for Endpoint Plan 2 (purchased or trial subscription), and you get Microsoft Defender for Business, Defender for Endpoint Plan 2 takes precedence. In this case, you won't see the Defender for Business experience. |

+| User accounts | User accounts are created in the Microsoft 365 admin center ([https://admin.microsoft.com](https://admin.microsoft.com))<br/><br/>Microsoft Defender for Business licenses are assigned in the Microsoft 365 admin center<br/><br/>To get help with this task, see [Add users and assign licenses](../../admin/add-users/add-users.md). |

+| Permissions | To sign up for Microsoft Defender for Business, you must be a Global Admin.<br/><br/>To access the Microsoft 365 Defender portal, users must have one of the following [roles in Azure AD](mdb-roles-permissions.md) assigned: <br/>- Security Reader<br/>- Security Admin<br/>- Global Admin<br/><br/>To learn more, see [Roles and permissions in Microsoft Defender for Business](mdb-roles-permissions.md). |

+| Operating system | To manage devices in Microsoft Defender for Business, your devices must be running one of the following operating systems: <br/>- Windows 10 Business or later <br/>- Windows 10 Professional or later <br/>- Windows 10 Enterprise or later <br/><br/>Make sure that [KB5006738](https://support.microsoft.com/topic/october-26-2021-kb5006738-os-builds-19041-1320-19042-1320-and-19043-1320-preview-ccbce6bf-ae00-4e66-9789-ce8e7ea35541) is installed. <br/><br/>If you're already managing devices in Microsoft Intune (or Microsoft Endpoint Manager), or if you're using a non-Microsoft device management solution, your devices must be running one of the [operating systems that are supported in Microsoft Defender for Endpoint](../defender-endpoint/minimum-requirements.md). |

+| Integration with Microsoft Endpoint Manager | If you plan to onboard devices using [Microsoft Defender for Business security configuration](mdb-onboard-devices.md#microsoft-defender-for-business-security-configuration), then the following requirements must be met:<br/><br/>Prerequisites must be met for [Security Management for Microsoft Defender for Endpoint](/mem/intune/protect/mde-security-integration).<br/>- Azure AD must be configured such that trust is created between your organization's devices and Azure AD. <br/>- Defender for Business must have security management enabled in Microsoft Endpoint Manager.<br/><br/>Devices must be able to connect to the following URLs:<br/>- `enterpriseregistration.windows.net` (for registration in Azure AD)<br/>- `login.microsoftonline.com` (for registration in Azure AD)<br/>- `*.dm.microsoft.com` (The wildcard (*) supports the cloud-service endpoints that are used for enrollment, check-in, and reporting, and can change as the service scales.) |

+> [Azure Active Directory (Azure AD)](/azure/active-directory/fundamentals/active-directory-whatis) is used to manage user permissions and device groups. Azure AD is included in your Defender for Business subscription.

+> - If you do have another Microsoft 365 subscription when you start your Defender for Business trial, you can use your existing Azure AD service.

+> - If you are using [Microsoft 365 Business Premium](../../business/index.yml) when you start your Defender for Business trial, you will have the option to manage devices in Microsoft Intune.

+- [Step 2: Assign roles and permissions in Microsoft Defender for Business](mdb-roles-permissions.md)

+

+ Title: Respond to and mitigate threats in Microsoft Defender for Business

+# Respond to and mitigate threats in Microsoft Defender for Business

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. Defender for Business as a standalone subscription is in in preview, and will roll out gradually to customers and IT Partners who [sign-up here](https://aka.ms/mdb-preview) to request it. Preview includes an [initial set of scenarios](mdb-tutorials.md#try-these-preview-scenarios), and we will be adding capabilities regularly.

+The Microsoft 365 Defender portal enables your security team to respond to and mitigate detected threats. This article walks you through an example of how you can use Defender for Business.

+- [Manage devices in Microsoft Defender for Business](mdb-manage-devices.md)

+- [View and manage incidents in Microsoft Defender for Business](mdb-view-manage-incidents.md)

+ Title: Review remediation actions in Microsoft Defender for Business

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. Defender for Business as a standalone subscription is in in preview, and will roll out gradually to customers and IT Partners who [sign-up here](https://aka.ms/mdb-preview) to request it. Preview includes an [initial set of scenarios](mdb-tutorials.md#try-these-preview-scenarios), and we will be adding capabilities regularly.

+Microsoft Defender for Business includes several remediation actions. These actions include manual response actions, actions following automated investigation, and live response actions.

+- [Respond to and mitigate threats in Microsoft Defender for Business](mdb-respond-mitigate-threats.md)

+- [Manage devices in Microsoft Defender for Business](mdb-manage-devices.md)

+ Title: Assign roles and permissions in Microsoft Defender for Business

+description: Learn how to assign roles and permissions in Microsoft Defender for Business

+# Assign roles and permissions in Microsoft Defender for Business

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. Defender for Business as a standalone subscription is in in preview, and will roll out gradually to customers and IT Partners who [sign-up here](https://aka.ms/mdb-preview) to request it. Preview includes an [initial set of scenarios](mdb-tutorials.md#try-these-preview-scenarios), and we will be adding capabilities regularly.

+To perform tasks in the Microsoft 365 Defender portal, such as configuring Microsoft Defender for Business, viewing reports, or taking response actions on detected threats, appropriate permissions must be assigned to your security team. Permissions are granted through roles that are assigned in the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) or in [Azure Active Directory](/azure/active-directory/roles/manage-roles-portal).

+1. [Learn about roles in Defender for Business](#roles-in-defender-for-business).

+The following table describes the three roles that can be assigned in Defender for Business. [Learn more about admin roles](../../admin/add-users/about-admin-roles.md). <br/><br/>

+| **Global administrators** (also referred to as global admins) <br/><br/> *As a best practice, limit the number of global admins.* | Global admins can perform all kinds of tasks. The person who signed up your organization for Microsoft 365 or for Microsoft Defender for Business is a global administrator by default. <br/><br/> Global admins are able to access/change settings across all Microsoft 365 portals, such as: <br/>- The Microsoft 365 admin center ([https://admin.microsoft.com](https://admin.microsoft.com)) <br/>- Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) |

+- [Step 4: Onboard devices to Microsoft Defender for Business](mdb-onboard-devices.md)

+ Title: Set up and configure Microsoft Defender for Business

+description: Get an overview of the setup and configuration process for Microsoft Defender for Business

+# Set up and configure Microsoft Defender for Business

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. Defender for Business as a standalone subscription is in in preview, and will roll out gradually to customers and IT Partners who [sign-up here](https://aka.ms/mdb-preview) to request it. Preview includes an [initial set of scenarios](mdb-tutorials.md#try-these-preview-scenarios), and we will be adding capabilities regularly.

+Microsoft Defender for Business provides a streamlined setup and configuration experience, designed especially for the small and medium-sized business. Use this article as a guide.

+| 1 | [Review the requirements](mdb-requirements.md) | Review the requirements, including supported operating systems, for Microsoft Defender for Business. See [Microsoft Defender for Business requirements](mdb-requirements.md). |

+| 4 | [Onboard devices](mdb-onboard-devices.md) | Microsoft Defender for Business is set up so that you can choose from several options to onboard your organization's devices. See [Onboard devices to Microsoft Defender for Business](mdb-onboard-devices.md). |

+- [Step 1: Review the requirements for Microsoft Defender for Business](mdb-requirements.md)

+ Title: The simplified configuration process in Microsoft Defender for Business

+description: Learn about the simplified configuration process in Microsoft Defender for Business

+# The simplified configuration process in Microsoft Defender for Business

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. Defender for Business as a standalone subscription is in in preview, and will roll out gradually to customers and IT Partners who [sign-up here](https://aka.ms/mdb-preview) to request it. Preview includes an [initial set of scenarios](mdb-tutorials.md#try-these-preview-scenarios), and we will be adding capabilities regularly.

+Microsoft Defender for Business features a simplified configuration process, designed especially for small and medium-sized businesses. This experience takes the guesswork out of onboarding and managing devices, with a wizard-like experience and default policies that are designed to protect your organization's devices from day one. **We recommend using the simplified configuration process; however, you're not limited to this option**.

+- The simplified configuration process in Microsoft Defender for Business (*recommended*)

+2. [Learn more about the simplified configuration process in Defender for Business](#why-we-recommend-using-the-simplified-configuration-process)

+>

+> **Got a minute?**

+> Please take our <a href="https://microsoft.qualtrics.com/jfe/form/SV_0JPjTPHGEWTQr4y" target="_blank">short survey about Microsoft Defender for Business</a>. We'd love to hear from you!

+>

+| The simplified configuration experience in the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) <br/>(*This is the recommended option for most customers*) | The simplified configuration experience includes a wizard-like experience to help you set up and configure Defender for Business. Simplified configuration also includes default security settings and policies that help you protect your organization's devices from day one. <br/><br/>With this experience, your security team uses the Microsoft 365 Defender portal to: <br/>- Set up and configure Defender for Business <br/>- View and manage incidents<br/>- Respond to and mitigate threats<br/>- View reports<br/>- Review pending or completed actions <br/><br/> This portal is your one-stop shop for your organization's security settings and threat protection capabilities. You get a simplified experience to help you get started quickly and efficiently. To learn more, see [Use the wizard to set up Microsoft Defender for Business](mdb-use-wizard.md).<br/><br/>And, you can edit your settings or define new policies to suit your organization's needs.<br/><br/>To learn more, see [View or edit device policies in Microsoft Defender for Business](mdb-view-edit-policies.md). |

+| Your non-Microsoft device management solution | If you're using a non-Microsoft productivity and device management solution, you can continue to use that solution with Defender for Business. <br/><br/>When devices are onboarded to Defender for Business, you'll see their status and alerts in the Microsoft 365 Defender portal. To learn more, see [Onboarding and configuration tool options for Defender for Endpoint](../defender-endpoint/onboard-configure.md).<br/><br/>If you're already using a non-Microsoft device management solution, you can continue using that solution. |

+**We recommend using the simplified configuration process in Microsoft Defender for Business** for most customers. The simplified configuration process is streamlined especially for small and medium-sized businesses. Defender for Business is designed to help you protect your organization's devices on day one, without requiring deep technical expertise or special knowledge. With default security settings and policies, your devices are protected as soon as they're onboarded.

+Defender for Business is designed to provide strong protection while saving you time and effort in configuring your security settings. The streamlined experience in the Microsoft 365 Defender portal makes it simple to onboard devices and manage them. In addition, default policies are included so that your organization's devices are protected as soon as they're onboarded. You can keep your default settings as they are, or make changes to suit your business needs. You can also add new policies to manage devices as needed.

+- [Set up and configure Microsoft Defender for Business](mdb-setup-configuration.md)

+- [Get started using Microsoft Defender for Business](mdb-get-started.md)

+ Title: Tutorials and simulations in Microsoft Defender for Business

+description: Learn about several tutorials to help you get started using Defender for Business

+# Tutorials and simulations in Microsoft Defender for Business

+If you've just finished setting up Microsoft Defender for Business, you might be wondering where to start to learn about how Defender for Business works. This article describes preview scenarios to try, and several tutorials and simulations that are available for Defender for Business. These resources are designed to help you see how Defender for Business can work for your organization.

+The following table summarizes several scenarios to try with Defender for Business.

+| Onboard devices using a local script <br/>(*not for production deployment*) | In Defender for Business, you can onboard up to ten Windows 10 and 11 devices using a script that you download and run on each device. Suitable for evaluating how Defender for Business will work in your environment, the script creates a trust with Azure Active Directory (Azure AD) and enrolls the device with Microsoft Intune. To learn more, see [Local script in Defender for Business](mdb-onboard-devices.md#local-script-in-defender-for-business). |

+| Onboard devices using Microsoft Intune | If you were already using Microsoft Intune before getting Defender for Endpoint, you can continue to use Microsoft Intune to onboard devices. Try onboarding macOS, iOS, and Android devices with Microsoft Intune. To learn more, see [Device enrollment in Microsoft Intune](/mem/intune/enrollment/device-enrollment). |

+| Edit security policies | If you're managing your security policies in Defender for Business, use the **Device configuration** page to view and edit your policies. To learn more, see [View or edit policies in Microsoft Defender for Business](mdb-view-edit-policies.md). |

+| Execute a simulated attack | Several tutorials and simulations are available in Defender for Business. These tutorials and simulations are designed to show you firsthand how the threat protection features of Defender for Business can work for your organization. To try one or more of the tutorials, see [Recommended tutorials for Microsoft Defender for Business](#recommended-tutorials-for-defender-for-business). |

+| View incidents in Microsoft 365 Lighthouse | If you are a [Microsoft Cloud Solution Provider](/partner-center/enrolling-in-the-csp-program) using Microsoft 365 Lighthouse, you will be able to view incidents across your customers' tenants in your Microsoft 365 Lighthouse portal soon. To learn more, see [Microsoft 365 Lighthouse and Microsoft Defender for Business](mdb-lighthouse-integration.md). |

+The following table describes the recommended tutorials for Defender for Business customers:

+> You'll see references to Microsoft Defender for Endpoint in the walkthrough documents. The tutorials listed in this article can be used with either Defender for Endpoint or Defender for Business.

+- [Manage devices in Microsoft Defender for Business](mdb-manage-devices.md)

+- [View and manage incidents in Microsoft Defender for Business](mdb-view-manage-incidents.md)

+- [Respond to and mitigate threats in Microsoft Defender for Business](mdb-respond-mitigate-threats.md)

+ Title: Use the wizard to set up Microsoft Defender for Business

+# Use the wizard to set up Microsoft Defender for Business

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. Defender for Business as a standalone subscription is in in preview, and will roll out gradually to customers and IT Partners who [sign-up here](https://aka.ms/mdb-preview) to request it. Preview includes an [initial set of scenarios](mdb-tutorials.md#try-these-preview-scenarios), and we will be adding capabilities regularly.

+Microsoft Defender for Business was designed to save small and medium-sized businesses time and effort with a wizard-like experience for initial setup and configuration. This article describes the steps of the wizard and your options for setting up and configuring Defender for Business manually.

+>

+> **Got a minute?**

+> Please take our <a href="https://microsoft.qualtrics.com/jfe/form/SV_0JPjTPHGEWTQr4y" target="_blank">short survey about Microsoft Defender for Business</a>. We'd love to hear from you!

+>

+2. **Onboard and configure Windows devices**. In this step, you can onboard your organization's Windows devices to Defender for Business quickly. Onboarding devices right away helps to protect those devices from day one. See [Onboard devices to Microsoft Defender for Business](mdb-onboard-devices.md) for more details.

+ - If you're not already using Endpoint Manager, or if you have non-Windows devices enrolled in Endpoint Manager, you can onboard devices to Defender for Business manually.

+If you choose not to use the wizard, or if the wizard is closed before your setup process is complete, you can still complete your setup and configuration process on your own.

+See [Set up and configure Microsoft Defender for Business](mdb-setup-configuration.md) to walk through the steps.

+- [Use your Threat & Vulnerability Management dashboard](mdb-view-tvm-dashboard.md)

+ Title: View or edit policies in Microsoft Defender for Business

+description: Learn how to view, edit, create, and delete next-generation protection policies in Microsoft Defender for Business

+# View or edit policies in Microsoft Defender for Business

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. Defender for Business as a standalone subscription is in in preview, and will roll out gradually to customers and IT Partners who [sign-up here](https://aka.ms/mdb-preview) to request it. Preview includes an [initial set of scenarios](mdb-tutorials.md#try-these-preview-scenarios), and we will be adding capabilities regularly.

+In Microsoft Defender for Business, security settings are configured through policies that are applied to devices. To help simplify your setup and configuration experience, Defender for Business includes preconfigured policies to help protect your organization's devices as soon as they are onboarded. You can use the default policies, edit policies, or create your own policies.

+In Defender for Business, there are two main types of policies to protect your organization's devices:

+ - To set up a new device group, select **Create new group**, and then set up your device group. (To get help with this task, see [Device groups in Microsoft Defender for Business](mdb-create-edit-device-groups.md).)

+ To learn more about device groups, see [Device groups in Defender for Business](mdb-create-edit-device-groups.md).

+8. On the **Configuration settings** tab, specify the settings for your policy, and then choose **Next**. For more information about the individual settings, see [Configuration settings for Microsoft Defender for Business](mdb-next-gen-configuration-settings.md).

+- [Create a new policy in Microsoft Defender for Business](mdb-create-new-policy.md)

+- [View and manage incidents in Microsoft Defender for Business](mdb-view-manage-incidents.md)

+- [Respond to and mitigate threats in Microsoft Defender for Business](mdb-respond-mitigate-threats.md)

+ Title: View and manage incidents in Microsoft Defender for Business

+# View and manage incidents in Microsoft Defender for Business

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. Defender for Business as a standalone subscription is in in preview, and will roll out gradually to customers and IT Partners who [sign-up here](https://aka.ms/mdb-preview) to request it. Preview includes an [initial set of scenarios](mdb-tutorials.md#try-these-preview-scenarios), and we will be adding capabilities regularly.

+> Microsoft Defender for Business is designed to help you address detected threats by offering up recommended actions. When you view an alert, look for the recommended actions to take. Also take note of the alert severity, which is determined not only on the basis of the threat severity, but also on the level of risk to your organization.

+Microsoft Defender for Business assigns an alert severity based on the severity of the detected behavior, the actual risk to an endpoint (device), and more importantly, the potential risk to your organization. The following table lists a few examples: <br/><br/>

+| Malware that is executing is detected by Microsoft Defender for Business. The malware is blocked almost immediately. | Medium or High | The malware poses a threat to individual endpoints and to your organization. |

+- [Respond to and mitigate threats in Microsoft Defender for Business](mdb-respond-mitigate-threats.md)

+- [View or edit device policies in Microsoft Defender for Business](mdb-view-edit-policies.md)

+ Title: View your Threat & Vulnerability Management dashboard in Microsoft Defender for Business

+# Use your Threat & Vulnerability Management dashboard in Microsoft Defender for Business

+> Microsoft Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022. Defender for Business as a standalone subscription is in in preview, and will roll out gradually to customers and IT Partners who [sign-up here](https://aka.ms/mdb-preview) to request it. Preview includes an [initial set of scenarios](mdb-tutorials.md#try-these-preview-scenarios), and we will be adding capabilities regularly.

+Microsoft Defender for Business includes a Threat & Vulnerability Management dashboard that is designed to save your security team time and effort. In addition to providing an exposure score, you can also view information about exposed devices and security recommendations. You can use your Threat & Vulnerability Management dashboard to:

+>

+> **Got a minute?**

+> Please take our <a href="https://microsoft.qualtrics.com/jfe/form/SV_0JPjTPHGEWTQr4y" target="_blank">short survey about Microsoft Defender for Business</a>. We'd love to hear from you!

+>

+- [Tutorials and simulations in Microsoft Defender for Business](mdb-tutorials.md)

+- [Onboard devices to Microsoft Defender for Business](mdb-onboard-devices.md)

+- [View or edit policies in Microsoft Defender for Business](mdb-view-edit-create-policies.md)

+## 101.59.50 (20.122021.15950.0)

+- This version adds support for macOS 12.3. Starting with macOS 12.3, [Apple is removing Python 2.7](https://developer.apple.com/documentation/macos-release-notes/macos-12_3-release-notes). There will be no Python version preinstalled on macOS by default. **ACTION NEEDED**:

+ - Users must update Microsoft Defender for Endpoint for Mac to version 101.59.50 (or newer) prior to updating their devices to macOS Monterey 12.3 (or newer). This minimal version 101.59.50 is a prerequisite to eliminating Python-related issues with Microsoft Defender for Endpoint for Mac on macOS Monterey.

+ - For remote deployments, existing MDM setups must be updated to Microsoft Defender for Endpoint for Mac version 101.59.50 (or newer). Pushing via MDM an older Microsoft Defender for Endpoint for Mac version to macOS Monterey 12.3 (or newer) will result in an installation failure.

+ - **Quarantine report message button**: Enable this feature if you want to let end users report messages from quarantine.