Updates from: 03/20/2022 02:36:14
Category Microsoft Docs article Related commit history on GitHub Change details
admin About Shared Mailboxes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/about-shared-mailboxes.md
Before you [create a shared mailbox](create-a-shared-mailbox.md), here are some
- **Too many users:** When there are too many designated users concurrently accessing a shared mailbox (no more than 25 is recommended), they may intermittently fail to connect to this mailbox or have inconsistencies like messages being duplicated in the outbox. In this case, you can consider reducing the number of users or using a different workload, such as a Microsoft 365 group or a Public folder. -- **Message deletion:** Unfortunately, you can't prevent people from deleting messages in a shared mailbox. The only way around this is to create a Microsoft 365 group instead of a shared mailbox. A group in Outlook is like a shared mailbox. For a comparison of the two, see [Compare groups](../create-groups/compare-groups.md). To learn more about groups, see [Learn more about groups](https://support.microsoft.com/office/b565caa1-5c40-40ef-9915-60fdb2d97fa2).
+- **Message deletion:** Unfortunately, you can't prevent people from deleting messages in a shared mailbox. The only way around this is to [create a Microsoft 365 group](/microsoft-365/admin/create-groups/create-groups) instead of a shared mailbox. A group in Outlook is like a shared mailbox. For a comparison of the two, see [Compare groups](../create-groups/compare-groups.md). To learn more about groups, see [Learn about Microsoft 365 groups](https://support.microsoft.com/office/b565caa1-5c40-40ef-9915-60fdb2d97fa2).
- **Multi-Geo** In a multi-geo environment, shared mailboxes need to be licensed the same way a user mailbox is licensed. Note that cross-geo mailbox auditing is not supported. For example, if a user is assigned permissions to access a shared mailbox in a different geo location, mailbox actions performed by that user are not logged in the mailbox audit log of the shared mailbox.
compliance Compliance Manager And The Gdpr https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-and-the-gdpr.md
- Title: "Microsoft Compliance Manager and the GDPR"-- NOCSH--------- MOE150-- MET150
-description: "Microsoft Compliance Manager is a free workflow-based risk assessment tool in the Microsoft Service Trust Portal. Compliance Manager enables you to track, assign, and verify regulatory compliance activities related to Microsoft cloud services."
--
-# Microsoft Compliance Manager and the GDPR
-
-The General Data Protection Regulation (GDPR) enacted by the European Union can impact your compliance strategy and mandate specific actions to manage user and customer information used in Compliance Manager.
-
-## User Privacy settings
-
-Certain regulations require that an organization must be able to delete user history data. Compliance Manager provides **User Privacy Settings** functions that allow administrators to:
-
-- [Search for a user](#search-for-a-user)-- [Export a report of account data history](#export-a-report-of-account-data-history)-- [Delete user data history](#delete-user-data-history)
-
-## Search for a user
-
-To search for a user account:
-
-1. Enter the user email alias (the information to the left of the @ symbol) and choose the domain name from the domain suffix list on the right. For organizations with multiple registered domains, double check the domain name suffix to ensure that it is correct.
-
-2. When you have the username correctly entered, select **Search**.
-
-3. For user accounts not returned, the page displays **User not found**. Check the user's email address information and make corrections as necessary. To retry, select **Search**.
-
-4. For user accounts returned, the text of the button changes from **Search** to **Clear**. This indicates that the returned user account is the operating context for the additional functions and that these functions apply to this user account.
-
-5. To clear search results and search for a different user, select **Clear**.
-
-## Export a report of account data history
-
-For each user account identified, you can generate a report of dependencies linked to the account. This information allows you to reassign open Action Items or ensure access to previously uploaded evidence.
-
- To generate and export a report:
-
-1. Select **Export** to generate and download a report of the Compliance Manager control Action Items currently assigned to the returned user account, and the list of documents uploaded by that user. If there are no assigned actions or uploaded documents, an error message states "No data for this user".
-
-2. The report downloads in the background of the active browser window ΓÇö if you don't see a download popup that you want to check your browser download history.
-
-3. Open the document to review the report data.
-
-> [!IMPORTANT]
-> The report data is not a historical list that retains and displays state changes to Action Item assignment history. The generated report is a snapshot of the control Action Items assigned at the time that the report is run (date and time stamp written into the report). For example, any subsequent reassignment of Action Items result in different snapshot report data if the report is generated again for the same user.
-
-## Delete user data history
-
-Sets all control Action Items assigned to the returned user to 'unassigned'. Sets the **uploaded by** value for any documents uploaded by the returned user to 'user removed'.
-
-To delete the user account Action Item and document upload history:
-
-1. Select **Delete**.
-
- A confirmation dialog is displayed: "*This removes all control Action Item assignments and the document upload history for the selected user. This action is permanent. Are you sure you want to continue?*"
-
-2. To continue select **OK**, otherwise select **Cancel**.
compliance Data Classification Content Explorer https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/data-classification-content-explorer.md
The data classification content explorer allows you to natively view the items t
## Prerequisites
-Every account that accesses and uses data classification must have a license assigned to it from one of these subscriptions:
--- Microsoft 365 (E5)-- Office 365 (E5)-- Advanced Compliance (E5) add-on-- Advanced Threat Intelligence (E5) add-on-- Microsoft 365 E5/A5 Info Protection & Governance-- Microsoft 365 E5/A5 Compliance-
+For licensing requirements, see [Information Protection: Data Classification Analytics: Over Content & Activity Explorer](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#information-protection-data-classification-analytics-overview-content--activity-explorer)
### Permissions
compliance Device Onboarding Vdi https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/device-onboarding-vdi.md
Microsoft 365 supports non-persistent virtual desktop infrastructure (VDI) sessi
There might be associated challenges when onboarding VDIs. The following are typical challenges for this scenario: -- Instant early onboarding of a short-lived sessions, which must be onboarded to Microsoft 365 prior to the actual provisioning.
+- Instant early onboarding of short-lived sessions, which must be onboarded to Microsoft 365 prior to the actual provisioning.
- The device name is typically reused for new sessions. VDI devices can appear in the Microsoft 365 Compliance center as either:
The following steps will guide you through onboarding VDI devices and will highl
4. Click **Download package** and save the .zip file.
-5. Copy the files from the DeviceCompliancePackage folder extracted from the .zip file into the `golden/master` image under the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`.
+5. Copy the files from the DeviceCompliancePackage folder extracted from the .zip file into the `golden` image under the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`.
6. If you are not implementing a single entry for each device, copy DeviceComplianceOnboardingScript.cmd.
The following steps will guide you through onboarding VDI devices and will highl
10. Test your solution: 1. Create a pool with one device.
- 1. Logon to device.
- 1. Logoff from device.
- 1. Logon to device with another user.
+ 1. Log on to device.
+ 1. Log off from device.
+ 1. Log on to device with another user.
1. **For single entry for each device**: Check only one entry in Microsoft Defender Security Center. **For multiple entries for each device**: Check multiple entries in Microsoft Defender Security Center.
The following steps will guide you through onboarding VDI devices and will highl
## Updating non-persistent virtual desktop infrastructure (VDI) images
-As a best practice, we recommend using offline servicing tools to patch golden/master images.
+As a best practice, we recommend using offline servicing tools to patch golden images.
For example, you can use the below commands to install an update while the image remains offline:
For more information on DISM commands and offline servicing, please refer to the
If offline servicing is not a viable option for your non-persistent VDI environment, the following steps should be taken to ensure consistency and sensor health:
-1. After booting the master image for online servicing or patching, run an offboarding script to turn off the Microsoft 365 device monitoring sensor. For more information, see [Offboard devices using a local script](device-onboarding-script.md#offboard-devices-using-a-local-script).
+1. After booting the golden image for online servicing or patching, run an offboarding script to turn off the Microsoft 365 device monitoring sensor. For more information, see [Offboard devices using a local script](device-onboarding-script.md#offboard-devices-using-a-local-script).
2. Ensure the sensor is stopped by running the command below in a CMD window:
If offline servicing is not a viable option for your non-persistent VDI environm
exit ```
-5. Re-seal the golden/master image as you normally would.
+5. Re-seal the golden image as you normally would.
## Related topics
compliance Dlp Chrome Get Started https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-chrome-get-started.md
Deploying Microsoft Compliance Extension is a multi-phase process. You can choos
### Prepare infrastructure
-If you are rolling out the Microsoft Compliance Extension to all your monitored Windows 10 devices, you should remove Google Chrome from the unallowed app and unallowed browser lists. For more information, see [Unallowed browsers](endpoint-dlp-using.md#unallowed-browsers). If you are only rolling it out to a few devices, you can leave Chrome on the unallowed browser or unallowed app lists. The Microsoft Compliance Extension will bypass the restrictions of both lists for those computers where it is installed.
+If you are rolling out the Microsoft Compliance Extension to all your monitored Windows 10 devices, you should remove Google Chrome from the unallowed app and unallowed browser lists. For more information, see [Unallowed browsers](dlp-configure-endpoint-settings.md#unallowed-browsers). If you are only rolling it out to a few devices, you can leave Chrome on the unallowed browser or unallowed app lists. The Microsoft Compliance Extension will bypass the restrictions of both lists for those computers where it is installed.
### Prepare your devices
compliance Dlp Configure Endpoint Settings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-configure-endpoint-settings.md
+
+ Title: "Configure endpoint data loss prevention settings"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: ITPro
+
+f1_keywords:
+- 'ms.o365.cc.DLPLandingPage'
+
+ms.localizationpriority: high
+
+- M365-security-compliance
+- SPO_Content
+search.appverid:
+- MET150
+description: "Learn how to configure endpoint data loss prevention (DLP) central settings."
++
+# Configure endpoint data loss prevention settings
+
+Many aspects of Endpoint data loss prevention (DLP) behavior are controlled by centrally configured settings. Settings are applied to all DLP policies for devices.
+
+![Endpoint DLP settings](../media/endpoint-dlp-1-using-dlp-settings.png)
+
+You must configure these settings if you intend to control:
+
+- Cloud egress restrictions
+- Various types of restrictive actions on user activities per application.
+- File path exclusions for Windows and macOS devices.
+- Browser and domain restrictions.
+- How business justifications for overriding policies appear in policy tips.
+- If activities on Office, PDF, and CSV files are automatically audited.
+
+## DLP settings
+
+Before you get started, you should set up your DLP settings.
+
+### Endpoint DLP Windows 10/11 and macOS settings
+
+|Setting |Windows 10, 1809 and later, Windows 11 |macOS Catalina 10.15 or later (preview) |Notes |
+|||||
+|File path exclusions |Supported |Supported |macOS includes a recommended list of exclusions that is on by default |
+|Restricted apps |Supported |Supported | |
+|Restricted app groups |Supported |Not supported
+|Unallowed Bluetooth apps |Supported |Not supported | |
+|Browser and domain restrictions to sensitive items |Supported |Supported | |
+|Additional settings for Endpoint DLP |Supported |Supported |Only the default business justifications are supported for macOS devices |
+|Always audit file activity for devices |Supported |Supported | |
+|Auto-quarantine file from unallowed apps | Supported | Not supported| |
+|Advanced classification | Supported | Not supported| |
+|Business justification in policy tips | Supported | Supported| |
+
+### Advanced classification scanning and protection
+
+Advanced classification scanning and protection allows the more advanced Microsoft 365 cloud based data classification service to scan items, classify them and return the results to the local machine. This means you can take advantage of classification techniques like [exact data match](create-custom-sensitive-information-types-with-exact-data-match-based-classification.md) classification, [named entities (preview)](named-entities-learn.md#learn-about-named-entities-preview), and [trainable classifiers](classifier-learn-about.md#learn-about-trainable-classifiers) in your DLP policies.
+
+When advanced classification is turned on, content is sent from the local device to the cloud services for scanning and classification. If bandwidth utilization is a concern, you can set a limit on how much can be used in a rolling 24 hour period. The limit is configured in Endpoint DLP settings and is applied per device. If you set a bandwidth utilization limit and it's exceeded, DLP stops sending the user content to the cloud. At this point data classification continues locally on the device but classification using exact data match, named entities (preview), and trainable classifiers aren't available. When When the cumulative bandwidth utilization drops below the rolling 24 hour limit, communication with the cloud services will resume.
+
+If bandwidth utilization isn't a concern, you select **No limit** to allow unlimited bandwidth utilization.
+
+These Windows versions support advanced classification scanning and protection:
+
+- Windows 10 versions 20H1/20H2/21H1 (KB 5006738)
+- Windows 10 versions 19H1/19H2 (KB 5007189)
+- Windows 10 RS5 (KB 5006744)
+
+> [!NOTE]
+> Support for advanced classification is available for Office (Word, Excel, PowerPoint) and PDF file types.
+
+> [!NOTE]
+> DLP policy evaluation always occurs in the cloud, even if user content is not being sent.
+
+### File path exclusions
+
+Open [Compliance center](https://compliance.microsoft.com) > **Data loss prevention** > **Endpoint DLP settings** > **File path exclusions**.
+
+You may want to exclude certain paths from DLP monitoring, DLP alerting, and DLP policy enforcement on your devices because they're too noisy or donΓÇÖt contain files you're interested in. Files in those locations won't be audited and any files that are created or modified in those locations won't be subject to DLP policy enforcement. You can configure path exclusions in DLP settings.
+
+#### Windows 10 devices
+
+You can use this logic to construct your exclusion paths for Windows 10 devices:
+
+- Valid file path that ends with `\`, which means only files directly under folder. <br/>For example: `C:\Temp\`
+
+- Valid file path that ends with `\*`, which means only files under subfolders, besides the files directly under the folder. <br/>For example: `C:\Temp\*`
+
+- Valid file path that ends without `\` or `\*`, which means all files directly under folder and all subfolders. <br/>For example: `C:\Temp`
+
+- A path with wildcard between `\` from each side. <br/>For example: `C:\Users\*\Desktop\`
+
+- A path with wildcard between `\` from each side and with `(number)` to give exact number of subfolders. <br/>For example: `C:\Users\*(1)\Downloads\`
+
+- A path with SYSTEM environment variables. <br/>For example: `%SystemDrive%\Test\*`
+
+- A mix of all the above. <br/>For example: `%SystemDrive%\Users\*\Documents\*(2)\Sub\`
+
+#### macOS devices (preview)
+
+Similar to Windows 10 devices you can add your own exclusions for macOS devices.
+
+- File path definitions are case insensitive, so `User` is the same as `user`.
+
+- Wildcard values are supported. So a path definition can contain a `*` in the middle of the path or at the end of the path. For example: `/Users/*/Library/Application Support/Microsoft/Teams/*`
+
+##### Recommended file path exclusions (preview)
+
+For performance reasons, Endpoint DLP includes a list of recommended file path exclusions for macOS devices. These exclusions are turned on by default. You can disable them if you want by toggling the **Include recommended file path exclusions for Mac** toggle. The list includes:
+
+- /Applications/*
+- /System/*
+- /usr/*
+- /Library/*
+- /private/*
+- /opt/*
+- /Users/*/Library/Application Support/Microsoft/Teams/*
+
+### Restricted apps and app groups
+
+#### Restricted apps
+
+**Restricted apps** (previously called **Unallowed apps**) is a list of applications that you create. You configure what actions DLP will take when a user uses an app on the list to ***access*** a DLP protected file on a device. It's available for Windows 10 and macOS devices (preview).
+
+When **Access by restricted apps** is selected in a policy and a user uses an app that is on the restricted apps list to access a protected file, the activity will be `audited`, `blocked`, or `blocked with override` depending on how you configured it. That is unless the same app is a member of a **Restricted app group**, then the actions configured for activities in the **Restricted app group** override the actions configured for the access activity for the **Restricted apps** list. All activity is audited and available to review in activity explorer.
+
+> [!IMPORTANT]
+> Do not include the path to the executable, but only the executable name (such as browser.exe).
+
+> [!IMPORTANT]
+> The action (`audit`, `block with override`, or `block`) defined for apps that are on the restricted apps list only applies when a user attempts to ***access*** a protected item.
+
+#### File activities for apps in restricted app groups (preview)
+
+Restricted app groups are collections of apps that you create in DLP settings and then add to a rule in a policy. When you add a restricted app group to a policy you can take the actions defined in this table.
+
+|Restricted App group option |What it allows you to do |
+|||
+|Don't restrict file activity |Tells DLP to allow users to access DLP protected items using apps in the app group and don't take any actions when the user attempts to **Copy to clipboard**, **Copy to a USB removable drive**, **Copy to a network drive**, and **Print** from the app. |
+|Apply a restriction to all activity |Tells DLP to `Audit only`, `Block with override`, or `Block` when a user attempts to access a DLP protected item using an app that's in this app group |
+|Apply restrictions to a specific activity |This setting allows a user to access a DLP protected item using an app that is in the app group and allows you to select a default action (`Audit only`, `Block`, or `Block with override`) for DLP to take when a user attempts to **Copy to clipboard**, **Copy to a USB removable drive**, **Copy to a network drive**, and **Print**. |
+
+> [!IMPORTANT]
+> Settings in a restricted app group override any restrictions set in the restricted apps list when they are in the same rule. So, if an app is on the restricted apps list and is a member of a restricted apps group, the settings of the restricted apps group is applied.
+
+#### How DLP applies restrictions to activities
+
+Interactions between **File activities for apps in restricted app groups (preview)**, **File activities for all apps** and the **Restricted app activities** list are scoped to the same rule.
+
+##### Restricted app groups overrides
+
+Configurations defined in **File activities for apps in restricted app groups (preview)** override the configurations in the **Restricted app activities** list and **File activities for all apps** in the same rule.
+
+##### Restricted app activities and File activities for all apps
+
+The configurations of **Restricted app activities** and **File activities for all apps** work in concert if the action defined for **Restricted app activities** is either `Audit only`, or `Block with override` in the same rule. This is because actions defined for **Restricted app activities** only apply when a user accesses a file using an app that's on the list. Once the user has access, the actions defined for activities in **File activities for all apps** apply.
+
+Here's an example:
+
+If Notepad.exe is added to **Restricted appss** and **File activities for all apps** is configured to **Apply restrictions to specific activity** and both are configure like this:
+
+|Setting in policy |App name |User activity |DLP action to take |
+|||||
+|Restricted app activities |Notepad |Access a DLP protected item |Audit only |
+|File activities for all apps |All apps | Copy to clipboard |Audit only |
+|File activities for all apps |All apps |Copy to a USB removeable device | Block |
+|File activities for all apps |All apps |Copy to a network share |Audit only |
+|File activities for all apps |All apps |Print |Block |
+|File activities for all apps |All apps |Copy or move using unallowed Bluetooth app |Blocked |
+|File activities for all apps |All apps |Remote desktop services |Block with override |
+
+User A opens a DLP protected file using Notepad. DLP allows the access and audits the activity. While still in Notepad, User A then tries to copy to clipboard from the protected item, this works and DLP audits the activity. User A then tries to print the protected item from Notepad and the activity is blocked.
+
+> [!NOTE]
+> When the DLP action to take in **Restricted app activities** is set to `block`, all access is blocked and the user cannot perform any activities on the file.
+
+##### File activities for all apps only
+
+If an app is not in **File activities for apps in restricted app groups (preview)** or is not in the **Restricted app activities** list or is in the **Restricted app activities** list with an action of `Audit only`, or 'Block with override`, any restrictions defined in the **File activities for all apps** are applied in the same rule.
+
+#### macOS devices (preview)
+
+Just like on Windows devices, you'll now be able to prevent macOS apps from accessing sensitive data by defining them in the **Restricted app activities** list.
+
+> [!NOTE]
+> Note that cross platform apps must be entered with their unique paths respective to the OS they are running on.
+
+To find the full path of Mac apps:
+
+1. On the macOS device, open **Activity Monitor**. Find and double-click the process you want to restrict
+
+2. Choose **Open Files and Ports** tab.
+
+3. For macOS apps, you need the full path name, including the name of the app.
+
+#### Protect sensitive data from cloud synchronization apps
+
+To prevent sensitive items from being synced to the cloud by cloud sync apps, like *onedrive.exe*, add the cloud sync app to the **Unallowed apps** list. When an unallowed cloud-sync app tries to access an item that is protected by a blocking DLP policy, DLP may generate repeated notifications. You can avoid these repeated notifications by enabling the **Auto-quarantine** option under **Unallowed apps**.
+
+##### Auto-quarantine (preview)
+
+> [!NOTE]
+> Auto-quarantine is supported in Windows 10 only
+
+When enabled, Auto-quarantine kicks in when an unallowed app attempts to access a DLP protected sensitive item. Auto-quarantine moves the sensitive item to an admin configured folder and can leave a placeholder **.txt** file in the place of the original. You can configure the text in the placeholder file to tell users where the item was moved to and other pertinent information.
+
+You can use auto-quarantine to prevent an endless chain of DLP notifications for the user and adminsΓÇösee [Scenario 4: Avoid looping DLP notifications from cloud synchronization apps with auto-quarantine (preview)](endpoint-dlp-using.md#scenario-4-avoid-looping-dlp-notifications-from-cloud-synchronization-apps-with-auto-quarantine-preview).
+
+### Unallowed Bluetooth apps
+
+Prevent people from transferring files protected by your policies via specific Bluetooth apps.
+
+### Browser and domain restrictions to sensitive data
+
+Restrict sensitive files that match your policies from being shared with unrestricted cloud service domains.
+
+#### Unallowed browsers
+
+For Windows devices you add browsers, identified by their executable names, that will be blocked from accessing files that match the conditions of an enforced a DLP policy where the upload to cloud services restriction is set to block or block override. When these browsers are blocked from accessing a file, the end users will see a toast notification asking them to open the file through Microsoft Edge.
+
+For macOS devices, you must add the full file path. To find the full path of Mac apps:
+
+1. On the macOS device, open **Activity Monitor**. Find and double-click the process you want to restrict
+
+2. Choose **Open Files and Ports** tab.
+
+3. For macOS apps, you need the full path name, including the name of the app.
+
+#### Service domains
+
+> [!NOTE]
+> The **Service domains** setting only applies to files uploaded using Microsoft Edge or Google Chrome with the [the Microsoft Compliance Extension](dlp-chrome-learn-about.md#learn-about-the-microsoft-compliance-extension) installed.
+
+You can control whether sensitive files protected by your policies can be uploaded to specific service domains from Microsoft Edge.
+
+If the list mode is set to **Block**, then user will not be able to upload sensitive items to those domains. When an upload action is blocked because an item matches a DLP policy, DLP will either generate a warning or block the upload of the sensitive item.
+
+If the list mode is set to **Allow**, then users will be able to upload sensitive items ***only*** to those domains, and upload access to all other domains isn't allowed.
+
+> [!IMPORTANT]
+> When the service restriction mode is set to "Allow", you must have at least one service domain configured before restrictions are enforced.
+
+Use the FQDN format of the service domain without the ending `.`
+
+For example:
+
+ `www.contoso.com`
+
+Wildcards aren't supported.
+
+### Additional settings for endpoint DLP
+
+#### Business justification in policy tips
+
+You can control how users interact with the business justification option in DLP policy tip notifications. This option appears when users perform an activity that's protected by the **Block with override** setting in a DLP policy. This is a global setting. You can choose from one the following options:
+
+- **Show default options and custom text box**: By default, users can select either a built-in justification, or enter their own text.
+- **Only show default options**: Users can only select a built-in justification.
+- **Only show custom text box**: Users can only enter their own justification. Only the text box will appear in the end-user policy tip notification.
+
+##### Customizing the options in the drop-down menu
+
+You can create up to five customized options that will appear when users interact with the policy notification tip by selecting the **Customize the options drop-down menu**.
++
+|Option |Default text |
+|||
+|option 1 | **This is part of an established business workflow** or you can enter customized text |
+|option 2 |**My manager has approved this action** or you can enter customized text |
+|option 3 |**Urgent access required; I'll notify my manager separately** or you can enter customized text |
+|Show false positive option |**The information in these files is not sensitive** or you can enter customized text |
+|option 5 |**Other** or you can enter customized text |
+
+### Always audit file activity for devices
+
+By default, when devices are onboarded, activity for Office, PDF, and CSV files is automatically audited and available for review in activity explorer. Turn this feature off if you want this activity to be audited only when onboarded devices are included in an active policy.
+
+File activity will always be audited for onboarded devices, regardless of whether they're included in an active policy.
+
+## See also
+
+- [Learn about Endpoint data loss prevention](endpoint-dlp-learn-about.md)
+- [Get started with Endpoint data loss prevention](endpoint-dlp-getting-started.md)
+- [Learn about data loss prevention](dlp-learn-about-dlp.md)
+- [Create, test, and tune a DLP policy](create-test-tune-dlp-policy.md)
+- [Get started with Activity explorer](data-classification-activity-explorer.md)
+- [Microsoft Defender for Endpoint](/windows/security/threat-protection/)
+- [Onboard Windows 10 and Windows 11 devices into Microsoft 365 overview](/microsoft-365/compliance/device-onboarding-overview)
+- [Microsoft 365 subscription](https://www.microsoft.com/microsoft-365/compare-microsoft-365-enterprise-plans?rtc=1)
+- [Azure Active Directory (AAD) joined](/azure/active-directory/devices/concept-azure-ad-join)
+- [Download the new Microsoft Edge based on Chromium](https://support.microsoft.com/help/4501095/download-the-new-microsoft-edge-based-on-chromium)
+- [Get started with the default DLP policy](get-started-with-the-default-dlp-policy.md)
+- [Create a DLP policy from a template](create-a-dlp-policy-from-a-template.md)
compliance Dlp Policy Reference https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-policy-reference.md
The actions that are available in a rule are dependent on the locations that hav
- Audit or restrict activities on Windows devices
-> [!NOTE]
-> Devices gives the option to **Audit** an activity, **Block** an activity, or **Block with override** an activity.
+To use these settings, you have to configure options in **DLP settings** and in the policy in which you want to use them. See, [Restricted apps and app groups](dlp-configure-endpoint-settings.md#restricted-apps-and-app-groups) for more information.
+
+The devices location provides many subactivities (conditions) and actions. To learn more, see [Endpoint activities you can monitor and take action on](endpoint-dlp-learn-about.md#endpoint-activities-you-can-monitor-and-take-action-on).
+
+When you select **Audit or restrict activities on Windows devices**, you can restrict the user activities by service domain or browser, and scope the actions that DLP takes by:
+
+- All apps
+- By a list of restricted apps that you define
+- Ay a restricted app group (preview) that you define.
+
+##### Service domain and browser activities
+
+When you configure the **Allow/Block cloud service domains** and the **Unallowed browsers** list (see [Browser and domain restrictions to sensitive data](dlp-configure-endpoint-settings.md#browser-and-domain-restrictions-to-sensitive-data)) and a user attempts to upload a protected file to a cloud service domain or access it from an unallowed browser, you can configure the policy action to `Audit only`, `Block with override`, or `Block` the activity.
+
+##### File activities for all apps
+
+With the **File activities for all apps** option, you select either **Don't restrict file activities** or **Apply restrictions to specific activities**. When you select to apply restrictions to specific activities, the actions that you select here are applied when a user has accessed a DLP protected item. You can tell DLP to `Audit only`, `Block with override`, `Block` (the actions) on these user activities:
+
+- **Copy to clipboard**
+- **Copy to a USB removable drive**
+- **Copy to a network share**
+- **Print**
+- **Copy or move using an unallowed Bluetooth app**
+- **Remote desktop services**
++
+##### Restricted app activities
+
+Previously called Unallowed apps, you define a list of apps in Endpoint DLP settings that you want to place restrictions on. When a user attempts to access a DLP protected file using an app that is on the list, you can either `Audit only`, `Block with override`, or `Block` the activity. DLP actions defined in **Restricted app activities** are overridden if the app is a member of restricted app group. Then the actions defined in the restricted app group are applied.
+
+##### File activities for apps in restricted app groups (preview)
+
+You define your restricted app groups in Endpoint DLP settings and add restricted app groups to your policies. When you add a restricted app group to a policy, you must select one of these options:
+
+- Don't restrict file activity
+- Apply restrictions to all activity
+- Apply restrictions to specific activity
+
+When you select either of the *Apply restrictions* options, and a user attempts to access a DLP protected file using an app that is in the restricted app group, you can either `Audit only`, `Block with override`, or `Block` by activity. DLP actions that you define here override actions defined in **Restricted app activities** and **File activities for all apps** for the app.
-The devices location provides many subactivities (conditions) and actions. To learn more, see [Endpoint activities you can monitor and take action on](endpoint-dlp-learn-about.md#endpoint-activities-you-can-monitor-and-take-action-on).
+See, [Restricted apps and app groups](dlp-configure-endpoint-settings.md#restricted-apps-and-app-groups) for more information.
-#### Microsoft Defender for Cloud Apps
+#### Microsoft Defender for Cloud Apps actions
- Restrict access or encrypt the content in Microsoft 365 locations - Restrict Third Party Apps
-#### On-premises repositories
+#### On-premises repositories actions
- Restrict access or remove on-premises files
compliance Endpoint Dlp Using https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/endpoint-dlp-using.md
Title: "Using Endpoint data loss prevention"
+ Title: "Using Endpoint data loss prevention"
f1.keywords: - CSH
description: "Learn how to configure data loss prevention (DLP) policies to use
# Using Endpoint data loss prevention
-This article walks you through four scenarios where you create and modify a DLP policy that uses devices as a location.
-
-## DLP settings
-
-Before you get started, you should set up your DLP settings. Settings are applied to all DLP policies for devices. You must configure these if you intend to create policies that enforce:
--- cloud egress restrictions-- unallowed apps restrictions-
-Or
--- If you want to exclude noisy file paths from monitoring-
- > [!div class="mx-imgBorder"]
- > ![DLP settings.](../media/endpoint-dlp-1-using-dlp-settings.png)
-
-### Endpoint DLP Windows 10/11 and macOS settings
-
-|Setting |Windows 10, 1809 and later, Windows 11 |macOS Catalina 10.15 or later (preview) |Notes |
-|||||
-|File path exclusions |Supported |Supported |macOS includes a recommended list of exclusions that is on by default |
-|Unallowed Apps |Supported |Supported | |
-|Unallowed Bluetooth apps |Supported |Not Supported | |
-|Browser and domain restrictions to sensitive items |Supported |Supported | |
-|Additional settings for Endpoint DLP |Supported |Supported |Only the default business justifications are supported for macOS devices |
-|Always audit file activity for devices |Supported |Supported | |
-|Auto-quarantine file from unallowed apps | Supported | Not Supported| |
-|Advanced classification | Supported | Not Supported| |
-|Business justification in policy tips | Supported | Supported| |
-
-### Advanced classification scanning and protection
-
-Advanced classification scanning and protection allows the more advanced Microsoft 365 cloud based data classification service to scan items, classify them and return the results to the local machine. This means you can take advantage of [exact data match](create-custom-sensitive-information-types-with-exact-data-match-based-classification.md) classification, [named entities (preview)](named-entities-learn.md#learn-about-named-entities-preview) classification techniques in your DLP policies.
-
-In advanced classification, content is sent from the local device to the cloud services for scanning and classification. If bandwidth utilization is a concern, you can set a limit in this global setting that is applied per device on how much can be used in a rolling 24 hour period. If you set a bandwidth utilization limit and it is exceeded, DLP stops sending the user content to the cloud and data classification will continue locally on the device. When the cumulative bandwidth utilization drops below the rolling 24 hour limit, communication with the cloud services will resume.
-
-If bandwidth utilization is not a concern, you can not set a limit and allow unlimited utilization.
-
-These Windows versions support advanced classification scanning and protection:
--- Windows 10 versions 20H1/20H2/21H1 (KB 5006738)-- Windows 10 versions 19H1/19H2 (KB 5007189)-- Windows 10 RS5 (KB 5006744)-
-> [!NOTE]
-> Support for advanced classification is available for Office (Word, Excel, PowerPoint) and PDF file types.
-
-> [!NOTE]
-> DLP policy evaluation always occurs in the cloud, even if user content is not being sent.
-
-### File path exclusions
-
-Open [Compliance center](https://compliance.microsoft.com) > **Data loss prevention** > **Endpoint DLP settings** > **File path exclusions**.
-
-You may want to exclude certain paths from DLP monitoring, DLP alerting, and DLP policy enforcement on your devices because they are too noisy or donΓÇÖt contain files you are interested in. Files in those locations will not be audited and any files that are created or modified in those locations will not be subject to DLP policy enforcement. You can configure path exclusions in DLP settings.
-
-#### Windows 10 devices
-
-You can use this logic to construct your exclusion paths for Windows 10 devices:
--- Valid file path that ends with `\`, which means only files directly under folder. <br/>For example: `C:\Temp\`--- Valid file path that ends with `\*`, which means only files under subfolders, besides the files directly under the folder. <br/>For example: `C:\Temp\*`--- Valid file path that ends without `\` or `\*`, which means all files directly under folder and all subfolders. <br/>For example: `C:\Temp`--- A path with wildcard between `\` from each side. <br/>For example: `C:\Users\*\Desktop\`--- A path with wildcard between `\` from each side and with `(number)` to give exact number of subfolders. <br/>For example: `C:\Users\*(1)\Downloads\`--- A path with SYSTEM environment variables. <br/>For example: `%SystemDrive%\Test\*`--- A mix of all the above. <br/>For example: `%SystemDrive%\Users\*\Documents\*(2)\Sub\`-
-#### macOS devices (preview)
-
-Similar to Windows 10 devices you can add your own exclusions for macOS devices.
--- File path definitions are case insensitive, so `User` is the same as `user`.--- Wildcard values are supported. So a path definition can contain a `*` in the middle of the path or at the end of the path. For example: `/Users/*/Library/Application Support/Microsoft/Teams/*`-
-##### Recommended file path exclusions (preview)
-
-For performance reasons, Endpoint DLP includes a list of recommended file path exclusions for macOS devices. These exclusions are turned on by default. You can disable them if you want by toggling the **Include recommended file path exclusions for Mac** toggle. The list includes:
--- /Applications/*-- /System/*-- /usr/*-- /Library/*-- /private/*-- /opt/*-- /Users/*/Library/Application Support/Microsoft/Teams/*-
-### Unallowed apps
-
-Unallowed apps is a list of applications that you create which will not be allowed to access a DLP protected file. It is available for Windows 10 and macOS devices (preview).
-
-When a policy's **Access by unallowed apps** setting is turned on, and an app that is on the unallowed list attempts to access a protected file, the activity will be allowed, blocked, or blocked but users can override the restriction. All activity is audited and available to review in activity explorer.
-
-> [!IMPORTANT]
-> Do not include the path to the executable, but only the executable name (such as browser.exe).
-
-#### macOS devices (preview)
-
-Just like on Windows devices, you will now be able to prevent macOS apps from accessing sensitive data by defining them in the **Unallowed apps** list.
-
-> [!NOTE]
-> Note that cross platform apps must be entered with their unique paths respective to the OS they are running on.
-
-To find the full path of Mac apps:
-
-1. On the macOS device, open **Activity Monitor**. Find and double-click the process you want to restrict
-
-2. Choose **Open Files and Ports** tab.
-
-3. For macOS apps, you need the full path name, including the name of the app.
-
-#### Protect sensitive data from cloud synchronization apps
-
-To prevent sensitive items from being synced to the cloud by cloud sync apps, like *onedrive.exe*, add the cloud sync app to the **Unallowed apps** list. When an unallowed cloud-sync app tries to access an item that is protected by a blocking DLP policy, DLP may generate repeated notifications. You can avoid these repeated notifications by enabling the **Auto-quarantine** option under **Unallowed apps**.
-
-##### Auto-quarantine (preview)
-
-> [!NOTE]
-> Auto-quarantine is supported in Windows 10 only
-
-When enabled, Auto-quarantine kicks in when an unallowed app attempts to access a DLP protected sensitive item. Auto-quarantine moves the sensitive item to an admin configured folder and can leave a placeholder **.txt** file in the place of the original. You can configure the text in the placeholder file to tell users where the item was moved to and other pertinent information.
-
-You can use auto-quarantine to prevent an endless chain of DLP notifications for the user and adminsΓÇösee [Scenario 4: Avoid looping DLP notifications from cloud synchronization apps with auto-quarantine (preview)](#scenario-4-avoid-looping-dlp-notifications-from-cloud-synchronization-apps-with-auto-quarantine-preview).
-
-### Unallowed Bluetooth apps
-
-Prevent people from transferring files protected by your policies via specific Bluetooth apps.
-
-### Browser and domain restrictions to sensitive data
-
-Restrict sensitive files that match your policies from being shared with unrestricted cloud service domains.
-
-#### Unallowed browsers
-
-For Windows devices you add browsers, identified by their executable names, that will be blocked from accessing files that match the conditions of an enforced a DLP policy where the upload to cloud services restriction is set to block or block override. When these browsers are blocked from accessing a file, the end users will see a toast notification asking them to open the file through Microsoft Edge or display a customized message if one has been configured.
-
-For macOS devices, you must add the full file path. To find the full path of Mac apps:
-
-1. On the macOS device, open **Activity Monitor**. Find and double-click the process you want to restrict
-
-2. Choose **Open Files and Ports** tab.
-
-3. For macOS apps, you need the full path name, including the name of the app.
-
-#### Service domains
-
-> [!NOTE]
-> The **Service domains** setting only applies to files uploaded using Microsoft Edge or Google Chrome with the [the Microsoft Compliance Extension](dlp-chrome-learn-about.md#learn-about-the-microsoft-compliance-extension) installed.
-
-You can control whether sensitive files protected by your policies can be uploaded to specific service domains from Microsoft Edge.
-
-If the list mode is set to **Block**, then user will not be able to upload sensitive items to those domains. When an upload action is blocked because an item matches a DLP policy, DLP will either generate a warning or block the upload of the sensitive item.
-
-If the list mode is set to **Allow**, then users will be able to upload sensitive items ***only*** to those domains, and upload access to all other domains is not allowed.
-
-> [!IMPORTANT]
-> When the service restriction mode is set to "Allow", you must have at least one service domain configured before restrictions are enforced.
-
-Use the FQDN format of the service domain without the ending `.`
-
-For example:
-
- `www.contoso.com`
-
-Wildcards are not supported.
-
-### Additional settings for endpoint DLP
-
-#### Business justification in policy tips
-
-You can control how users interact with the business justification option in DLP policy tip notifications. This option appears when users perform an activity that's protected by the **Block with override** setting in a DLP policy. This is a global setting. You can choose from one the following options:
--- **Show default options and custom text box**: By default, users can select either a built-in justification, or enter their own text.-- **Only show default options**: Users can only select a built-in justification.-- **Only show custom text box**: Users can only enter their own justification. Only the text box will appear in the end-user policy tip notification. -
-##### Customizing the options in the drop-down menu
-
-You can create up to five customized options that will appear when users interact with the policy notification tip by selecting the **Customize the options drop-down menu**.
--
-|Option |Default text |
-|||
-|option 1 | **This is part of an established business workflow** or you can enter customized text |
-|option 2 |**My manager has approved this action** or you can enter customized text |
-|option 3 |**Urgent access required; I'll notify my manager separately** or you can enter customized text |
-|Show false positive option |**The information in these files is not sensitive** or you can enter customized text |
-|option 5 |**Other** or you can enter customized text |
-
-<!--See [Scenario 5: Configure a policy to use the customized business justification](#scenario-5-configure-a-policy-to-use-the-customized-business-justification)-->
-
-### Always audit file activity for devices
-
-By default, when devices are onboarded, activity for Office, PDF, and CSV files is automatically audited and available for review in activity explorer. Turn this feature off if you want this activity to be audited only when onboarded devices are included in an active policy.
-
-File activity will always be audited for onboarded devices, regardless of whether they are included in an active policy.
-
-## Tying DLP settings together
-
-With Endpoint DLP and Edge Chromium Web browser, you can restrict unintentional sharing of sensitive items to unallowed cloud apps and services. Edge Chromium understands when an item is restricted by an Endpoint DLP policy and enforces access restrictions.
-
-When you use Endpoint DLP as a location in a properly configured DLP policy and the Microsoft Edge browser, the unallowed browsers that you've defined in these settings will be prevented from accessing the sensitive items that match your DLP policy controls. Instead, users will be redirected to use Microsoft Edge which, with its understanding of DLP imposed restrictions, can block or restrict activities when the conditions in the DLP policy are met.
-
-To use this restriction, youΓÇÖll need to configure three important pieces:
-
-1. Specify the places ΓÇô services, domains, IP addresses ΓÇô that you want to prevent sensitive items from being shared to.
-
-2. Add the browsers that arenΓÇÖt allowed to access certain sensitive items when a DLP policy match occurs.
-
-3. Configure DLP policies to define the kinds of sensitive items for which upload should be restricted to these places by turning on **Upload to cloud services** and **Access from unallowed browser**.
-
-You can continue to add new services, apps, and policies to extend and augment your restrictions to meet your business needs and protect sensitive data.
-
-This configuration will help ensure your data remains safe while also avoiding unnecessary restrictions that prevent or restrict users from accessing and sharing non-sensitive items.
-
-## Endpoint DLP policy scenarios
- To help familiarize you with Endpoint DLP features and how they surface in DLP policies, we've put together some scenarios for you to follow. > [!IMPORTANT]
To help familiarize you with Endpoint DLP features and how they surface in DLP p
>- [Create a DLP policy from a template](create-a-dlp-policy-from-a-template.md) >- [Create, test, and tune a DLP policy](create-test-tune-dlp-policy.md)
-### Scenario 1: Create a policy from a template, audit only
+## Scenario 1: Create a policy from a template, audit only
These scenarios require that you already have devices onboarded and reporting into Activity explorer. If you haven't onboarded devices yet, see [Get started with Endpoint data loss prevention](endpoint-dlp-getting-started.md).
These scenarios require that you already have devices onboarded and reporting in
11. Check Activity explorer for data from the monitored endpoints. Set the location filter for devices and add the policy, then filter by policy name to see the impact of this policy; see [Get started with activity explorer](data-classification-activity-explorer.md), if needed.
-12. Attempt to share a test that contains content that will trigger the U.S. Personally Identifiable Information (PII) Data condition with someone outside your organization. This should trigger the policy.
+12. Attempt to share a test item that contains content that will trigger the U.S. Personally Identifiable Information (PII) Data condition with someone outside your organization. This should trigger the policy.
13. Check Activity explorer for the event.
-### Scenario 2: Modify the existing policy, set an alert
+## Scenario 2: Modify the existing policy, set an alert
1. Open the [Data loss prevention page](https://compliance.microsoft.com/datalossprevention?viewid=policies).
These scenarios require that you already have devices onboarded and reporting in
5. Scroll down to the **Incident reports** section and set **Send an alert to admins when a rule match occurs** to **On**. Email alerts will be automatically sent to the administrator and anyone else you add to the list of recipients.
- > [!div class="mx-imgBorder"]
- > ![turn-on-incident-reports.](../media/endpoint-dlp-2-using-dlp-incident-reports.png)
+![turn-on-incident-reports.](../media/endpoint-dlp-2-using-dlp-incident-reports.png)
6. For the purposes of this scenario, choose **Send alert every time an activity matches the rule**.
These scenarios require that you already have devices onboarded and reporting in
8. Retain all your previous settings by choosing **Next** and then **Submit** the policy changes.
-9. Attempt to share a test that contains content that will trigger the U.S. Personally Identifiable Information (PII) Data condition with someone outside your organization. This should trigger the policy.
+9. Attempt to share a test item that contains content that will trigger the U.S. Personally Identifiable Information (PII) Data condition with someone outside your organization. This should trigger the policy.
10. Check Activity explorer for the event.
-### Scenario 3: Modify the existing policy, block the action with allow override
+## Scenario 3: Modify the existing policy, block the action with allow override
1. Open the [Data loss prevention page](https://compliance.microsoft.com/datalossprevention?viewid=policies).
These scenarios require that you already have devices onboarded and reporting in
8. Retain all your previous settings by choosing **Next** and then **Submit** the policy changes.
-9. Attempt to share a test that contains content that will trigger the U.S. Personally Identifiable Information (PII) Data condition with someone outside your organization. This should trigger the policy.
+9. Attempt to share a test item that contains content that will trigger the U.S. Personally Identifiable Information (PII) Data condition with someone outside your organization. This should trigger the policy.
You'll see a popup like this on the client device:
These scenarios require that you already have devices onboarded and reporting in
10. Check Activity explorer for the event.
-### Scenario 4: Avoid looping DLP notifications from cloud synchronization apps with auto-quarantine (preview)
+## Scenario 4: Avoid looping DLP notifications from cloud synchronization apps with auto-quarantine (preview)
-#### Before you begin
+### Before you begin
In this scenario, synchronizing files with the **Highly Confidential** sensitivity label to OneDrive is blocked. This is a complex scenario with multiple components and procedures. You will need:
There are three procedures.
2. Create a policy that blocks sensitive items that have the **Highly Confidential** sensitivity label. 3. Create a Word document on the Windows 10 device that the policy is targeted to, apply the label, and copy it to the user accounts local OneDrive folder that is being synchronized.
-#### Configure Endpoint DLP unallowed app and Auto-quarantine settings
+### Configure Endpoint DLP unallowed app and Auto-quarantine settings
1. Open [Endpoint DLP settings](https://compliance.microsoft.com/datalossprevention?viewid=globalsettings)
There are three procedures.
9. Choose **Save**
-#### Configure a policy to block OneDrive synchronization of files with the sensitivity label Highly Confidential
+### Configure a policy to block OneDrive synchronization of files with the sensitivity label Highly Confidential
1. Open the [Data loss prevention page](https://compliance.microsoft.com/datalossprevention?viewid=policies).
There are three procedures.
11. The new DLP policy will appear in the policy list.
-#### Test Auto-quarantine on the Windows 10 device
+### Test Auto-quarantine on the Windows 10 device
1. Log in to the Windows 10 computer with the user account you specified in [Configure a policy to block OneDrive synchronization of files with the sensitivity label Highly Confidential](#configure-a-policy-to-block-onedrive-synchronization-of-files-with-the-sensitivity-label-highly-confidential) step 5.
There are three procedures.
9. Check Activity explorer for the event.
+## Scenario 5: Restrict unintentional sharing to unallowed cloud apps and services
+
+With Endpoint DLP and Edge Web browser, you can restrict unintentional sharing of sensitive items to unallowed cloud apps and services. Edge understands when an item is restricted by an Endpoint DLP policy and enforces access restrictions.
+
+When you select **Devices** as a location in a properly configured DLP policy and use the Microsoft Edge browser, the unallowed browsers that you've defined in these settings will be prevented from accessing the sensitive items that match your DLP policy controls. Instead, users will be redirected to use Microsoft Edge which, with its understanding of DLP imposed restrictions, can block or restrict activities when the conditions in the DLP policy are met.
+
+To use this restriction, youΓÇÖll need to configure three important pieces:
+
+1. Specify the places ΓÇô services, domains, IP addresses ΓÇô that you want to prevent sensitive items from being shared to.
+
+2. Add the browsers that arenΓÇÖt allowed to access certain sensitive items when a DLP policy match occurs.
+
+3. Configure DLP policies to define the kinds of sensitive items for which upload should be restricted to these places by turning on **Upload to cloud services** and **Access from unallowed browser**.
+
+You can continue to add new services, apps, and policies to extend and augment your restrictions to meet your business needs and protect sensitive data.
+
+This configuration will help ensure your data remains safe while also avoiding unnecessary restrictions that prevent or restrict users from accessing and sharing non-sensitive items.
## See also - [Learn about Endpoint data loss prevention](endpoint-dlp-learn-about.md)
compliance Sit Get Started Exact Data Match Test https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-get-started-exact-data-match-test.md
Once you're satisfied with the results of your testing and tuning, your EDM base
- [DLP policies](create-test-tune-dlp-policy.md#create-test-and-tune-a-dlp-policy) - [Auto-labeling policies](apply-sensitivity-label-automatically.md#how-to-configure-auto-labeling-for-office-apps)-- [Microsoft Cloud App Security file policies](/cloud-app-security/data-protection-policies)
+- [Microsoft Defender for Cloud Apps](/cloud-app-security/data-protection-policies)
## Troubleshooting tips
contentunderstanding Difference Between Document Understanding And Form Processing Model https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/difference-between-document-understanding-and-form-processing-model.md
description: Learn about key differences between a document understanding model
# Differences between document understanding and form processing models
-Content understanding in Microsoft SharePoint Syntex allows you to identify and classify documents that are uploaded to SharePoint document libraries, and extract relevant information from each file. For example, as files are uploaded to a SharePoint document library, all files that are identified as *Purchase Orders* are classified as such, and then displayed in a custom document library view. Additionally, you can pull specific information from each file (for example, *PO Number* and *Total*) and display it as a column in your document library view.
+Content understanding in Microsoft SharePoint Syntex allows you to identify and classify documents that are uploaded to SharePoint document libraries, and then to extract relevant information from each file. For example, as files are uploaded to a SharePoint document library, all files that are identified as *Purchase Orders* are classified as such, and then displayed in a custom document library view. Additionally, you can pull specific information from each file (for example, *PO Number* and *Total*) and display it as a column in your document library view.
Content understanding lets you create *models* to identify and extract the information you need. Models have value in helping to resolve business issues for search, business processes, compliance, and many others.
-There are two model types that you can use:
+There are two custom model types that you can use:
- [Document understanding models](document-understanding-overview.md) - [Form processing models](form-processing-overview.md)
Document understanding models are created and managed in a SharePoint content ce
> [!NOTE] > For more information about input documents, see [Form processing model requirements and limitations](/ai-builder/form-processing-model-requirements).
-Form processing models are created in Power Apps [AI Builder](/ai-builder/overview), but the creation starts directly from a SharePoint document library. A document library must have form processing model creation enabled before a user can create a form processing model for it. Admins can enable form processing model creation in the content understanding admin settings. Form processing models use PowerAutomate flows to process files when they're uploaded to the document library.
+Form processing models are created in Power Apps [AI Builder](/ai-builder/overview), but the creation starts directly from a SharePoint document library. A document library must have form processing model creation enabled before a user can create a form processing model for it. Admins can enable form processing model creation in the content understanding admin settings. Form processing models use Power Automate flows to process files when they're uploaded to the document library.
When you create a document understanding model, you create a new [SharePoint content type](https://support.microsoft.com/office/use-content-types-to-manage-content-consistently-on-a-site-48512bcb-6527-480b-b096-c03b7ec1d978) that is saved to the SharePoint Content Types gallery. Or you can use existing content types to define your model if needed.
Use the following table to understand when to use forms processing and when to u
| Classification type| Settable classifier is used to give clues to the system on what data to extract.| Trainable classifier with optional extractors using machine teaching to assign document location on what data to extract.| | Locations | Trained for a single document library.| Can be applied to multiple libraries.| | Supported file types| Train on PDF, JPG, PNG format, total 50 MB and 500 pages.| Train on 5-10 PDF, Office, or email files, including negative examples.<br>Office files are truncated at 64k characters. OCR-scanned files are limited to 20 pages.|
-| Integrate with Managed Metadata | No | Yes, by training entity extractor referencing a configured managed metadata field.|
+| Integrate with managed metadata | No | Yes, by training entity extractor referencing a configured managed metadata field.|
| Compliance feature integration when Microsoft Information Protection is enabled | Set published Retention labels.<br>Set Sensitivity labels is coming. | Set published Retention labels.<br>Set published Sensitivity labels. | | Supported regions| Form processing relies on Power Platform. For information about global availability for Power Platform and AI Builder, see [Power Platform availability](https://dynamics.microsoft.com/geographic-availability/). | Available in all regions.| | Transactional cost | Uses AI Builder credits.<br>Credits can be purchased in batches of 1M.<br>1M credits are included when 300+ SharePoint Syntex licenses are purchased.<br>1M credits will allow processing of 2,000 file pages.<br>| N/A | | Capacity | Uses the default Power Platform environment (custom environments with Dataverse database supported). | Does not have capacity restrictions.|
-| Supported languages| English <br>Coming later in 2022: Latin alphabet languages | Models work on all latin alphabet languages. In addition to English: German, Swedish, French, Spanish, Italian, and Portuguese.|
+| Supported languages| English <br>Coming later in 2022: Latin alphabet languages | Models work on all Latin alphabet languages. In addition to English: German, Swedish, French, Spanish, Italian, and Portuguese.|
## See Also
contentunderstanding Index https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/index.md
The resources on this page are designed to get you started with learning about a
## Get started
-The resources in this section help you learn more about the three methods of data classification and extraction used by SharePoint Syntex: document understanding, form processing, and prebuilt.
+The resources in this section help you learn more about the methods of data classification and extraction used by SharePoint Syntex. There are two custom model typesΓÇö[document understanding](document-understanding-overview.md) and [form processing](form-processing-overview.md)ΓÇöand a [prebuilt](prebuilt-overview.md) model type.
> [!NOTE] > You can get started with SharePoint Syntex without buying licenses by [creating a content center from the SharePoint admin center](create-a-content-center.md). Unlicensed users can create document understanding models but can't apply them to a document library.
includes Microsoft 365 Content Updates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/microsoft-365-content-updates.md
-## Week of January 10, 2022
+## Week of March 14, 2022
| Published On |Topic title | Change | |||--|
-| 1/10/2022 | [Automatically apply a sensitivity label to content in Microsoft 365](/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-21vianet) | modified |
-| 1/10/2022 | [Create a DLP policy from a template](/microsoft-365/compliance/create-a-dlp-policy-from-a-template?view=o365-21vianet) | modified |
-| 1/10/2022 | [Create, test, and tune a DLP policy](/microsoft-365/compliance/create-test-tune-dlp-policy?view=o365-21vianet) | modified |
-| 1/10/2022 | [Get started with activity explorer](/microsoft-365/compliance/data-classification-activity-explorer?view=o365-21vianet) | modified |
-| 1/10/2022 | [Get started with content explorer](/microsoft-365/compliance/data-classification-content-explorer?view=o365-21vianet) | modified |
-| 1/10/2022 | [Learn about data classification](/microsoft-365/compliance/data-classification-overview?view=o365-21vianet) | modified |
-| 1/10/2022 | [Get started with the data loss prevention alert dashboard](/microsoft-365/compliance/dlp-alerts-dashboard-get-started?view=o365-21vianet) | modified |
-| 1/10/2022 | [Get started with the Microsoft Compliance Extension](/microsoft-365/compliance/dlp-chrome-get-started?view=o365-21vianet) | modified |
-| 1/10/2022 | [Get started with Microsoft 365 data loss prevention on-premises scanner](/microsoft-365/compliance/dlp-on-premises-scanner-get-started?view=o365-21vianet) | modified |
-| 1/10/2022 | [Get started with sensitivity labels](/microsoft-365/compliance/get-started-with-sensitivity-labels?view=o365-21vianet) | modified |
-| 1/10/2022 | [Microsoft 365 Zero Trust deployment plan](/microsoft-365/security/microsoft-365-zero-trust?view=o365-21vianet) | modified |
-| 1/10/2022 | [DeviceAlertEvents table in the advanced hunting schema](/microsoft-365/security/defender-endpoint/advanced-hunting-devicealertevents-table?view=o365-21vianet) | modified |
-| 1/10/2022 | [Advanced hunting schema reference](/microsoft-365/security/defender-endpoint/advanced-hunting-schema-reference?view=o365-21vianet) | modified |
-| 1/10/2022 | [Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune](/microsoft-365/security/defender-endpoint/android-intune?view=o365-21vianet) | modified |
-| 1/10/2022 | [Integration with Microsoft Defender for Cloud](/microsoft-365/security/defender-endpoint/azure-server-integration?view=o365-21vianet) | modified |
-| 1/10/2022 | [Configure automated investigation and remediation capabilities](/microsoft-365/security/defender-endpoint/configure-automated-investigations-remediation?view=o365-21vianet) | modified |
-| 1/10/2022 | [Configure and manage Microsoft Threat Experts capabilities](/microsoft-365/security/defender-endpoint/configure-microsoft-threat-experts?view=o365-21vianet) | modified |
-| 1/10/2022 | [Onboard Windows servers to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-21vianet) | modified |
-| 1/10/2022 | [Fix unhealthy sensors in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/fix-unhealthy-sensors?view=o365-21vianet) | modified |
-| 1/10/2022 | [Grant access to managed security service provider (MSSP)](/microsoft-365/security/defender-endpoint/grant-mssp-access?view=o365-21vianet) | modified |
-| 1/10/2022 | [Investigate agent health issues](/microsoft-365/security/defender-endpoint/health-status?view=o365-21vianet) | modified |
-| 1/10/2022 | [Helpful Microsoft Defender for Endpoint resources](/microsoft-365/security/defender-endpoint/helpful-resources?view=o365-21vianet) | modified |
-| 1/10/2022 | [Create indicators for IPs and URLs/domains](/microsoft-365/security/defender-endpoint/indicator-ip-domain?view=o365-21vianet) | modified |
-| 1/10/2022 | [Investigate connection events that occur behind forward proxies](/microsoft-365/security/defender-endpoint/investigate-behind-proxy?view=o365-21vianet) | modified |
-| 1/10/2022 | [How to Deploy Defender for Endpoint on Linux with Chef](/microsoft-365/security/defender-endpoint/linux-deploy-defender-for-endpoint-with-chef?view=o365-21vianet) | modified |
-| 1/10/2022 | [Set up the Microsoft Defender for Endpoint on macOS policies in Jamf Pro](/microsoft-365/security/defender-endpoint/mac-jamfpro-policies?view=o365-21vianet) | modified |
-| 1/10/2022 | [Manage Microsoft Defender for Endpoint alerts](/microsoft-365/security/defender-endpoint/manage-alerts?view=o365-21vianet) | modified |
-| 1/10/2022 | [Manage endpoint detection and response capabilities](/microsoft-365/security/defender-endpoint/manage-edr?view=o365-21vianet) | modified |
-| 1/10/2022 | [Overview of management and APIs](/microsoft-365/security/defender-endpoint/management-apis?view=o365-21vianet) | modified |
-| 1/10/2022 | [Microsoft Defender for Cloud Apps integration overview](/microsoft-365/security/defender-endpoint/microsoft-cloud-app-security-integration?view=o365-21vianet) | modified |
-| 1/10/2022 | [Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-ios?view=o365-21vianet) | modified |
-| 1/10/2022 | [Microsoft Defender Antivirus in the Windows Security app](/microsoft-365/security/defender-endpoint/microsoft-defender-security-center-antivirus?view=o365-21vianet) | modified |
-| 1/10/2022 | [Microsoft Threat Experts](/microsoft-365/security/defender-endpoint/microsoft-threat-experts?view=o365-21vianet) | modified |
-| 1/10/2022 | [Managed security service provider (MSSP) partnership opportunities](/microsoft-365/security/defender-endpoint/mssp-support?view=o365-21vianet) | modified |
-| 1/10/2022 | [Microsoft Defender for Endpoint for non-Windows platforms](/microsoft-365/security/defender-endpoint/non-windows?view=o365-21vianet) | modified |
-| 1/10/2022 | [Onboard previous versions of Windows on Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/onboard-downlevel?view=o365-21vianet) | modified |
-| 1/10/2022 | [Onboard Windows multi-session devices in Azure Virtual Desktop](/microsoft-365/security/defender-endpoint/onboard-windows-multi-session-device?view=o365-21vianet) | modified |
-| 1/10/2022 | [Protect security settings with tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-21vianet) | modified |
-| 1/10/2022 | [Pull Microsoft Defender for Endpoint detections using REST API](/microsoft-365/security/defender-endpoint/pull-alerts-using-rest-api?view=o365-21vianet) | modified |
-| 1/10/2022 | [Take response actions on a device in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/respond-machine-alerts?view=o365-21vianet) | modified |
-| 1/10/2022 | [Server migration scenarios for the new version of Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/server-migration?view=o365-21vianet) | modified |
-| 1/10/2022 | [What's new in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-endpoint?view=o365-21vianet) | modified |
-| 1/10/2022 | [Use shared queries in Microsoft 365 Defender advanced hunting](/microsoft-365/security/defender/advanced-hunting-shared-queries?view=o365-21vianet) | modified |
-| 1/10/2022 | [Create and manage custom detection rules in Microsoft 365 Defender](/microsoft-365/security/defender/custom-detection-rules?view=o365-21vianet) | modified |
-| 1/10/2022 | [Step 2. Remediate your first incident](/microsoft-365/security/defender/first-incident-remediate?view=o365-21vianet) | modified |
-| 1/10/2022 | [Details and results of an automated investigation](/microsoft-365/security/defender/m365d-autoir-results?view=o365-21vianet) | modified |
-| 1/10/2022 | [Configure automated investigation and response capabilities in Microsoft 365 Defender](/microsoft-365/security/defender/m365d-configure-auto-investigation-response?view=o365-21vianet) | modified |
-| 1/10/2022 | [Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-defender?view=o365-21vianet) | modified |
-| 1/10/2022 | [Microsoft Defender for Endpoint in Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-security-center-mde?view=o365-21vianet) | modified |
-| 1/10/2022 | [Microsoft 365 Defender prerequisites](/microsoft-365/security/defender/prerequisites?view=o365-21vianet) | modified |
-| 1/10/2022 | [Automated investigation and response in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/office-365-air?view=o365-21vianet) | modified |
-| 1/10/2022 | [Permissions - Security & Compliance Center](/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center?view=o365-21vianet) | modified |
-| 1/10/2022 | [Step 1. Implement App Protection Policies](/microsoft-365/solutions/manage-devices-with-intune-app-protection?view=o365-21vianet) | modified |
-| 1/10/2022 | [Step 3. Set up compliance policies for devices with Intune](/microsoft-365/solutions/manage-devices-with-intune-compliance-policies?view=o365-21vianet) | modified |
-| 1/10/2022 | [Step 5. Deploy device profiles in Microsoft Intune](/microsoft-365/solutions/manage-devices-with-intune-configuration-profiles?view=o365-21vianet) | modified |
-| 1/10/2022 | [Step 7. Implement data loss prevention (DLP) with information protection capabilities](/microsoft-365/solutions/manage-devices-with-intune-dlp-mip?view=o365-21vianet) | modified |
-| 1/10/2022 | [Step 2. Enroll devices into management with Intune](/microsoft-365/solutions/manage-devices-with-intune-enroll?view=o365-21vianet) | modified |
-| 1/10/2022 | [Step 6. Monitor device risk and compliance to security baselines](/microsoft-365/solutions/manage-devices-with-intune-monitor-risk?view=o365-21vianet) | modified |
-| 1/10/2022 | [Manage devices with Intune](/microsoft-365/solutions/manage-devices-with-intune-overview?view=o365-21vianet) | modified |
-| 1/10/2022 | [Step 4. Require healthy and compliant devices with Intune](/microsoft-365/solutions/manage-devices-with-intune-require-compliance?view=o365-21vianet) | modified |
-| 1/10/2022 | [Microsoft 365 alert policies](/microsoft-365/compliance/alert-policies?view=o365-21vianet) | modified |
-| 1/10/2022 | [Microsoft Compliance Manager templates list](/microsoft-365/compliance/compliance-manager-templates-list?view=o365-21vianet) | modified |
-| 1/10/2022 | [Set up a connector to import physical badging data](/microsoft-365/compliance/import-physical-badging-data?view=o365-21vianet) | modified |
-| 1/10/2022 | [Microsoft Defender for Endpoint Device Control Removable Storage Access Control, removable storage media](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control?view=o365-21vianet) | modified |
-| 1/10/2022 | [Turn on cloud protection in Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/enable-cloud-protection-microsoft-defender-antivirus?view=o365-21vianet) | modified |
-| 1/10/2022 | [What's new in Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-whatsnew?view=o365-21vianet) | modified |
-| 1/10/2022 | [Microsoft Defender for Endpoint Device Control Device Installation](/microsoft-365/security/defender-endpoint/mde-device-control-device-installation?view=o365-21vianet) | modified |
-| 1/10/2022 | [Common Zero Trust identity and device access policies - Microsoft 365 for enterprise \| Microsoft Docs](/microsoft-365/security/office-365-security/identity-access-policies?view=o365-21vianet) | modified |
-| 1/10/2022 | [Step 4. Deploy endpoint management for your devices, PCs, and other endpoints](/microsoft-365/solutions/empower-people-to-work-remotely-manage-endpoints?view=o365-21vianet) | modified |
-| 1/10/2022 | [Step 2. Provide remote access to on-premises apps and services](/microsoft-365/solutions/empower-people-to-work-remotely-remote-access?view=o365-21vianet) | modified |
-| 1/10/2022 | [Step 1. Increase sign-in security for hybrid workers with MFA](/microsoft-365/solutions/empower-people-to-work-remotely-secure-sign-in?view=o365-21vianet) | modified |
-| 1/10/2022 | [Step 3: Deploy security and compliance for hybrid workers](/microsoft-365/solutions/empower-people-to-work-remotely-security-compliance?view=o365-21vianet) | modified |
-| 1/10/2022 | [Step 6: Train your workers and address usage feedback](/microsoft-365/solutions/empower-people-to-work-remotely-train-monitor-usage?view=o365-21vianet) | modified |
-| 1/10/2022 | [Set up your infrastructure for hybrid work with Microsoft 365](/microsoft-365/solutions/empower-people-to-work-remotely?view=o365-21vianet) | modified |
-| 1/11/2022 | [Add staff to Bookings](/microsoft-365/bookings/add-staff?view=o365-21vianet) | modified |
-| 1/11/2022 | Microsoft 365 small business training # < 60 chars | removed |
-| 1/11/2022 | [Learn about trainable classifiers](/microsoft-365/compliance/classifier-learn-about?view=o365-21vianet) | modified |
-| 1/11/2022 | [Microsoft 365 Zero Trust deployment plan](/microsoft-365/security/microsoft-365-zero-trust?view=o365-21vianet) | modified |
-| 1/11/2022 | [Deploy Microsoft Defender for Endpoint in rings](/microsoft-365/security/defender-endpoint/deployment-rings?view=o365-21vianet) | modified |
-| 1/11/2022 | Pilot Defender for Endpoint evaluation | removed |
-| 1/11/2022 | Evaluate Microsoft 365 Defender for Endpoint overview | removed |
-| 1/11/2022 | Experience Microsoft Defender for Endpoint (MDE) through simulated attacks | removed |
-| 1/11/2022 | [Troubleshooting issues when switching to Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/switch-to-mde-troubleshooting?view=o365-21vianet) | modified |
-| 1/11/2022 | [Performance analyzer for Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/tune-performance-defender-antivirus?view=o365-21vianet) | modified |
-| 1/11/2022 | [Supported operating systems platforms and capabilities](/microsoft-365/security/defender-endpoint/tvm-supported-os?view=o365-21vianet) | modified |
-| 1/11/2022 | [Create the Microsoft 365 Defender Evaluation Environment](/microsoft-365/security/defender/eval-create-eval-environment?view=o365-21vianet) | modified |
-| 1/11/2022 | [Review Microsoft Defender for Endpoint architecture requirements and key concepts](/microsoft-365/security/defender/eval-defender-endpoint-architecture?view=o365-21vianet) | modified |
-| 1/11/2022 | [Enable Microsoft Defender for Endpoint evaluation](/microsoft-365/security/defender/eval-defender-endpoint-enable-eval?view=o365-21vianet) | modified |
-| 1/11/2022 | [Evaluate Microsoft Defender for Endpoint overview, including reviewing the architecture](/microsoft-365/security/defender/eval-defender-endpoint-overview?view=o365-21vianet) | modified |
-| 1/11/2022 | [Pilot Microsoft Defender for Endpoint](/microsoft-365/security/defender/eval-defender-endpoint-pilot?view=o365-21vianet) | modified |
-| 1/11/2022 | [Review architecture requirements and the technical framework for Microsoft Defender for Identity](/microsoft-365/security/defender/eval-defender-identity-architecture?view=o365-21vianet) | modified |
-| 1/11/2022 | [Enable the evaluation environment for Microsoft Defender for Identity](/microsoft-365/security/defender/eval-defender-identity-enable-eval?view=o365-21vianet) | modified |
-| 1/11/2022 | [Evaluate Microsoft 365 Defender for Identity overview, set up evaluation](/microsoft-365/security/defender/eval-defender-identity-overview?view=o365-21vianet) | modified |
-| 1/11/2022 | [Pilot Microsoft Defender for Identity](/microsoft-365/security/defender/eval-defender-identity-pilot?view=o365-21vianet) | modified |
-| 1/11/2022 | [Try Microsoft 365 Defender incident response capabilities in a pilot environment](/microsoft-365/security/defender/eval-defender-investigate-respond-additional?view=o365-21vianet) | modified |
-| 1/11/2022 | [Investigate and respond using Microsoft 365 Defender in a pilot environment](/microsoft-365/security/defender/eval-defender-investigate-respond?view=o365-21vianet) | modified |
-| 1/11/2022 | [Review architecture requirements and the structure for Microsoft Defender for Cloud Apps](/microsoft-365/security/defender/eval-defender-mcas-architecture?view=o365-21vianet) | modified |
-| 1/11/2022 | [Enable the evaluation environment for Microsoft Defender for Cloud Apps](/microsoft-365/security/defender/eval-defender-mcas-enable-eval?view=o365-21vianet) | modified |
-| 1/11/2022 | [Evaluate Microsoft Defender for Cloud Apps overview](/microsoft-365/security/defender/eval-defender-mcas-overview?view=o365-21vianet) | modified |
-| 1/11/2022 | [Pilot Microsoft Defender for Cloud Apps with Microsoft 365 Defender](/microsoft-365/security/defender/eval-defender-mcas-pilot?view=o365-21vianet) | modified |
-| 1/11/2022 | [Review architecture requirements and planning concepts for Microsoft Defender for Office 365](/microsoft-365/security/defender/eval-defender-office-365-architecture?view=o365-21vianet) | modified |
-| 1/11/2022 | [Enable the evaluation environment for Microsoft Defender for Office 365 in your production environment](/microsoft-365/security/defender/eval-defender-office-365-enable-eval?view=o365-21vianet) | modified |
-| 1/11/2022 | [Evaluate Microsoft Defender for Office 365 overview](/microsoft-365/security/defender/eval-defender-office-365-overview?view=o365-21vianet) | modified |
-| 1/11/2022 | [Pilot Microsoft Defender for Office 365, use the evaluation in your production environment](/microsoft-365/security/defender/eval-defender-office-365-pilot?view=o365-21vianet) | modified |
-| 1/11/2022 | [Promote your Microsoft 365 Defender evaluation environment to Production](/microsoft-365/security/defender/eval-defender-promote-to-production?view=o365-21vianet) | modified |
-| 1/11/2022 | [Threat Explorer and Real-time detections](/microsoft-365/security/office-365-security/threat-explorer?view=o365-21vianet) | modified |
-| 1/11/2022 | [How to use DKIM for email in your custom domain](/microsoft-365/security/office-365-security/use-dkim-to-validate-outbound-email?view=o365-21vianet) | modified |
-| 1/11/2022 | [User tags in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/user-tags?view=o365-21vianet) | modified |
-| 1/11/2022 | [Archive third-party data](/microsoft-365/compliance/archiving-third-party-data?view=o365-21vianet) | modified |
-| 1/11/2022 | [Disposition of content](/microsoft-365/compliance/disposition?view=o365-21vianet) | modified |
-| 1/11/2022 | [Document metadata fields in Advanced eDiscovery](/microsoft-365/compliance/document-metadata-fields-in-advanced-ediscovery?view=o365-21vianet) | modified |
-| 1/11/2022 | [Configure permissions filtering for eDiscovery](/microsoft-365/compliance/permissions-filtering-for-content-search?view=o365-21vianet) | modified |
-| 1/11/2022 | [Set up compliance boundaries for eDiscovery investigations](/microsoft-365/compliance/set-up-compliance-boundaries?view=o365-21vianet) | modified |
-| 1/11/2022 | [Send email notifications and show policy tips for DLP policies](/microsoft-365/compliance/use-notifications-and-policy-tips?view=o365-21vianet) | modified |
-| 1/11/2022 | [Microsoft Defender for Endpoint for non-Windows platforms](/microsoft-365/security/defender-endpoint/non-windows?view=o365-21vianet) | modified |
-| 1/11/2022 | [Top 12 tasks for security teams to support working from home](/microsoft-365/security/top-security-tasks-for-remote-work?view=o365-21vianet) | modified |
-| 1/12/2022 | [Use sensitivity labels with Microsoft Teams, Microsoft 365 groups, and SharePoint sites](/microsoft-365/compliance/sensitivity-labels-teams-groups-sites?view=o365-21vianet) | modified |
-| 1/12/2022 | [Apply a document understanding model in Microsoft SharePoint Syntex](/microsoft-365/contentunderstanding/apply-a-model) | modified |
-| 1/12/2022 | [Create a form processing model in Microsoft SharePoint Syntex](/microsoft-365/contentunderstanding/create-a-form-processing-model) | modified |
-| 1/12/2022 | [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-21vianet) | modified |
-| 1/12/2022 | [Deploy Microsoft Defender for Endpoint on Linux manually](/microsoft-365/security/defender-endpoint/linux-install-manually?view=o365-21vianet) | modified |
-| 1/12/2022 | [Supported operating systems platforms and capabilities](/microsoft-365/security/defender-endpoint/tvm-supported-os?view=o365-21vianet) | modified |
-| 1/12/2022 | [Understand device profiles](/microsoft-365/managed-desktop/service-description/profiles?view=o365-21vianet) | modified |
-| 1/12/2022 | [Reassign device profiles](/microsoft-365/managed-desktop/working-with-managed-desktop/change-device-profile?view=o365-21vianet) | modified |
-| 1/13/2022 | [Case study - Contoso quickly configures an inappropriate text policy for Microsoft Teams, Exchange, and Yammer communications](/microsoft-365/compliance/communication-compliance-case-study?view=o365-21vianet) | modified |
-| 1/13/2022 | [Get started with communication compliance](/microsoft-365/compliance/communication-compliance-configure?view=o365-21vianet) | modified |
-| 1/13/2022 | [Communication compliance policies](/microsoft-365/compliance/communication-compliance-policies?view=o365-21vianet) | modified |
-| 1/13/2022 | [Learn about communication compliance](/microsoft-365/compliance/communication-compliance?view=o365-21vianet) | modified |
-| 1/13/2022 | [Microsoft Managed Desktop and ITIL](/microsoft-365/managed-desktop/mmd-and-itsm?view=o365-21vianet) | modified |
-| 1/13/2022 | [Change history for Microsoft Managed Desktop documentation](/microsoft-365/managed-desktop/change-history-managed-desktop?view=o365-21vianet) | modified |
-| 1/13/2022 | [Address device name dependency](/microsoft-365/managed-desktop/get-ready/address-device-names?view=o365-21vianet) | modified |
-| 1/13/2022 | [Working with Microsoft Consulting Services](/microsoft-365/managed-desktop/get-ready/apps-mcs?view=o365-21vianet) | modified |
-| 1/13/2022 | [Apps in Microsoft Managed Desktop](/microsoft-365/managed-desktop/get-ready/apps?view=o365-21vianet) | modified |
-| 1/13/2022 | [Prepare on-premises resources access for Microsoft Managed Desktop](/microsoft-365/managed-desktop/get-ready/authentication?view=o365-21vianet) | modified |
-| 1/13/2022 | [Prepare certificates and network profiles for Microsoft Managed Desktop](/microsoft-365/managed-desktop/get-ready/certs-wifi-lan?view=o365-21vianet) | modified |
-| 1/13/2022 | [Prerequisites for guest accounts](/microsoft-365/managed-desktop/get-ready/guest-accounts?view=o365-21vianet) | modified |
-| 1/13/2022 | [Get ready for enrollment in Microsoft Managed Desktop](/microsoft-365/managed-desktop/get-ready/index?view=o365-21vianet) | modified |
-| 1/13/2022 | [Prepare mapped drives for Microsoft Managed Desktop](/microsoft-365/managed-desktop/get-ready/mapped-drives?view=o365-21vianet) | modified |
-| 1/13/2022 | [Network configuration for Microsoft Managed Desktop](/microsoft-365/managed-desktop/get-ready/network?view=o365-21vianet) | modified |
-| 1/13/2022 | [Prerequisites for Microsoft Managed Desktop](/microsoft-365/managed-desktop/get-ready/prerequisites?view=o365-21vianet) | modified |
-| 1/13/2022 | [Prepare printing resources for Microsoft Managed Desktop](/microsoft-365/managed-desktop/get-ready/printing?view=o365-21vianet) | modified |
-| 1/13/2022 | [Downloadable readiness assessment checker](/microsoft-365/managed-desktop/get-ready/readiness-assessment-downloadable?view=o365-21vianet) | modified |
-| 1/13/2022 | [Fix issues found by the readiness assessment tool](/microsoft-365/managed-desktop/get-ready/readiness-assessment-fix?view=o365-21vianet) | modified |
-| 1/13/2022 | [Readiness assessment tools](/microsoft-365/managed-desktop/get-ready/readiness-assessment-tool?view=o365-21vianet) | modified |
-| 1/13/2022 | [Access the Admin portal](/microsoft-365/managed-desktop/get-started/access-admin-portal?view=o365-21vianet) | modified |
-| 1/13/2022 | [Add and verify admin contacts in the Admin portal](/microsoft-365/managed-desktop/get-started/add-admin-contacts?view=o365-21vianet) | modified |
-| 1/13/2022 | [Assign licenses](/microsoft-365/managed-desktop/get-started/assign-licenses?view=o365-21vianet) | modified |
-| 1/13/2022 | [Install Intune Company Portal on devices](/microsoft-365/managed-desktop/get-started/company-portal?view=o365-21vianet) | modified |
-| 1/13/2022 | [Adjust settings after enrollment](/microsoft-365/managed-desktop/get-started/conditional-access?view=o365-21vianet) | modified |
-| 1/13/2022 | [Deploy apps to devices](/microsoft-365/managed-desktop/get-started/deploy-apps?view=o365-21vianet) | modified |
-| 1/13/2022 | [Windows 10 location service](/microsoft-365/managed-desktop/get-started/device-location?view=o365-21vianet) | modified |
-| 1/13/2022 | [Order devices in Microsoft Managed Desktop](/microsoft-365/managed-desktop/get-started/devices?view=o365-21vianet) | modified |
-| 1/13/2022 | [New Microsoft Edge](/microsoft-365/managed-desktop/get-started/edge-browser-app?view=o365-21vianet) | modified |
-| 1/13/2022 | [Enable user support features](/microsoft-365/managed-desktop/get-started/enable-support?view=o365-21vianet) | modified |
-| 1/13/2022 | [Enable Enterprise State Roaming](/microsoft-365/managed-desktop/get-started/enterprise-state-roaming?view=o365-21vianet) | modified |
-| 1/13/2022 | [First-run experience with Autopilot and the Enrollment Status Page](/microsoft-365/managed-desktop/get-started/esp-first-run?view=o365-21vianet) | modified |
-| 1/13/2022 | [Get started with app control](/microsoft-365/managed-desktop/get-started/get-started-app-control?view=o365-21vianet) | modified |
-| 1/13/2022 | [Get your users ready to use devices](/microsoft-365/managed-desktop/get-started/get-started-devices?view=o365-21vianet) | modified |
-| 1/13/2022 | [Get started with Microsoft Managed Desktop](/microsoft-365/managed-desktop/get-started/index?view=o365-21vianet) | modified |
-| 1/13/2022 | [Localize the user experience](/microsoft-365/managed-desktop/get-started/localization?view=o365-21vianet) | modified |
-| 1/13/2022 | [Microsoft 365 Apps for enterprise](/microsoft-365/managed-desktop/get-started/m365-apps?view=o365-21vianet) | modified |
-| 1/13/2022 | [Microsoft OneDrive](/microsoft-365/managed-desktop/get-started/onedrive?view=o365-21vianet) | modified |
-| 1/13/2022 | [Install Microsoft Project or Microsoft Visio on Microsoft Managed Desktop devices](/microsoft-365/managed-desktop/get-started/project-visio?view=o365-21vianet) | modified |
-| 1/13/2022 | [Steps for Partners to register devices](/microsoft-365/managed-desktop/get-started/register-devices-partner?view=o365-21vianet) | modified |
-| 1/13/2022 | [Register new devices yourself](/microsoft-365/managed-desktop/get-started/register-devices-self?view=o365-21vianet) | modified |
-| 1/13/2022 | [Register existing devices yourself](/microsoft-365/managed-desktop/get-started/register-reused-devices-self?view=o365-21vianet) | modified |
-| 1/13/2022 | [Set up devices for Microsoft Managed Desktop](/microsoft-365/managed-desktop/get-started/set-up-devices?view=o365-21vianet) | modified |
-| 1/13/2022 | [Microsoft Teams](/microsoft-365/managed-desktop/get-started/teams?view=o365-21vianet) | modified |
-| 1/13/2022 | [Validate new devices](/microsoft-365/managed-desktop/get-started/validate-device?view=o365-21vianet) | modified |
-| 1/13/2022 | [Microsoft Managed Desktop documentation # < 60 chars](/microsoft-365/managed-desktop/index?view=o365-21vianet) | modified |
-| 1/13/2022 | [Compliance](/microsoft-365/managed-desktop/intro/compliance?view=o365-21vianet) | modified |
-| 1/13/2022 | [What is Microsoft Managed Desktop?](/microsoft-365/managed-desktop/intro/index?view=o365-21vianet) | modified |
-| 1/13/2022 | [Microsoft Managed Desktop roles and responsibilities](/microsoft-365/managed-desktop/intro/roles-and-responsibilities?view=o365-21vianet) | modified |
-| 1/13/2022 | [Microsoft Managed Desktop technologies](/microsoft-365/managed-desktop/intro/technologies?view=o365-21vianet) | modified |
-| 1/13/2022 | [Microsoft Managed Desktop and Windows 11](/microsoft-365/managed-desktop/intro/win11-overview?view=o365-21vianet) | modified |
-| 1/13/2022 | [App control](/microsoft-365/managed-desktop/service-description/app-control?view=o365-21vianet) | modified |
-| 1/13/2022 | [Exceptions to the service plan](/microsoft-365/managed-desktop/service-description/customizing?view=o365-21vianet) | modified |
-| 1/13/2022 | [Device deployment groups](/microsoft-365/managed-desktop/service-description/deployment-groups?view=o365-21vianet) | modified |
-| 1/13/2022 | [Device images](/microsoft-365/managed-desktop/service-description/device-images?view=o365-21vianet) | modified |
-| 1/13/2022 | [Device names](/microsoft-365/managed-desktop/service-description/device-names?view=o365-21vianet) | modified |
-| 1/13/2022 | [Device configuration](/microsoft-365/managed-desktop/service-description/device-policies?view=o365-21vianet) | modified |
-| 1/13/2022 | [Device requirements](/microsoft-365/managed-desktop/service-description/device-requirements?view=o365-21vianet) | modified |
-| 1/13/2022 | [Microsoft Managed Desktop device services](/microsoft-365/managed-desktop/service-description/device-services?view=o365-21vianet) | modified |
-| 1/13/2022 | [Diagnostic logs](/microsoft-365/managed-desktop/service-description/diagnostic-logs?view=o365-21vianet) | modified |
-| 1/13/2022 | [Microsoft Managed Desktop service description](/microsoft-365/managed-desktop/service-description/index?view=o365-21vianet) | modified |
-| 1/13/2022 | [Microsoft Managed Desktop app requirements](/microsoft-365/managed-desktop/service-description/mmd-app-requirements?view=o365-21vianet) | modified |
-| 1/13/2022 | [Microsoft Managed Desktop operations and monitoring](/microsoft-365/managed-desktop/service-description/operations-and-monitoring?view=o365-21vianet) | modified |
-| 1/13/2022 | [Privacy and personal data](/microsoft-365/managed-desktop/service-description/privacy-personal-data?view=o365-21vianet) | modified |
-| 1/13/2022 | [Understand device profiles](/microsoft-365/managed-desktop/service-description/profiles?view=o365-21vianet) | modified |
-| 1/13/2022 | [Supported regions](/microsoft-365/managed-desktop/service-description/regions-languages?view=o365-21vianet) | modified |
-| 1/13/2022 | [Security operations in Microsoft Managed Desktop](/microsoft-365/managed-desktop/service-description/security-operations?view=o365-21vianet) | modified |
-| 1/13/2022 | [Security technologies in Microsoft Managed Desktop](/microsoft-365/managed-desktop/service-description/security?view=o365-21vianet) | modified |
-| 1/13/2022 | [Service changes and communication](/microsoft-365/managed-desktop/service-description/servicechanges?view=o365-21vianet) | modified |
-| 1/13/2022 | [Shared devices](/microsoft-365/managed-desktop/service-description/shared-devices?view=o365-21vianet) | modified |
-| 1/13/2022 | [Admin support](/microsoft-365/managed-desktop/service-description/support?view=o365-21vianet) | modified |
-| 1/13/2022 | [How updates are handled in Microsoft Managed Desktop](/microsoft-365/managed-desktop/service-description/updates?view=o365-21vianet) | modified |
-| 1/13/2022 | [User support](/microsoft-365/managed-desktop/service-description/user-support?view=o365-21vianet) | modified |
-| 1/13/2022 | [Admin support for Microsoft Managed Desktop](/microsoft-365/managed-desktop/working-with-managed-desktop/admin-support?view=o365-21vianet) | modified |
-| 1/13/2022 | [App usage report](/microsoft-365/managed-desktop/working-with-managed-desktop/app-usage-report?view=o365-21vianet) | modified |
-| 1/13/2022 | [Assign devices to a deployment group](/microsoft-365/managed-desktop/working-with-managed-desktop/assign-deployment-group?view=o365-21vianet) | modified |
-| 1/13/2022 | [Reassign device profiles](/microsoft-365/managed-desktop/working-with-managed-desktop/change-device-profile?view=o365-21vianet) | modified |
-| 1/13/2022 | [Deploy configurable settings in Microsoft Managed Desktop](/microsoft-365/managed-desktop/working-with-managed-desktop/config-setting-deploy?view=o365-21vianet) | modified |
-| 1/13/2022 | [Configurable settings for Microsoft Managed Desktop](/microsoft-365/managed-desktop/working-with-managed-desktop/config-setting-overview?view=o365-21vianet) | modified |
-| 1/13/2022 | [Configurable settings reference for Microsoft Managed Desktop](/microsoft-365/managed-desktop/working-with-managed-desktop/config-setting-ref?view=o365-21vianet) | modified |
-| 1/13/2022 | [Device inventory report](/microsoft-365/managed-desktop/working-with-managed-desktop/device-inventory-report?view=o365-21vianet) | modified |
-| 1/13/2022 | [Device status report](/microsoft-365/managed-desktop/working-with-managed-desktop/device-status-report?view=o365-21vianet) | modified |
-| 1/13/2022 | [Get user support for Microsoft Managed Desktop](/microsoft-365/managed-desktop/working-with-managed-desktop/end-user-support?view=o365-21vianet) | modified |
-| 1/13/2022 | [Working with Microsoft Managed Desktop](/microsoft-365/managed-desktop/working-with-managed-desktop/index?view=o365-21vianet) | modified |
-| 1/13/2022 | [Manage apps in Microsoft Managed Desktop](/microsoft-365/managed-desktop/working-with-managed-desktop/manage-apps?view=o365-21vianet) | modified |
-| 1/13/2022 | [Remove devices](/microsoft-365/managed-desktop/working-with-managed-desktop/remove-devices?view=o365-21vianet) | modified |
-| 1/13/2022 | [Work with reports](/microsoft-365/managed-desktop/working-with-managed-desktop/reports?view=o365-21vianet) | modified |
-| 1/13/2022 | [Windows security updates report](/microsoft-365/managed-desktop/working-with-managed-desktop/security-updates-report?view=o365-21vianet) | modified |
-| 1/13/2022 | [Preview and test Windows 11 with Microsoft Managed Desktop](/microsoft-365/managed-desktop/working-with-managed-desktop/test-win11-mmd?view=o365-21vianet) | modified |
-| 1/13/2022 | [Work with app control](/microsoft-365/managed-desktop/working-with-managed-desktop/work-with-app-control?view=o365-21vianet) | modified |
-| 1/13/2022 | [Configure automated investigation and response capabilities in Microsoft 365 Defender](/microsoft-365/security/defender/m365d-configure-auto-investigation-response?view=o365-21vianet) | modified |
-| 1/13/2022 | [Continuous access evaluation for Microsoft 365 - Microsoft 365 for enterprise](/microsoft-365/security/office-365-security/microsoft-365-continuous-access-evaluation?view=o365-21vianet) | modified |
-| 1/13/2022 | [Microsoft 365 Business Premium resources # < 60 chars](/microsoft-365/business/index?view=o365-21vianet) | modified |
-| 1/13/2022 | [Get started with custom sensitive information types](/microsoft-365/compliance/create-a-custom-sensitive-information-type?view=o365-21vianet) | modified |
-| 1/13/2022 | [Create eDiscovery holds in a Core eDiscovery case](/microsoft-365/compliance/create-ediscovery-holds?view=o365-21vianet) | modified |
-| 1/13/2022 | [Data Loss Prevention policy reference](/microsoft-365/compliance/dlp-policy-reference?view=o365-21vianet) | modified |
-| 1/13/2022 | [Microsoft 365 admin center help # < 60 chars](/microsoft-365/admin/index?view=o365-21vianet) | modified |
-| 1/13/2022 | [Top 20 most-viewed admin help articles this month # < 60 chars](/microsoft-365/admin/top-m365-admin-articles?view=o365-21vianet) | modified |
-| 1/13/2022 | [Delete items in the Recoverable Items folder of cloud mailbox's on hold](/microsoft-365/compliance/delete-items-in-the-recoverable-items-folder-of-mailboxes-on-hold?view=o365-21vianet) | modified |
-| 1/13/2022 | [DLP policy conditions, exceptions, and actions](/microsoft-365/compliance/dlp-conditions-and-exceptions?view=o365-21vianet) | modified |
-| 1/13/2022 | [What's new in Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-whatsnew?view=o365-21vianet) | modified |
-| 1/13/2022 | [Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-mac?view=o365-21vianet) | modified |
-| 1/13/2022 | [Microsoft recommendations for EOP and Defender for Office 365 security settings](/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365?view=o365-21vianet) | modified |
-| 1/13/2022 | [Service encryption with Customer Key](/microsoft-365/compliance/customer-key-overview?view=o365-21vianet) | modified |
-| 1/13/2022 | [Minimum requirements for Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/minimum-requirements?view=o365-21vianet) | modified |
-| 1/14/2022 | [Add staff to Bookings](/microsoft-365/bookings/add-staff?view=o365-21vianet) | modified |
-| 1/14/2022 | [Microsoft 365 Business Premium resources # < 60 chars](/microsoft-365/business/index?view=o365-21vianet) | modified |
-| 1/14/2022 | [Automatically apply a retention label to retain or delete content](/microsoft-365/compliance/apply-retention-labels-automatically?view=o365-21vianet) | modified |
-| 1/14/2022 | [Automatically apply a sensitivity label to content in Microsoft 365](/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-21vianet) | modified |
-| 1/14/2022 | [Learn about sensitive information types](/microsoft-365/compliance/sensitive-information-type-learn-about?view=o365-21vianet) | modified |
-| 1/14/2022 | [Microsoft 365 Zero Trust deployment plan](/microsoft-365/security/microsoft-365-zero-trust?view=o365-21vianet) | modified |
-| 1/14/2022 | [Microsoft Defender Antivirus on Windows Server](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-on-windows-server?view=o365-21vianet) | modified |
-| 1/14/2022 | [Protect security settings with tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-21vianet) | modified |
-| 1/14/2022 | [Step 1. Implement App Protection Policies](/microsoft-365/solutions/manage-devices-with-intune-app-protection?view=o365-21vianet) | modified |
-| 1/14/2022 | [Step 3. Set up compliance policies for devices with Intune](/microsoft-365/solutions/manage-devices-with-intune-compliance-policies?view=o365-21vianet) | modified |
-| 1/14/2022 | [Step 5. Deploy device profiles in Microsoft Intune](/microsoft-365/solutions/manage-devices-with-intune-configuration-profiles?view=o365-21vianet) | modified |
-| 1/14/2022 | [Step 7. Implement data loss prevention (DLP) with information protection capabilities](/microsoft-365/solutions/manage-devices-with-intune-dlp-mip?view=o365-21vianet) | modified |
-| 1/14/2022 | [Step 2. Enroll devices into management with Intune](/microsoft-365/solutions/manage-devices-with-intune-enroll?view=o365-21vianet) | modified |
-| 1/14/2022 | [Step 6. Monitor device risk and compliance to security baselines](/microsoft-365/solutions/manage-devices-with-intune-monitor-risk?view=o365-21vianet) | modified |
-| 1/14/2022 | [Manage devices with Intune](/microsoft-365/solutions/manage-devices-with-intune-overview?view=o365-21vianet) | modified |
-| 1/14/2022 | [Step 4. Require healthy and compliant devices with Intune](/microsoft-365/solutions/manage-devices-with-intune-require-compliance?view=o365-21vianet) | modified |
-| 1/14/2022 | [Office TLS Certificate Changes](/microsoft-365/compliance/encryption-office-365-tls-certificates-changes?view=o365-21vianet) | added |
-| 1/14/2022 | [Use data connectors to import and archive third-party data in Microsoft 365](/microsoft-365/compliance/archiving-third-party-data?view=o365-21vianet) | modified |
-| 1/14/2022 | [Get started with custom sensitive information types](/microsoft-365/compliance/create-a-custom-sensitive-information-type?view=o365-21vianet) | modified |
-| 1/14/2022 | [Detailed properties in the audit log](/microsoft-365/compliance/detailed-properties-in-the-office-365-audit-log?view=o365-21vianet) | modified |
-| 1/14/2022 | [Search the audit log in the Microsoft 365 compliance center](/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-21vianet) | modified |
-| 1/14/2022 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-21vianet) | modified |
-| 1/14/2022 | [Licensing for SharePoint Syntex](/microsoft-365/contentunderstanding/syntex-licensing) | modified |
-| 1/14/2022 | [View email security reports](/microsoft-365/security/office-365-security/view-email-security-reports?view=o365-21vianet) | modified |
-| 1/14/2022 | [Keyword queries and search conditions for eDiscovery](/microsoft-365/compliance/keyword-queries-and-search-conditions?view=o365-21vianet) | modified |
-| 1/14/2022 | [Microsoft Defender for Endpoint Device Control Device Installation](/microsoft-365/security/defender-endpoint/mde-device-control-device-installation?view=o365-21vianet) | modified |
-| 1/14/2022 | [Set up and configure Microsoft Defender for Endpoint Plan 1](/microsoft-365/security/defender-endpoint/mde-p1-setup-configuration?view=o365-21vianet) | modified |
-| 1/14/2022 | [Evaluate Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/office-365-evaluation?view=o365-21vianet) | modified |
+| 3/14/2022 | [Onboard your organization's devices to Microsoft Defender for Business](/microsoft-365/business-premium/m365bp-onboard-devices-mdb?view=o365-21vianet) | modified |
+| 3/14/2022 | [Use Cost management in the Microsoft 365 admin center](/microsoft-365/commerce/use-cost-mgmt?view=o365-21vianet) | modified |
+| 3/14/2022 | [Get started with content explorer](/microsoft-365/compliance/data-classification-content-explorer?view=o365-21vianet) | modified |
+| 3/14/2022 | [Use Office 365 Content Delivery Network (CDN) with SharePoint Online](/microsoft-365/enterprise/use-microsoft-365-cdn-with-spo?view=o365-21vianet) | modified |
+| 3/14/2022 | [How to check Microsoft 365 service health](/microsoft-365/enterprise/view-service-health?view=o365-21vianet) | modified |
+| 3/14/2022 | [Microsoft Defender for Endpoint Device Control Removable Storage Access Control, removable storage media](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control?view=o365-21vianet) | modified |
+| 3/14/2022 | [Manage Microsoft Defender Antivirus updates and apply baselines](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 3/14/2022 | [Microsoft Defender Antivirus compatibility with other security products](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility?view=o365-21vianet) | modified |
+| 3/14/2022 | [Microsoft Defender for Endpoint - Mobile Threat Defense](/microsoft-365/security/defender-endpoint/mtd?view=o365-21vianet) | modified |
+| 3/14/2022 | [Enable the Report Message or the Report Phishing add-ins](/microsoft-365/security/office-365-security/enable-the-report-message-add-in?view=o365-21vianet) | modified |
+| 3/14/2022 | [Onboard devices to Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-onboard-devices?view=o365-21vianet) | modified |
+| 3/14/2022 | [Overview of Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-overview?view=o365-21vianet) | modified |
+| 3/14/2022 | [Requirements for Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-requirements?view=o365-21vianet) | modified |
+| 3/14/2022 | [Enable Modern Authentication for Office 2013 on Windows devices](/microsoft-365/admin/security-and-compliance/enable-modern-authentication?view=o365-21vianet) | modified |
+| 3/14/2022 | [Microsoft 365 auditing solutions](/microsoft-365/compliance/auditing-solutions-overview?view=o365-21vianet) | modified |
+| 3/14/2022 | [Onboard and offboard macOS devices into Microsoft 365 Compliance solutions using JAMF Pro (preview)](/microsoft-365/compliance/device-onboarding-offboarding-macos-jamfpro?view=o365-21vianet) | modified |
+| 3/14/2022 | [Microsoft 365 eDiscovery solutions](/microsoft-365/compliance/ediscovery?view=o365-21vianet) | modified |
+| 3/14/2022 | [Create documents using content assembly in Microsoft SharePoint Syntex](/microsoft-365/contentunderstanding/content-assembly) | modified |
+| 3/14/2022 | [Office 365 IP Address and URL web service](/microsoft-365/enterprise/microsoft-365-ip-web-service?view=o365-21vianet) | modified |
+| 3/14/2022 | [Microsoft 365 network connectivity test tool](/microsoft-365/enterprise/office-365-network-mac-perf-onboarding-tool?view=o365-21vianet) | modified |
+| 3/14/2022 | [Network connectivity in the Microsoft 365 Admin Center](/microsoft-365/enterprise/office-365-network-mac-perf-overview?view=o365-21vianet) | modified |
+| 3/14/2022 | [Microsoft 365 network assessment](/microsoft-365/enterprise/office-365-network-mac-perf-score?view=o365-21vianet) | modified |
+| 3/14/2022 | [Overview of Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-overview?view=o365-21vianet) | modified |
+| 3/14/2022 | [Microsoft 365 Apps for enterprise](/microsoft-365/managed-desktop/get-started/m365-apps?view=o365-21vianet) | modified |
+| 3/14/2022 | [Configurable settings reference for Microsoft Managed Desktop](/microsoft-365/managed-desktop/working-with-managed-desktop/config-setting-ref?view=o365-21vianet) | modified |
+| 3/14/2022 | [Simulation automations for Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-simulation-automations?view=o365-21vianet) | modified |
+| 3/14/2022 | [Simulate a phishing attack with Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training?view=o365-21vianet) | modified |
+| 3/14/2022 | [View email security reports](/microsoft-365/security/office-365-security/view-email-security-reports?view=o365-21vianet) | modified |
+| 3/15/2022 | [Idle session timeout for Microsoft 365](/microsoft-365/admin/manage/idle-session-timeout-web-apps?view=o365-21vianet) | added |
+| 3/15/2022 | [Enable Modern Authentication for Office 2013 on Windows devices](/microsoft-365/admin/security-and-compliance/enable-modern-authentication?view=o365-21vianet) | modified |
+| 3/15/2022 | [Customer Lockbox Requests](/microsoft-365/compliance/customer-lockbox-requests?view=o365-21vianet) | modified |
+| 3/15/2022 | [Use sensitivity labels with Microsoft Teams, Microsoft 365 groups, and SharePoint sites](/microsoft-365/compliance/sensitivity-labels-teams-groups-sites?view=o365-21vianet) | modified |
+| 3/15/2022 | [Create documents using content assembly in Microsoft SharePoint Syntex](/microsoft-365/contentunderstanding/content-assembly) | modified |
+| 3/15/2022 | [Microsoft 365 network connectivity test tool](/microsoft-365/enterprise/office-365-network-mac-perf-onboarding-tool?view=o365-21vianet) | modified |
+| 3/15/2022 | [Deploy Microsoft 365 Lighthouse baselines](/microsoft-365/lighthouse/m365-lighthouse-deploy-baselines?view=o365-21vianet) | modified |
+| 3/15/2022 | [Overview of using baselines to deploy standard tenant configurations](/microsoft-365/lighthouse/m365-lighthouse-deploy-standard-tenant-configurations-overview?view=o365-21vianet) | modified |
+| 3/15/2022 | [View and edit your security settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-21vianet) | modified |
+| 3/15/2022 | [Onboard devices to Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-onboard-devices?view=o365-21vianet) | modified |
+| 3/15/2022 | [Onboard Windows servers to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-21vianet) | modified |
+| 3/15/2022 | [Create the Microsoft 365 Defender Evaluation Environment for greater cyber security and XDR](/microsoft-365/security/defender/eval-create-eval-environment?view=o365-21vianet) | modified |
+| 3/15/2022 | [Step 2. An Overview of Microsoft 365 Defender for Identity evaluation](/microsoft-365/security/defender/eval-defender-identity-overview?view=o365-21vianet) | modified |
+| 3/15/2022 | [Evaluate and pilot Microsoft 365 Defender, an XDR solution](/microsoft-365/security/defender/eval-overview?view=o365-21vianet) | modified |
+| 3/15/2022 | [View email security reports](/microsoft-365/security/office-365-security/view-email-security-reports?view=o365-21vianet) | modified |
+| 3/15/2022 | [Define mail flow rules to encrypt email messages](/microsoft-365/compliance/define-mail-flow-rules-to-encrypt-email?view=o365-21vianet) | modified |
+| 3/15/2022 | [Differences between estimated and actual eDiscovery search results](/microsoft-365/compliance/differences-between-estimated-and-actual-ediscovery-search-results?view=o365-21vianet) | modified |
+| 3/15/2022 | [Microsoft 365 eDiscovery solutions](/microsoft-365/compliance/ediscovery?view=o365-21vianet) | modified |
+| 3/15/2022 | [Restrict access to content using sensitivity labels to apply encryption](/microsoft-365/compliance/encryption-sensitivity-labels?view=o365-21vianet) | modified |
+| 3/15/2022 | [Get started with the Microsoft Service Trust Portal](/microsoft-365/compliance/get-started-with-service-trust-portal?view=o365-21vianet) | modified |
+| 3/15/2022 | [Insider risk management settings](/microsoft-365/compliance/insider-risk-management-settings?view=o365-21vianet) | modified |
+| 3/15/2022 | [Manage Office 365 Message Encryption](/microsoft-365/compliance/manage-office-365-message-encryption?view=o365-21vianet) | modified |
+| 3/15/2022 | Meet data protection and regulatory requirements with Compliance Manager for Microsoft cloud services | removed |
+| 3/15/2022 | [Advanced Message Encryption](/microsoft-365/compliance/ome-advanced-message-encryption?view=o365-21vianet) | modified |
+| 3/15/2022 | [Revoke email encrypted by Advanced Message Encryption](/microsoft-365/compliance/revoke-ome-encrypted-mail?view=o365-21vianet) | modified |
+| 3/15/2022 | [Known issues with Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-known-issues?view=o365-21vianet) | modified |
+| 3/15/2022 | [Set up roles to manage customer tenants](/microsoft-365/lighthouse/m365-lighthouse-set-up-roles?view=o365-21vianet) | modified |
+| 3/15/2022 | [Troubleshoot and resolve problems and error messages in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-troubleshoot?view=o365-21vianet) | modified |
+| 3/15/2022 | [Compare security features in Microsoft 365 plans for small and medium-sized businesses](/microsoft-365/security/defender-business/compare-mdb-m365-plans?view=o365-21vianet) | modified |
+| 3/15/2022 | [Get Microsoft Defender for Business](/microsoft-365/security/defender-business/get-defender-business?view=o365-21vianet) | modified |
+| 3/15/2022 | [Set up email notifications for your security team](/microsoft-365/security/defender-business/mdb-email-notifications?view=o365-21vianet) | modified |
+| 3/15/2022 | [Microsoft Defender for Business frequently asked questions](/microsoft-365/security/defender-business/mdb-faq?view=o365-21vianet) | modified |
+| 3/15/2022 | [Firewall in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-firewall?view=o365-21vianet) | modified |
+| 3/15/2022 | [Get started using the Microsoft 365 Defender portal](/microsoft-365/security/defender-business/mdb-get-started?view=o365-21vianet) | modified |
+| 3/15/2022 | [Overview of Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-overview?view=o365-21vianet) | modified |
+| 3/15/2022 | [Reports in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-reports?view=o365-21vianet) | modified |
+| 3/15/2022 | [Requirements for Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-requirements?view=o365-21vianet) | modified |
+| 3/15/2022 | [Respond to and mitigate threats in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-respond-mitigate-threats?view=o365-21vianet) | modified |
+| 3/15/2022 | [Assign roles and permissions in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-roles-permissions?view=o365-21vianet) | modified |
+| 3/15/2022 | [Set up and configure Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-setup-configuration?view=o365-21vianet) | modified |
+| 3/15/2022 | [The simplified configuration process in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-simplified-configuration?view=o365-21vianet) | modified |
+| 3/15/2022 | [Tutorials and simulations in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-tutorials?view=o365-21vianet) | modified |
+| 3/15/2022 | [Use the wizard to set up Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-use-wizard?view=o365-21vianet) | modified |
+| 3/15/2022 | [View or edit policies in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-view-edit-create-policies?view=o365-21vianet) | modified |
+| 3/15/2022 | [View and manage incidents in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-view-manage-incidents?view=o365-21vianet) | modified |
+| 3/15/2022 | [View your Threat & Vulnerability Management dashboard in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-view-tvm-dashboard?view=o365-21vianet) | modified |
+| 3/15/2022 | [Microsoft Defender Antivirus compatibility with other security products](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility?view=o365-21vianet) | modified |
+| 3/15/2022 | [Best practices for unauthenticated sharing](/microsoft-365/solutions/best-practices-anonymous-sharing?view=o365-21vianet) | modified |
+| 3/15/2022 | [Create indicators](/microsoft-365/security/defender-endpoint/manage-indicators?view=o365-21vianet) | modified |
+| 3/15/2022 | [Manage Microsoft Defender Antivirus updates and apply baselines](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 3/15/2022 | [Payload automations for Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-payload-automations?view=o365-21vianet) | modified |
+| 3/16/2022 | [Top 20 most-viewed admin help articles this month # < 60 chars](/microsoft-365/admin/top-m365-admin-articles?view=o365-21vianet) | modified |
+| 3/16/2022 | [Working with device groups in Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-device-groups-mdb?view=o365-21vianet) | modified |
+| 3/16/2022 | [Onboard your organization's devices to Microsoft Defender for Business](/microsoft-365/business-premium/m365bp-onboard-devices-mdb?view=o365-21vianet) | modified |
+| 3/16/2022 | [Review remediation actions in Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-review-remediation-actions-devices?view=o365-21vianet) | modified |
+| 3/16/2022 | [Set up Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-setup?view=o365-21vianet) | modified |
+| 3/16/2022 | [View or edit device protection policies](/microsoft-365/business-premium/m365bp-view-edit-create-mdb-policies?view=o365-21vianet) | modified |
+| 3/16/2022 | [Use Cost management in the Microsoft 365 admin center](/microsoft-365/commerce/use-cost-mgmt?view=o365-21vianet) | modified |
+| 3/16/2022 | [Archive Slack eDiscovery data to Microsoft 365 using a data connector provided by Microsoft](/microsoft-365/compliance/archive-slack-data-microsoft?view=o365-21vianet) | modified |
+| 3/16/2022 | [Onboard macOS devices into Microsoft 365 overview (preview)](/microsoft-365/compliance/device-onboarding-macos-overview?view=o365-21vianet) | modified |
+| 3/16/2022 | [Onboard and offboard macOS devices into Compliance solutions using Microsoft Intune for Microsoft Defender for Endpoint customers (preview)](/microsoft-365/compliance/device-onboarding-offboarding-macos-intune-mde?view=o365-21vianet) | modified |
+| 3/16/2022 | [Onboard and offboard macOS devices into Microsoft 365 Compliance solutions using Microsoft Intune (preview)](/microsoft-365/compliance/device-onboarding-offboarding-macos-intune?view=o365-21vianet) | modified |
+| 3/16/2022 | [Onboard and offboard macOS devices into Compliance solutions using JAMF Pro for Microsoft Defender for Endpoint customers (preview)](/microsoft-365/compliance/device-onboarding-offboarding-macos-jamfpro-mde?view=o365-21vianet) | modified |
+| 3/16/2022 | [Onboard and offboard macOS devices into Microsoft 365 Compliance solutions using JAMF Pro (preview)](/microsoft-365/compliance/device-onboarding-offboarding-macos-jamfpro?view=o365-21vianet) | modified |
+| 3/16/2022 | [Onboard Windows 10 or Windows 11 devices into Microsoft 365 overview](/microsoft-365/compliance/device-onboarding-overview?view=o365-21vianet) | modified |
+| 3/16/2022 | [Design a Data loss prevention policy](/microsoft-365/compliance/dlp-policy-design?view=o365-21vianet) | modified |
+| 3/16/2022 | [Learn about named entities (preview)](/microsoft-365/compliance/named-entities-learn?view=o365-21vianet) | modified |
+| 3/16/2022 | [Use named entities in your data loss prevention policies (preview)](/microsoft-365/compliance/named-entities-use?view=o365-21vianet) | modified |
+| 3/16/2022 | [Common usage scenarios for sensitive information types](/microsoft-365/compliance/sit-common-scenarios?view=o365-21vianet) | modified |
+| 3/16/2022 | [Get started with exact data match based sensitive information types](/microsoft-365/compliance/sit-get-started-exact-data-match-based-sits-overview?view=o365-21vianet) | modified |
+| 3/16/2022 | [Create exact data match sensitive information type/rule package](/microsoft-365/compliance/sit-get-started-exact-data-match-create-rule-package?view=o365-21vianet) | modified |
+| 3/16/2022 | [Create the schema for exact data match based sensitive information types](/microsoft-365/compliance/sit-get-started-exact-data-match-create-schema?view=o365-21vianet) | modified |
+| 3/16/2022 | [Export source data for exact data match based sensitive information type](/microsoft-365/compliance/sit-get-started-exact-data-match-export-data?view=o365-21vianet) | modified |
+| 3/16/2022 | [Hash and upload the sensitive information source table for exact data match sensitive information types](/microsoft-365/compliance/sit-get-started-exact-data-match-hash-upload?view=o365-21vianet) | modified |
+| 3/16/2022 | [Test an exact data match sensitive information type](/microsoft-365/compliance/sit-get-started-exact-data-match-test?view=o365-21vianet) | modified |
+| 3/16/2022 | [Learn about exact data match based sensitive information types](/microsoft-365/compliance/sit-learn-about-exact-data-match-based-sits?view=o365-21vianet) | modified |
+| 3/16/2022 | [Manage your exact data match schema](/microsoft-365/compliance/sit-use-exact-data-manage-schema?view=o365-21vianet) | modified |
+| 3/16/2022 | [Refresh your exact data matchsensitive information source table file](/microsoft-365/compliance/sit-use-exact-data-refresh-data?view=o365-21vianet) | modified |
+| 3/16/2022 | [Search for metadata in document libraries in Microsoft SharePoint Syntex](/microsoft-365/contentunderstanding/metadata-search) | modified |
+| 3/16/2022 | [Work with document understanding model explanations in PowerShell](/microsoft-365/contentunderstanding/powershell-syntex-explanations) | modified |
+| 3/16/2022 | [Export and import document understanding models with PowerShell](/microsoft-365/contentunderstanding/powershell-syntex-import-export) | modified |
+| 3/16/2022 | [Manage SharePoint Syntex with PowerShell](/microsoft-365/contentunderstanding/powershell-syntex-intro) | modified |
+| 3/16/2022 | [Use PowerShell to request processing by a document understanding model](/microsoft-365/contentunderstanding/powershell-syntex-processing) | modified |
+| 3/16/2022 | [Publish document understanding models with PowerShell](/microsoft-365/contentunderstanding/powershell-syntex-publishing) | modified |
+| 3/16/2022 | [Localize the user experience](/microsoft-365/managed-desktop/get-started/localization?view=o365-21vianet) | modified |
+| 3/16/2022 | [Shared devices](/microsoft-365/managed-desktop/service-description/shared-devices?view=o365-21vianet) | modified |
+| 3/16/2022 | [Compare security features in Microsoft 365 plans for small and medium-sized businesses](/microsoft-365/security/defender-business/compare-mdb-m365-plans?view=o365-21vianet) | modified |
+| 3/16/2022 | [Get Microsoft Defender for Business](/microsoft-365/security/defender-business/get-defender-business?view=o365-21vianet) | modified |
+| 3/16/2022 | [View and edit your security settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-21vianet) | modified |
+| 3/16/2022 | [Device groups in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-create-edit-device-groups?view=o365-21vianet) | modified |
+| 3/16/2022 | [Manage custom rules for firewall policies in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-custom-rules-firewall?view=o365-21vianet) | modified |
+| 3/16/2022 | [Set up email notifications for your security team](/microsoft-365/security/defender-business/mdb-email-notifications?view=o365-21vianet) | modified |
+| 3/16/2022 | [Microsoft Defender for Business frequently asked questions](/microsoft-365/security/defender-business/mdb-faq?view=o365-21vianet) | modified |
+| 3/16/2022 | [Firewall in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-firewall?view=o365-21vianet) | modified |
+| 3/16/2022 | [Get started using the Microsoft 365 Defender portal](/microsoft-365/security/defender-business/mdb-get-started?view=o365-21vianet) | modified |
+| 3/16/2022 | [Microsoft 365 Lighthouse and Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-lighthouse-integration?view=o365-21vianet) | modified |
+| 3/16/2022 | [Manage devices in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-manage-devices?view=o365-21vianet) | modified |
+| 3/16/2022 | [Understand next-generation protection configuration settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-next-gen-configuration-settings?view=o365-21vianet) | modified |
+| 3/16/2022 | [Onboard devices to Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-onboard-devices?view=o365-21vianet) | modified |
+| 3/16/2022 | [Overview of Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-overview?view=o365-21vianet) | modified |
+| 3/16/2022 | [Understand policy order in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-policy-order?view=o365-21vianet) | modified |
+| 3/16/2022 | [Reports in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-reports?view=o365-21vianet) | modified |
+| 3/16/2022 | [Requirements for Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-requirements?view=o365-21vianet) | modified |
+| 3/16/2022 | [Respond to and mitigate threats in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-respond-mitigate-threats?view=o365-21vianet) | modified |
+| 3/16/2022 | [Review remediation actions in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-review-remediation-actions?view=o365-21vianet) | modified |
+| 3/16/2022 | [Assign roles and permissions in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-roles-permissions?view=o365-21vianet) | modified |
+| 3/16/2022 | [Set up and configure Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-setup-configuration?view=o365-21vianet) | modified |
+| 3/16/2022 | [The simplified configuration process in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-simplified-configuration?view=o365-21vianet) | modified |
+| 3/16/2022 | [Microsoft Defender for Business troubleshooting](/microsoft-365/security/defender-business/mdb-troubleshooting?view=o365-21vianet) | modified |
+| 3/16/2022 | [Tutorials and simulations in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-tutorials?view=o365-21vianet) | modified |
+| 3/16/2022 | [Use the wizard to set up Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-use-wizard?view=o365-21vianet) | modified |
+| 3/16/2022 | [View or edit policies in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-view-edit-create-policies?view=o365-21vianet) | modified |
+| 3/16/2022 | [View and manage incidents in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-view-manage-incidents?view=o365-21vianet) | modified |
+| 3/16/2022 | [View your Threat & Vulnerability Management dashboard in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-view-tvm-dashboard?view=o365-21vianet) | modified |
+| 3/16/2022 | [Configure Microsoft Defender for Endpoint risk signals using App Protection Policies (MAM)](/microsoft-365/security/defender-endpoint/android-configure-mam?view=o365-21vianet) | modified |
+| 3/16/2022 | [Integration with Microsoft Defender for Cloud](/microsoft-365/security/defender-endpoint/azure-server-integration?view=o365-21vianet) | modified |
+| 3/16/2022 | [Delete a file from the live response library](/microsoft-365/security/defender-endpoint/delete-library?view=o365-21vianet) | modified |
+| 3/16/2022 | [App-based deployment for Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-install?view=o365-21vianet) | modified |
+| 3/16/2022 | [List library files](/microsoft-365/security/defender-endpoint/list-library-files?view=o365-21vianet) | modified |
+| 3/16/2022 | [Live response library methods and properties](/microsoft-365/security/defender-endpoint/live-response-library-methods?view=o365-21vianet) | modified |
+| 3/16/2022 | [Manage Microsoft Defender Antivirus updates and apply baselines](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 3/16/2022 | [Manage Microsoft Defender for Endpoint configuration settings on devices with Microsoft Endpoint Manager](/microsoft-365/security/defender-endpoint/security-config-management?view=o365-21vianet) | modified |
+| 3/16/2022 | [Server migration scenarios for the new version of Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/server-migration?view=o365-21vianet) | modified |
+| 3/16/2022 | [Upload files to the live response library](/microsoft-365/security/defender-endpoint/upload-library?view=o365-21vianet) | modified |
+| 3/16/2022 | [Link query results to an incident](/microsoft-365/security/defender/advanced-hunting-link-to-incident?view=o365-21vianet) | modified |
+| 3/16/2022 | [Train your security staff for Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-defender-train-security-staff?view=o365-21vianet) | modified |
+| 3/16/2022 | [Payload automations for Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-payload-automations?view=o365-21vianet) | modified |
+| 3/16/2022 | [Simulation automations for Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-simulation-automations?view=o365-21vianet) | modified |
+| 3/16/2022 | [End-user notifications for Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-traning-end-user-notifications?view=o365-21vianet) | modified |
+| 3/16/2022 | [Microsoft Compliance Configuration Analyzer for Compliance Manager](/microsoft-365/compliance/compliance-manager-mcca?view=o365-21vianet) | modified |
+| 3/16/2022 | [Get started with Microsoft Compliance Manager](/microsoft-365/compliance/compliance-manager-setup?view=o365-21vianet) | modified |
+| 3/16/2022 | [Get started with the Microsoft Service Trust Portal](/microsoft-365/compliance/get-started-with-service-trust-portal?view=o365-21vianet) | modified |
+| 3/16/2022 | [Readiness assessment tools](/microsoft-365/managed-desktop/get-ready/readiness-assessment-tool?view=o365-21vianet) | modified |
+| 3/16/2022 | [Endpoint detection and response in block mode](/microsoft-365/security/defender-endpoint/edr-in-block-mode?view=o365-21vianet) | modified |
+| 3/16/2022 | [Microsoft Defender Antivirus compatibility with other security products](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility?view=o365-21vianet) | modified |
+| 3/17/2022 | [Create and configure retention policies to automatically retain or delete content](/microsoft-365/compliance/create-retention-policies?view=o365-21vianet) | modified |
+| 3/17/2022 | [Address false positives/negatives in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/defender-endpoint-false-positives-negatives?view=o365-21vianet) | modified |
+| 3/17/2022 | [Evaluate and pilot Microsoft 365 Defender, an XDR solution](/microsoft-365/security/defender/eval-overview?view=o365-21vianet) | modified |
+| 3/17/2022 | Redirecting accounts from Office 365 Security and Compliance Center to the new Microsoft 365 Defender | removed |
+| 3/17/2022 | [Configure anti-phishing policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/configure-mdo-anti-phishing-policies?view=o365-21vianet) | modified |
+| 3/17/2022 | [Permissions - Security & Compliance Center](/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center?view=o365-21vianet) | modified |
+| 3/17/2022 | [View email security reports](/microsoft-365/security/office-365-security/view-email-security-reports?view=o365-21vianet) | modified |
+| 3/17/2022 | [View Defender for Office 365 reports](/microsoft-365/security/office-365-security/view-reports-for-mdo?view=o365-21vianet) | modified |
+| 3/17/2022 | [Basic Mobility and Security frequently-asked questions (FAQ)](/microsoft-365/admin/basic-mobility-security/frequently-asked-questions?view=o365-21vianet) | modified |
+| 3/17/2022 | [Centralized Deployment FAQ](/microsoft-365/admin/manage/centralized-deployment-faq?view=o365-21vianet) | modified |
+| 3/17/2022 | [Microsoft 365 Business Premium frequently asked questions](/microsoft-365/admin/misc/microsoft-365-business-faqs?view=o365-21vianet) | modified |
+| 3/17/2022 | [Domains Frequently Asked Questions](/microsoft-365/admin/setup/domains-faq?view=o365-21vianet) | modified |
+| 3/17/2022 | [Microsoft Bookings Frequently Asked Questions](/microsoft-365/bookings/bookings-faq?view=o365-21vianet) | modified |
+| 3/17/2022 | [Downloads Frequently Asked Questions](/microsoft-365/commerce/licenses/downloads-faq?view=o365-21vianet) | modified |
+| 3/17/2022 | [Online service activation for Open program Frequently Asked Questions](/microsoft-365/commerce/licenses/online-service-activation-faq?view=o365-21vianet) | modified |
+| 3/17/2022 | [Product keys Frequently Asked Questions](/microsoft-365/commerce/licenses/product-keys-faq?view=o365-21vianet) | modified |
+| 3/17/2022 | [Microsoft Home Use Program frequently-asked questions (FAQ)](/microsoft-365/commerce/microsoft-home-use-program-faq?view=o365-21vianet) | modified |
+| 3/17/2022 | [Self-service purchase FAQ](/microsoft-365/commerce/subscriptions/self-service-purchase-faq?view=o365-21vianet) | modified |
+| 3/17/2022 | [Microsoft Compliance Manager premium assessments trial playbook](/microsoft-365/compliance/compliance-easy-trials-compliance-manager-assessment-playbook?view=o365-21vianet) | modified |
+| 3/17/2022 | [Microsoft 365 compliance solutions trial playbook](/microsoft-365/compliance/compliance-easy-trials-compliance-playbook?view=o365-21vianet) | modified |
+| 3/17/2022 | [About the Microsoft 365 compliance trial](/microsoft-365/compliance/compliance-easy-trials?view=o365-21vianet) | modified |
+| 3/17/2022 | [Microsoft Compliance Manager FAQ](/microsoft-365/compliance/compliance-manager-faq?view=o365-21vianet) | modified |
+| 3/17/2022 | [FAQ about importing PST files](/microsoft-365/compliance/faqimporting-pst-files-to-office-365?view=o365-21vianet) | modified |
+| 3/17/2022 | [Message Encryption FAQ](/microsoft-365/compliance/ome-faq?view=o365-21vianet) | modified |
+| 3/17/2022 | [Plan for security &amp; compliance](/microsoft-365/compliance/plan-for-security-and-compliance?view=o365-21vianet) | modified |
+| 3/17/2022 | [Protect user and device access](/microsoft-365/compliance/protect-access-to-data-and-services?view=o365-21vianet) | modified |
+| 3/17/2022 | [Set up encryption in Office 365 Enterprise](/microsoft-365/compliance/set-up-encryption?view=o365-21vianet) | modified |
+| 3/17/2022 | [Microsoft 365 Compliance trial terms and conditions](/microsoft-365/compliance/terms-conditions?view=o365-21vianet) | modified |
+| 3/17/2022 | [Address space calculator for Azure gateway subnets](/microsoft-365/enterprise/address-space-calculator-for-azure-gateway-subnets?view=o365-21vianet) | modified |
+| 3/17/2022 | [Test Microsoft 365 with Test Lab Guides (TLGs)](/microsoft-365/enterprise/cloud-adoption-test-lab-guides-tlgs?view=o365-21vianet) | modified |
+| 3/17/2022 | [Create SharePoint Online sites and add users with PowerShell](/microsoft-365/enterprise/create-sharepoint-sites-and-add-users-with-powershell?view=o365-21vianet) | modified |
+| 3/17/2022 | [Data move general FAQ](/microsoft-365/enterprise/data-move-faq?view=o365-21vianet) | modified |
+| 3/17/2022 | [Get started with PowerShell for Microsoft 365](/microsoft-365/enterprise/getting-started-with-microsoft-365-powershell?view=o365-21vianet) | modified |
+| 3/17/2022 | [Hybrid solutions](/microsoft-365/enterprise/hybrid-solutions?view=o365-21vianet) | modified |
+| 3/17/2022 | [Integrated apps and Azure AD for Microsoft 365 administrators](/microsoft-365/enterprise/integrated-apps-and-azure-ads?view=o365-21vianet) | modified |
+| 3/17/2022 | [Microsoft 365 for enterprise Test Lab Guides](/microsoft-365/enterprise/m365-enterprise-test-lab-guides?view=o365-21vianet) | modified |
+| 3/17/2022 | [Manage Microsoft 365 with PowerShell](/microsoft-365/enterprise/manage-microsoft-365-with-microsoft-365-powershell?view=o365-21vianet) | modified |
+| 3/17/2022 | [Manage Microsoft 365 with Windows PowerShell for DAP partners](/microsoft-365/enterprise/manage-microsoft-365-with-windows-powershell-for-delegated-access-permissions-dap-p?view=o365-21vianet) | modified |
+| 3/17/2022 | [Manage SharePoint with PowerShell](/microsoft-365/enterprise/manage-sharepoint-online-with-microsoft-365-powershell?view=o365-21vianet) | modified |
+| 3/17/2022 | [Manage SharePoint Online site groups with PowerShell](/microsoft-365/enterprise/manage-sharepoint-site-groups-with-powershell?view=o365-21vianet) | modified |
+| 3/17/2022 | [Manage SharePoint Online users and groups with PowerShell](/microsoft-365/enterprise/manage-sharepoint-users-and-groups-with-powershell?view=o365-21vianet) | modified |
+| 3/17/2022 | [Manage Microsoft 365 user accounts, licenses, and groups with PowerShell](/microsoft-365/enterprise/manage-user-accounts-and-licenses-with-microsoft-365-powershell?view=o365-21vianet) | modified |
+| 3/17/2022 | [Microsoft 365 endpoints](/microsoft-365/enterprise/microsoft-365-endpoints?view=o365-21vianet) | modified |
+| 3/17/2022 | [Microsoft 365 community resources for PowerShell](/microsoft-365/enterprise/microsoft-365-powershell-community-resources?view=o365-21vianet) | modified |
+| 3/17/2022 | [Set up your network for Microsoft 365](/microsoft-365/enterprise/set-up-network-for-microsoft-365?view=o365-21vianet) | modified |
+| 3/17/2022 | [Skype for Business Online in Office 365 - Admin Help](/microsoft-365/enterprise/skype-for-business-online?view=o365-21vianet) | modified |
+| 3/17/2022 | [Use PowerShell to migrate email to Microsoft 365](/microsoft-365/enterprise/use-powershell-for-email-migration-to-microsoft-365?view=o365-21vianet) | modified |
+| 3/17/2022 | [Use PowerShell to create reports for Microsoft 365](/microsoft-365/enterprise/use-windows-powershell-to-create-reports-in-microsoft-365?view=o365-21vianet) | modified |
+| 3/17/2022 | [Microsoft 365 Lighthouse frequently asked questions (FAQs)](/microsoft-365/lighthouse/m365-lighthouse-faq?view=o365-21vianet) | modified |
+| 3/17/2022 | [Microsoft Defender for Business frequently asked questions](/microsoft-365/security/defender-business/mdb-faq?view=o365-21vianet) | modified |
+| 3/17/2022 | [Microsoft Defender for Business troubleshooting](/microsoft-365/security/defender-business/mdb-troubleshooting?view=o365-21vianet) | modified |
+| 3/17/2022 | [Attack surface reduction frequently asked questions (FAQ)](/microsoft-365/security/defender-endpoint/attack-surface-reduction-faq?view=o365-21vianet) | modified |
+| 3/17/2022 | [About the Microsoft Defender for Office 365 trial](/microsoft-365/security/office-365-security/about-defender-for-office-365-trial?view=o365-21vianet) | modified |
+| 3/17/2022 | [Manage submissions](/microsoft-365/security/office-365-security/admin-submission?view=o365-21vianet) | modified |
+| 3/17/2022 | [ASF settings in EOP](/microsoft-365/security/office-365-security/advanced-spam-filtering-asf-options?view=o365-21vianet) | modified |
+| 3/17/2022 | [Custom reporting solutions with automated investigation and response](/microsoft-365/security/office-365-security/air-custom-reporting?view=o365-21vianet) | modified |
+| 3/17/2022 | [How to report false positives or false negatives following automated investigation in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/air-report-false-positives-negatives?view=o365-21vianet) | modified |
+| 3/17/2022 | [View the results of an automated investigation in Microsoft 365](/microsoft-365/security/office-365-security/air-view-investigation-results?view=o365-21vianet) | modified |
+| 3/17/2022 | [Alerts in the Microsoft 365 Defender portal](/microsoft-365/security/office-365-security/alerts?view=o365-21vianet) | modified |
+| 3/17/2022 | [Anti-malware protection FAQ](/microsoft-365/security/office-365-security/anti-malware-protection-faq-eop?view=o365-21vianet) | modified |
+| 3/17/2022 | [Anti-spam and anti-malware protection](/microsoft-365/security/office-365-security/anti-spam-and-anti-malware-protection?view=o365-21vianet) | modified |
+| 3/17/2022 | [Anti-spam message headers](/microsoft-365/security/office-365-security/anti-spam-message-headers?view=o365-21vianet) | modified |
+| 3/17/2022 | [Anti-spam protection FAQ](/microsoft-365/security/office-365-security/anti-spam-protection-faq?view=o365-21vianet) | modified |
+| 3/17/2022 | [Anti-spoofing protection FAQ](/microsoft-365/security/office-365-security/anti-spoofing-protection-faq?view=o365-21vianet) | modified |
+| 3/17/2022 | [Bulk complaint level values](/microsoft-365/security/office-365-security/bulk-complaint-level-values?view=o365-21vianet) | modified |
+| 3/17/2022 | [Configure junk email settings on Exchange Online mailboxes](/microsoft-365/security/office-365-security/configure-junk-email-settings-on-exo-mailboxes?view=o365-21vianet) | modified |
+| 3/17/2022 | [Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/defender-for-office-365?view=o365-21vianet) | modified |
+| 3/17/2022 | [Delegated administration FAQ](/microsoft-365/security/office-365-security/delegated-administration-faq?view=o365-21vianet) | modified |
+| 3/17/2022 | [EOP general FAQ](/microsoft-365/security/office-365-security/eop-general-faq?view=o365-21vianet) | modified |
+| 3/17/2022 | [EOP queued, deferred, and bounced messages FAQ](/microsoft-365/security/office-365-security/eop-queued-deferred-and-bounced-messages-faq?view=o365-21vianet) | modified |
+| 3/17/2022 | [Configuring and controlling external email forwarding in Microsoft 365.](/microsoft-365/security/office-365-security/external-email-forwarding?view=o365-21vianet) | modified |
+| 3/17/2022 | [Find and release quarantined messages as a user](/microsoft-365/security/office-365-security/find-and-release-quarantined-messages-as-a-user?view=o365-21vianet) | modified |
+| 3/17/2022 | [Help and support for EOP](/microsoft-365/security/office-365-security/help-and-support-for-eop?view=o365-21vianet) | modified |
+| 3/17/2022 | [Order and precedence of email protection](/microsoft-365/security/office-365-security/how-policies-and-protections-are-combined?view=o365-21vianet) | modified |
+| 3/17/2022 | [Common Zero Trust identity and device access policies - Microsoft 365 for enterprise \| Microsoft Docs](/microsoft-365/security/office-365-security/identity-access-policies?view=o365-21vianet) | modified |
+| 3/17/2022 | [Prerequisite work for implementing identity and device access policies - Microsoft 365 for enterprise \| Microsoft Docs](/microsoft-365/security/office-365-security/identity-access-prerequisites?view=o365-21vianet) | modified |
+| 3/17/2022 | [Application Guard for Office for admins](/microsoft-365/security/office-365-security/install-app-guard?view=o365-21vianet) | modified |
+| 3/17/2022 | [Investigate malicious email that was delivered in Microsoft 365, Find and investigate malicious email](/microsoft-365/security/office-365-security/investigate-malicious-email-that-was-delivered?view=o365-21vianet) | modified |
+| 3/17/2022 | [Continuous access evaluation for Microsoft 365 - Microsoft 365 for enterprise](/microsoft-365/security/office-365-security/microsoft-365-continuous-access-evaluation?view=o365-21vianet) | modified |
+| 3/17/2022 | [Zero Trust identity and device access configurations - Microsoft 365 for enterprise](/microsoft-365/security/office-365-security/microsoft-365-policies-configurations?view=o365-21vianet) | modified |
+| 3/17/2022 | [Migrate from a third-party protection service to Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/migrate-to-defender-for-office-365?view=o365-21vianet) | modified |
+| 3/17/2022 | [Monitor for leaks of personal data](/microsoft-365/security/office-365-security/monitor-for-leaks-of-personal-data?view=o365-21vianet) | modified |
+| 3/17/2022 | [Automated investigation and response in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/office-365-air?view=o365-21vianet) | modified |
+| 3/17/2022 | [Evaluate Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/office-365-evaluation?view=o365-21vianet) | modified |
+| 3/17/2022 | [Threat investigation & response capabilities - Microsoft Defender for Office 365 Plan 2](/microsoft-365/security/office-365-security/office-365-ti?view=o365-21vianet) | modified |
+| 3/17/2022 | [Office 365 Security overview, Microsoft Defender for Office 365, EOP, MSDO](/microsoft-365/security/office-365-security/old-index?view=o365-21vianet) | modified |
+| 3/17/2022 | [Office 365 Security including Microsoft Defender for Office 365 and Exchange Online Protection](/microsoft-365/security/office-365-security/overview?view=o365-21vianet) | modified |
+| 3/17/2022 | [Permissions in the Microsoft 365 Defender portal](/microsoft-365/security/office-365-security/permissions-microsoft-365-security-center?view=o365-21vianet) | modified |
+| 3/17/2022 | [Protect against threats in Microsoft Defender for Office 365, Anti-malware, Anti-Phishing, Anti-spam, Safe links, Safe attachments, Zero-hour auto purge (ZAP), MDO security configuration](/microsoft-365/security/office-365-security/protect-against-threats?view=o365-21vianet) | modified |
+| 3/17/2022 | [Quarantined messages FAQ](/microsoft-365/security/office-365-security/quarantine-faq?view=o365-21vianet) | modified |
+| 3/17/2022 | [Quarantine policies](/microsoft-365/security/office-365-security/quarantine-policies?view=o365-21vianet) | modified |
+| 3/17/2022 | [Microsoft recommendations for EOP and Defender for Office 365 security settings](/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365?view=o365-21vianet) | modified |
+| 3/17/2022 | [Report spam, non-spam, and phishing messages to Microsoft](/microsoft-365/security/office-365-security/report-junk-email-messages-to-microsoft?view=o365-21vianet) | modified |
+| 3/17/2022 | [Reporting and message trace](/microsoft-365/security/office-365-security/reporting-and-message-trace-in-exchange-online-protection?view=o365-21vianet) | modified |
+| 3/17/2022 | [Smart reports, insights - Microsoft 365 Security & Compliance Center](/microsoft-365/security/office-365-security/reports-and-insights-in-security-and-compliance?view=o365-21vianet) | modified |
+| 3/17/2022 | [Safe Attachments](/microsoft-365/security/office-365-security/safe-attachments?view=o365-21vianet) | modified |
+| 3/17/2022 | [Complete Safe Links overview for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/safe-links?view=o365-21vianet) | modified |
+| 3/17/2022 | [Secure email recommended policies - Microsoft 365 for enterprise \| Microsoft Docs](/microsoft-365/security/office-365-security/secure-email-recommended-policies?view=o365-21vianet) | modified |
+| 3/17/2022 | [Security dashboard overview](/microsoft-365/security/office-365-security/security-dashboard?view=o365-21vianet) | modified |
+| 3/17/2022 | [Security recommendations for priority accounts in Microsoft 365, priority accounts, priority accounts in Office 365, priority accounts in Microsoft 365](/microsoft-365/security/office-365-security/security-recommendations-for-priority-accounts?view=o365-21vianet) | modified |
+| 3/17/2022 | [Microsoft 365 security roadmap - Top priorities](/microsoft-365/security/office-365-security/security-roadmap?view=o365-21vianet) | modified |
+| 3/17/2022 | [Sending mail to Microsoft 365](/microsoft-365/security/office-365-security/sending-mail-to-office-365?view=o365-21vianet) | modified |
+| 3/17/2022 | [Services for non-customers sending mail to Microsoft 365](/microsoft-365/security/office-365-security/services-for-non-customers?view=o365-21vianet) | modified |
+| 3/17/2022 | [Anti-phishing policies](/microsoft-365/security/office-365-security/set-up-anti-phishing-policies?view=o365-21vianet) | modified |
+| 3/17/2022 | [Recommended secure document policies - Microsoft 365 for enterprise \| Microsoft Docs](/microsoft-365/security/office-365-security/sharepoint-file-access-policies?view=o365-21vianet) | modified |
+| 3/17/2022 | [Spam confidence level](/microsoft-365/security/office-365-security/spam-confidence-levels?view=o365-21vianet) | modified |
+| 3/17/2022 | [Recommended Teams policies - Microsoft 365 for enterprise \| Microsoft Docs](/microsoft-365/security/office-365-security/teams-access-policies?view=o365-21vianet) | modified |
+| 3/17/2022 | [Configure your Microsoft 365 tenant for increased security](/microsoft-365/security/office-365-security/tenant-wide-setup-for-increased-security?view=o365-21vianet) | modified |
+| 3/17/2022 | [Views in Threat Explorer and real-time detections](/microsoft-365/security/office-365-security/threat-explorer-views?view=o365-21vianet) | modified |
+| 3/17/2022 | [Threat Explorer and Real-time detections](/microsoft-365/security/office-365-security/threat-explorer?view=o365-21vianet) | modified |
+| 3/17/2022 | [Microsoft Defender for Office 365 trial playbook](/microsoft-365/security/office-365-security/trial-playbook-defender-for-office-365?view=o365-21vianet) | modified |
+| 3/18/2022 | [Microsoft 365 admin center activity reports](/microsoft-365/admin/activity-reports/activity-reports?view=o365-21vianet) | modified |
+| 3/18/2022 | [Document metadata fields in Advanced eDiscovery](/microsoft-365/compliance/document-metadata-fields-in-advanced-ediscovery?view=o365-21vianet) | modified |
+| 3/18/2022 | [Apply a sensitivity label to a model in Microsoft SharePoint Syntex](/microsoft-365/contentunderstanding/apply-a-sensitivity-label-to-a-model) | modified |
+| 3/18/2022 | [Fix issues found by the readiness assessment tool](/microsoft-365/managed-desktop/get-ready/readiness-assessment-fix?view=o365-21vianet) | modified |
+| 3/18/2022 | [Microsoft Edge](/microsoft-365/managed-desktop/get-started/edge-browser-app?view=o365-21vianet) | modified |
+| 3/18/2022 | [Address false positives/negatives in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/defender-endpoint-false-positives-negatives?view=o365-21vianet) | modified |
+| 3/18/2022 | [Microsoft Defender for Endpoint for US Government customers](/microsoft-365/security/defender-endpoint/gov?view=o365-21vianet) | modified |
+| 3/18/2022 | [Configure Microsoft Defender for Endpoint on iOS features](/microsoft-365/security/defender-endpoint/ios-configure-features?view=o365-21vianet) | modified |
+| 3/18/2022 | [Anti-spam message headers](/microsoft-365/security/office-365-security/anti-spam-message-headers?view=o365-21vianet) | modified |
+| 3/18/2022 | [Create custom payloads for Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-payloads?view=o365-21vianet) | modified |
+| 3/18/2022 | [Simulation automations for Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-simulation-automations?view=o365-21vianet) | modified |
+| 3/18/2022 | [Bulk complaint level values](/microsoft-365/security/office-365-security/bulk-complaint-level-values?view=o365-21vianet) | modified |
+| 3/18/2022 | [Campaign Views in Microsoft Defender for Office 365 Plan](/microsoft-365/security/office-365-security/campaigns?view=o365-21vianet) | modified |
+| 3/18/2022 | [Configure spam filter policies](/microsoft-365/security/office-365-security/configure-your-spam-filter-policies?view=o365-21vianet) | modified |
+| 3/18/2022 | [Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/defender-for-office-365?view=o365-21vianet) | modified |
+| 3/18/2022 | [Exchange Online Protection (EOP) overview](/microsoft-365/security/office-365-security/exchange-online-protection-overview?view=o365-21vianet) | modified |
+| 3/18/2022 | [Help and support for EOP](/microsoft-365/security/office-365-security/help-and-support-for-eop?view=o365-21vianet) | modified |
+| 3/18/2022 | [Order and precedence of email protection](/microsoft-365/security/office-365-security/how-policies-and-protections-are-combined?view=o365-21vianet) | modified |
+| 3/18/2022 | [Investigate malicious email that was delivered in Microsoft 365, Find and investigate malicious email](/microsoft-365/security/office-365-security/investigate-malicious-email-that-was-delivered?view=o365-21vianet) | modified |
+| 3/18/2022 | [Migrate from a third-party protection service to Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/migrate-to-defender-for-office-365?view=o365-21vianet) | modified |
+| 3/18/2022 | [Quarantined email messages](/microsoft-365/security/office-365-security/quarantine-email-messages?view=o365-21vianet) | modified |
+| 3/18/2022 | [Quarantine policies](/microsoft-365/security/office-365-security/quarantine-policies?view=o365-21vianet) | modified |
+| 3/18/2022 | [Safe Attachments](/microsoft-365/security/office-365-security/safe-attachments?view=o365-21vianet) | modified |
+| 3/18/2022 | [Microsoft 365 security roadmap - Top priorities](/microsoft-365/security/office-365-security/security-roadmap?view=o365-21vianet) | modified |
+| 3/18/2022 | [Sending mail to Microsoft 365](/microsoft-365/security/office-365-security/sending-mail-to-office-365?view=o365-21vianet) | modified |
+| 3/18/2022 | [Services for non-customers sending mail to Microsoft 365](/microsoft-365/security/office-365-security/services-for-non-customers?view=o365-21vianet) | modified |
+| 3/18/2022 | [Set up SPF to help prevent spoofing](/microsoft-365/security/office-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing?view=o365-21vianet) | modified |
+| 3/18/2022 | [Spam confidence level](/microsoft-365/security/office-365-security/spam-confidence-levels?view=o365-21vianet) | modified |
+| 3/18/2022 | [Views in Threat Explorer and real-time detections](/microsoft-365/security/office-365-security/threat-explorer-views?view=o365-21vianet) | modified |
-## Week of January 03, 2022
+## Week of March 07, 2022
| Published On |Topic title | Change | |||--|
-| 1/3/2022 | [Microsoft 365 compliance documentation # < 60 chars](/microsoft-365/compliance/index?view=o365-21vianet) | modified |
-| 1/3/2022 | [Licensing for SharePoint Syntex](/microsoft-365/contentunderstanding/syntex-licensing) | modified |
-| 1/3/2022 | [Microsoft 365 guest sharing settings reference](/microsoft-365/solutions/microsoft-365-guest-settings?view=o365-21vianet) | modified |
-| 1/3/2022 | [Limit sharing in Microsoft 365](/microsoft-365/solutions/microsoft-365-limit-sharing?view=o365-21vianet) | modified |
-| 1/4/2022 | [MRS service alerts](/microsoft-365/enterprise/microsoft-365-mrs-source-delays-service-alerts?view=o365-21vianet) | added |
-| 1/4/2022 | [View or edit policies in Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-view-edit-create-policies?view=o365-21vianet) | renamed |
-| 1/4/2022 | [Train your security staff for Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-defender-train-security-staff?view=o365-21vianet) | added |
-| 1/4/2022 | [Learn about the default labels and policies for Microsoft Information Protection](/microsoft-365/compliance/mip-easy-trials?view=o365-21vianet) | modified |
-| 1/4/2022 | [Learn about sensitivity labels](/microsoft-365/compliance/sensitivity-labels?view=o365-21vianet) | modified |
-| 1/4/2022 | [How to configure Exchange Server on-premises to use Hybrid Modern Authentication](/microsoft-365/enterprise/configure-exchange-server-for-hybrid-modern-authentication?view=o365-21vianet) | modified |
-| 1/4/2022 | [Exchange Online monitoring for Microsoft 365](/microsoft-365/enterprise/microsoft-365-exchange-monitoring?view=o365-21vianet) | modified |
-| 1/4/2022 | [Microsoft 365 Lighthouse Users page overview](/microsoft-365/lighthouse/m365-lighthouse-users-page-overview?view=o365-21vianet) | modified |
-| 1/4/2022 | [Microsoft Defender for Business](/microsoft-365/security/defender-business/index?view=o365-21vianet) | modified |
-| 1/4/2022 | Create a new policy in Microsoft Defender for Business | removed |
-| 1/4/2022 | [Attack surface reduction frequently asked questions (FAQ)](/microsoft-365/security/defender-endpoint/attack-surface-reduction-faq?view=o365-21vianet) | modified |
-| 1/4/2022 | [ASR rules deployment phase 2 - test](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-phase-2?view=o365-21vianet) | modified |
-| 1/4/2022 | [ASR rules deployment phase 3 - implement](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-phase-3?view=o365-21vianet) | modified |
-| 1/4/2022 | [Use attack surface reduction rules to prevent malware infection](/microsoft-365/security/defender-endpoint/attack-surface-reduction?view=o365-21vianet) | modified |
-| 1/4/2022 | [Onboard Windows devices to Microsoft Defender for Endpoint via Group Policy](/microsoft-365/security/defender-endpoint/configure-endpoints-gp?view=o365-21vianet) | modified |
-| 1/4/2022 | [Onboarding tools and methods for Windows devices](/microsoft-365/security/defender-endpoint/configure-endpoints?view=o365-21vianet) | modified |
-| 1/4/2022 | [Configure device proxy and Internet connection settings](/microsoft-365/security/defender-endpoint/configure-proxy-internet?view=o365-21vianet) | modified |
-| 1/4/2022 | [Onboard Windows servers to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-21vianet) | modified |
-| 1/4/2022 | [Protect important folders from ransomware from encrypting your files with controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders?view=o365-21vianet) | modified |
-| 1/4/2022 | Customize attack surface reduction rules | removed |
-| 1/4/2022 | [Compare Microsoft Defender for Endpoint Plan 1 to Plan 2](/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2?view=o365-21vianet) | modified |
-| 1/4/2022 | [Overview of Microsoft Defender for Endpoint Plan 1](/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1?view=o365-21vianet) | modified |
-| 1/4/2022 | Evaluate attack surface reduction rules | removed |
-| 1/4/2022 | [Apply mitigations to help prevent attacks through vulnerabilities](/microsoft-365/security/defender-endpoint/exploit-protection?view=o365-21vianet) | modified |
-| 1/4/2022 | [App-based deployment for Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-install?view=o365-21vianet) | modified |
-| 1/4/2022 | [What's new in Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-whatsnew?view=o365-21vianet) | modified |
-| 1/4/2022 | [Manage Microsoft Defender for Endpoint Plan 1](/microsoft-365/security/defender-endpoint/mde-p1-maintenance-operations?view=o365-21vianet) | modified |
-| 1/4/2022 | [Set up and configure Microsoft Defender for Endpoint Plan 1](/microsoft-365/security/defender-endpoint/mde-p1-setup-configuration?view=o365-21vianet) | modified |
-| 1/4/2022 | [Get started with Microsoft Defender for Endpoint Plan 1](/microsoft-365/security/defender-endpoint/mde-plan1-getting-started?view=o365-21vianet) | modified |
-| 1/4/2022 | [Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-ios?view=o365-21vianet) | modified |
-| 1/4/2022 | [Microsoft Defender for Endpoint - Mobile Threat Defense](/microsoft-365/security/defender-endpoint/mtd?view=o365-21vianet) | modified |
-| 1/4/2022 | [Use network protection to help prevent connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection?view=o365-21vianet) | modified |
-| 1/4/2022 | [Troubleshoot problems with attack surface reduction rules](/microsoft-365/security/defender-endpoint/troubleshoot-asr?view=o365-21vianet) | modified |
-| 1/4/2022 | [Vulnerabilities in my organization - threat and vulnerability management](/microsoft-365/security/defender-endpoint/tvm-weaknesses?view=o365-21vianet) | modified |
-| 1/4/2022 | [Configure Microsoft Defender Antivirus with Group Policy](/microsoft-365/security/defender-endpoint/use-group-policy-microsoft-defender-antivirus?view=o365-21vianet) | modified |
-| 1/4/2022 | [What's new in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-endpoint?view=o365-21vianet) | modified |
-| 1/4/2022 | [Quarantine policies](/microsoft-365/security/office-365-security/quarantine-policies?view=o365-21vianet) | modified |
-| 1/4/2022 | [Microsoft recommendations for EOP and Defender for Office 365 security settings](/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365?view=o365-21vianet) | modified |
-| 1/4/2022 | [Complete Safe Links overview for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/safe-links?view=o365-21vianet) | modified |
-| 1/4/2022 | [View email security reports](/microsoft-365/security/office-365-security/view-email-security-reports?view=o365-21vianet) | modified |
-| 1/4/2022 | [View mail flow reports in the Reports dashboard](/microsoft-365/security/office-365-security/view-mail-flow-reports?view=o365-21vianet) | modified |
-| 1/4/2022 | [Manage who can create Microsoft 365 Groups](/microsoft-365/solutions/manage-creation-of-groups?view=o365-21vianet) | modified |
-| 1/4/2022 | [Use Microsoft OneDrive Learning Tools Interoperability](/microsoft-365/lti/onedrive-lti?view=o365-21vianet) | modified |
-| 1/4/2022 | [DeviceInfo table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-deviceinfo-table?view=o365-21vianet) | modified |
-| 1/4/2022 | [View your bill or invoice](/microsoft-365/commerce/billing-and-payments/view-your-bill-or-invoice?view=o365-21vianet) | modified |
-| 1/4/2022 | [Device management roadmap for Microsoft 365](/microsoft-365/enterprise/device-management-roadmap-microsoft-365?view=o365-21vianet) | modified |
-| 1/4/2022 | [Windows security updates report](/microsoft-365/managed-desktop/working-with-managed-desktop/security-updates-report?view=o365-21vianet) | modified |
-| 1/4/2022 | [Step 4. Deploy endpoint management for your devices, PCs, and other endpoints](/microsoft-365/solutions/empower-people-to-work-remotely-manage-endpoints?view=o365-21vianet) | modified |
-| 1/5/2022 | [Capabilities of Basic Mobility and Security](/microsoft-365/admin/basic-mobility-security/capabilities?view=o365-21vianet) | modified |
-| 1/5/2022 | [Learn about Microsoft 365 Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-learn-about?view=o365-21vianet) | modified |
-| 1/5/2022 | [Get started with insider risk management](/microsoft-365/compliance/insider-risk-management-configure?view=o365-21vianet) | modified |
-| 1/5/2022 | [Insider risk management in Microsoft 365](/microsoft-365/compliance/insider-risk-management-solution-overview?view=o365-21vianet) | modified |
-| 1/5/2022 | [Microsoft 365 Lighthouse and Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-lighthouse-integration?view=o365-21vianet) | modified |
-| 1/5/2022 | [DeviceInfo table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-deviceinfo-table?view=o365-21vianet) | modified |
-| 1/5/2022 | [About the Microsoft Defender for Office 365 trial](/microsoft-365/security/office-365-security/about-defender-for-office-365-trial?view=o365-21vianet) | modified |
-| 1/5/2022 | [Simulation automations for Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-simulation-automations?view=o365-21vianet) | modified |
-| 1/5/2022 | [Simulate a phishing attack with Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/attack-simulation-training?view=o365-21vianet) | modified |
-| 1/5/2022 | [Configure anti-malware policies](/microsoft-365/security/office-365-security/configure-anti-malware-policies?view=o365-21vianet) | modified |
-| 1/5/2022 | [Configure the default connection filter policy](/microsoft-365/security/office-365-security/configure-the-connection-filter-policy?view=o365-21vianet) | modified |
-| 1/5/2022 | [Configure outbound spam filtering](/microsoft-365/security/office-365-security/configure-the-outbound-spam-policy?view=o365-21vianet) | modified |
-| 1/5/2022 | [Configure spam filter policies](/microsoft-365/security/office-365-security/configure-your-spam-filter-policies?view=o365-21vianet) | modified |
-| 1/5/2022 | [Create blocked sender lists](/microsoft-365/security/office-365-security/create-block-sender-lists-in-office-365?view=o365-21vianet) | modified |
-| 1/5/2022 | [Email authentication in Microsoft 365](/microsoft-365/security/office-365-security/email-validation-and-authentication?view=o365-21vianet) | modified |
-| 1/5/2022 | [Common Zero Trust identity and device access policies - Microsoft 365 for enterprise \| Microsoft Docs](/microsoft-365/security/office-365-security/identity-access-policies?view=o365-21vianet) | modified |
-| 1/5/2022 | [New domains being forwarded email insight](/microsoft-365/security/office-365-security/mfi-new-domains-being-forwarded-email?view=o365-21vianet) | modified |
-| 1/5/2022 | [Step-by-step threat protection stack in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/protection-stack-microsoft-defender-for-office365?view=o365-21vianet) | modified |
-| 1/5/2022 | [Quarantined messages FAQ](/microsoft-365/security/office-365-security/quarantine-faq?view=o365-21vianet) | modified |
-| 1/5/2022 | [Microsoft recommendations for EOP and Defender for Office 365 security settings](/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365?view=o365-21vianet) | modified |
-| 1/5/2022 | [Complete Safe Links overview for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/safe-links?view=o365-21vianet) | modified |
-| 1/5/2022 | [Secure email recommended policies - Microsoft 365 for enterprise \| Microsoft Docs](/microsoft-365/security/office-365-security/secure-email-recommended-policies?view=o365-21vianet) | modified |
-| 1/5/2022 | [Anti-phishing policies](/microsoft-365/security/office-365-security/set-up-anti-phishing-policies?view=o365-21vianet) | modified |
-| 1/5/2022 | [User reported message settings](/microsoft-365/security/office-365-security/user-submission?view=o365-21vianet) | modified |
-| 1/5/2022 | [View email security reports](/microsoft-365/security/office-365-security/view-email-security-reports?view=o365-21vianet) | modified |
-| 1/5/2022 | [Zero-hour auto purge in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/zero-hour-auto-purge?view=o365-21vianet) | modified |
-| 1/5/2022 | [Microsoft 365 Reports in the admin center - OneDrive for Business usage](/microsoft-365/admin/activity-reports/onedrive-for-business-usage-ww?view=o365-21vianet) | modified |
-| 1/5/2022 | [Set an individual user's password to never expire](/microsoft-365/admin/add-users/set-password-to-never-expire?view=o365-21vianet) | modified |
-| 1/5/2022 | [Manage add-ins in the admin center](/microsoft-365/admin/manage/manage-addins-in-the-admin-center?view=o365-21vianet) | modified |
-| 1/5/2022 | [Message center](/microsoft-365/admin/manage/message-center?view=o365-21vianet) | modified |
-| 1/5/2022 | [Add staff to Bookings](/microsoft-365/bookings/add-staff?view=o365-21vianet) | modified |
-| 1/5/2022 | [Flowchart to determine when an item will be retained or permanently deleted](/microsoft-365/compliance/retention-flowchart?view=o365-21vianet) | modified |
-| 1/5/2022 | [Learn about retention for Teams](/microsoft-365/compliance/retention-policies-teams?view=o365-21vianet) | modified |
-| 1/5/2022 | [Learn about retention for Yammer](/microsoft-365/compliance/retention-policies-yammer?view=o365-21vianet) | modified |
-| 1/5/2022 | [Search the audit log in the Microsoft 365 compliance center](/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-21vianet) | modified |
-| 1/5/2022 | [What's new in Microsoft 365 compliance](/microsoft-365/compliance/whats-new?view=o365-21vianet) | modified |
-| 1/5/2022 | [Cross-tenant mailbox migration](/microsoft-365/enterprise/cross-tenant-mailbox-migration?view=o365-21vianet) | modified |
-| 1/6/2022 | [Download documents from a review set](/microsoft-365/compliance/download-documents-from-review-set?view=o365-21vianet) | modified |
-| 1/6/2022 | [Use Advanced Audit to investigate compromised accounts](/microsoft-365/compliance/mailitemsaccessed-forensics-investigations?view=o365-21vianet) | modified |
-| 1/6/2022 | [Work with communications in Advanced eDiscovery](/microsoft-365/compliance/managing-custodian-communications?view=o365-21vianet) | modified |
-| 1/6/2022 | [Get help and support for Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-get-help?view=o365-21vianet) | modified |
-| 1/6/2022 | [Get started using Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-get-started?view=o365-21vianet) | modified |
-| 1/6/2022 | [Manage devices in Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-manage-devices?view=o365-21vianet) | modified |
-| 1/6/2022 | [Overview of Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-overview?view=o365-21vianet) | modified |
-| 1/6/2022 | [Reports in Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-reports?view=o365-21vianet) | modified |
-| 1/6/2022 | [Respond to and mitigate threats in Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-respond-mitigate-threats?view=o365-21vianet) | modified |
-| 1/6/2022 | [Review remediation actions in Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-review-remediation-actions?view=o365-21vianet) | modified |
-| 1/6/2022 | [Assign roles and permissions in Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-roles-permissions?view=o365-21vianet) | modified |
-| 1/6/2022 | [Set up and configure Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-setup-configuration?view=o365-21vianet) | modified |
-| 1/6/2022 | [The simplified configuration process in Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-simplified-configuration?view=o365-21vianet) | modified |
-| 1/6/2022 | [Tutorials and simulations in Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-tutorials?view=o365-21vianet) | modified |
-| 1/6/2022 | [View or edit policies in Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-view-edit-create-policies?view=o365-21vianet) | modified |
-| 1/6/2022 | [View and manage incidents in Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-view-manage-incidents?view=o365-21vianet) | modified |
-| 1/6/2022 | [Onboard Windows devices to Microsoft Defender for Endpoint via Group Policy](/microsoft-365/security/defender-endpoint/configure-endpoints-gp?view=o365-21vianet) | modified |
-| 1/6/2022 | [Onboard Windows devices using a local script](/microsoft-365/security/defender-endpoint/configure-endpoints-script?view=o365-21vianet) | modified |
-| 1/6/2022 | [Onboard Windows servers to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-21vianet) | modified |
-| 1/6/2022 | [Enable SIEM integration in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/enable-siem-integration?view=o365-21vianet) | modified |
-| 1/6/2022 | [Create indicators for IPs and URLs/domains](/microsoft-365/security/defender-endpoint/indicator-ip-domain?view=o365-21vianet) | modified |
-| 1/6/2022 | [Manage indicators](/microsoft-365/security/defender-endpoint/indicator-manage?view=o365-21vianet) | modified |
-| 1/6/2022 | [Deploy Microsoft Defender for Endpoint on Linux with Ansible](/microsoft-365/security/defender-endpoint/linux-install-with-ansible?view=o365-21vianet) | modified |
-| 1/6/2022 | [Investigate entities on devices using live response in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/live-response?view=o365-21vianet) | modified |
-| 1/6/2022 | [Set up the Microsoft Defender for Endpoint on macOS policies in Jamf Pro](/microsoft-365/security/defender-endpoint/mac-jamfpro-policies?view=o365-21vianet) | modified |
-| 1/6/2022 | [Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-linux?view=o365-21vianet) | modified |
-| 1/6/2022 | [Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-mac?view=o365-21vianet) | modified |
-| 1/6/2022 | [Minimum requirements for Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/minimum-requirements?view=o365-21vianet) | modified |
-| 1/6/2022 | [Troubleshoot onboarding issues related to Security Management for Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/troubleshoot-security-config-mgt?view=o365-21vianet) | modified |
-| 1/6/2022 | [Microsoft 365 Defender prerequisites](/microsoft-365/security/defender/prerequisites?view=o365-21vianet) | modified |
-| 1/6/2022 | [Address compromised user accounts with automated investigation and response](/microsoft-365/security/office-365-security/address-compromised-users-quickly?view=o365-21vianet) | modified |
-| 1/6/2022 | [Admin review for reported messages](/microsoft-365/security/office-365-security/admin-review-reported-message?view=o365-21vianet) | modified |
-| 1/6/2022 | [Manage submissions](/microsoft-365/security/office-365-security/admin-submission?view=o365-21vianet) | modified |
-| 1/6/2022 | [How to report false positives or false negatives following automated investigation in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/air-report-false-positives-negatives?view=o365-21vianet) | modified |
-| 1/6/2022 | [Review and manage remediation actions in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/air-review-approve-pending-completed-actions?view=o365-21vianet) | modified |
-| 1/6/2022 | [Alerts in the Microsoft 365 Defender portal](/microsoft-365/security/office-365-security/alerts?view=o365-21vianet) | modified |
-| 1/6/2022 | [Get started using Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-get-started?view=o365-21vianet) | modified |
-| 1/6/2022 | [Insights and reports Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-insights?view=o365-21vianet) | modified |
-| 1/6/2022 | [Create custom payloads for Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-payloads?view=o365-21vianet) | modified |
-| 1/6/2022 | [Simulate a phishing attack with Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/attack-simulation-training?view=o365-21vianet) | modified |
-| 1/6/2022 | [Campaign Views in Microsoft Defender for Office 365 Plan](/microsoft-365/security/office-365-security/campaigns?view=o365-21vianet) | modified |
-| 1/6/2022 | [Configuration analyzer for security policies](/microsoft-365/security/office-365-security/configuration-analyzer-for-security-policies?view=o365-21vianet) | modified |
-| 1/6/2022 | [Configure the delivery of third-party phishing simulations to users and unfiltered messages to SecOps mailboxes](/microsoft-365/security/office-365-security/configure-advanced-delivery?view=o365-21vianet) | modified |
-| 1/6/2022 | [Configure anti-malware policies](/microsoft-365/security/office-365-security/configure-anti-malware-policies?view=o365-21vianet) | modified |
-| 1/6/2022 | [Configure anti-phishing policies in EOP](/microsoft-365/security/office-365-security/configure-anti-phishing-policies-eop?view=o365-21vianet) | modified |
-| 1/6/2022 | [Configure global settings for Safe Links settings in Defender for Office 365](/microsoft-365/security/office-365-security/configure-global-settings-for-safe-links?view=o365-21vianet) | modified |
-| 1/6/2022 | [Configure anti-phishing policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/configure-mdo-anti-phishing-policies?view=o365-21vianet) | modified |
-| 1/6/2022 | [Configure the default connection filter policy](/microsoft-365/security/office-365-security/configure-the-connection-filter-policy?view=o365-21vianet) | modified |
-| 1/6/2022 | [Configure outbound spam filtering](/microsoft-365/security/office-365-security/configure-the-outbound-spam-policy?view=o365-21vianet) | modified |
-| 1/6/2022 | [Configure spam filter policies](/microsoft-365/security/office-365-security/configure-your-spam-filter-policies?view=o365-21vianet) | modified |
-| 1/6/2022 | [Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/defender-for-office-365?view=o365-21vianet) | modified |
-| 1/6/2022 | [Detect and Remediate Illicit Consent Grants](/microsoft-365/security/office-365-security/detect-and-remediate-illicit-consent-grants?view=o365-21vianet) | modified |
-| 1/6/2022 | [Email security with Threat Explorer in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/email-security-in-microsoft-defender?view=o365-21vianet) | modified |
-| 1/6/2022 | [Find and release quarantined messages as a user](/microsoft-365/security/office-365-security/find-and-release-quarantined-messages-as-a-user?view=o365-21vianet) | modified |
-| 1/6/2022 | [Impersonation insight](/microsoft-365/security/office-365-security/impersonation-insight?view=o365-21vianet) | modified |
-| 1/6/2022 | [Use Microsoft Defender for Office 365 together with Microsoft Defender for Endpoint](/microsoft-365/security/office-365-security/integrate-office-365-ti-with-mde?view=o365-21vianet) | modified |
-| 1/6/2022 | [Investigate malicious email that was delivered in Microsoft 365, Find and investigate malicious email](/microsoft-365/security/office-365-security/investigate-malicious-email-that-was-delivered?view=o365-21vianet) | modified |
-| 1/6/2022 | [Spoof intelligence insight](/microsoft-365/security/office-365-security/learn-about-spoof-intelligence?view=o365-21vianet) | modified |
-| 1/6/2022 | [Mail flow intelligence](/microsoft-365/security/office-365-security/mail-flow-intelligence-in-office-365?view=o365-21vianet) | modified |
-| 1/6/2022 | [Manage quarantined messages and files as an admin](/microsoft-365/security/office-365-security/manage-quarantined-messages-and-files?view=o365-21vianet) | modified |
-| 1/6/2022 | [The Microsoft Defender for Office 365 email entity page](/microsoft-365/security/office-365-security/mdo-email-entity-page?view=o365-21vianet) | modified |
-| 1/6/2022 | [Message trace in the Microsoft 365 Defender portal](/microsoft-365/security/office-365-security/message-trace-scc?view=o365-21vianet) | modified |
-| 1/6/2022 | [Queues insight in the Mail flow dashboard](/microsoft-365/security/office-365-security/mfi-queue-alerts-and-queues?view=o365-21vianet) | modified |
-| 1/6/2022 | [Fix slow mail flow rules insight](/microsoft-365/security/office-365-security/mfi-slow-mail-flow-rules-insight?view=o365-21vianet) | modified |
-| 1/6/2022 | [Automated investigation and response in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/office-365-air?view=o365-21vianet) | modified |
-| 1/6/2022 | [Evaluate Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/office-365-evaluation?view=o365-21vianet) | modified |
-| 1/6/2022 | [Threat investigation & response capabilities - Microsoft Defender for Office 365 Plan 2](/microsoft-365/security/office-365-security/office-365-ti?view=o365-21vianet) | modified |
-| 1/6/2022 | [Permissions - Security & Compliance Center](/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center?view=o365-21vianet) | modified |
-| 1/6/2022 | [Permissions in the Microsoft 365 Defender portal](/microsoft-365/security/office-365-security/permissions-microsoft-365-security-center?view=o365-21vianet) | modified |
-| 1/6/2022 | [Preset security policies](/microsoft-365/security/office-365-security/preset-security-policies?view=o365-21vianet) | modified |
-| 1/6/2022 | [Threat Explorer and Real-time detections basics in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/real-time-detections?view=o365-21vianet) | modified |
-| 1/6/2022 | [Remove blocked users from the Restricted users portal](/microsoft-365/security/office-365-security/removing-user-from-restricted-users-portal-after-spam?view=o365-21vianet) | modified |
-| 1/6/2022 | [Responding to a Compromised Email Account](/microsoft-365/security/office-365-security/responding-to-a-compromised-email-account?view=o365-21vianet) | modified |
-| 1/6/2022 | [Safe Documents in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/safe-docs?view=o365-21vianet) | modified |
-| 1/6/2022 | [Security recommendations for priority accounts in Microsoft 365, priority accounts, priority accounts in Office 365, priority accounts in Microsoft 365](/microsoft-365/security/office-365-security/security-recommendations-for-priority-accounts?view=o365-21vianet) | modified |
-| 1/6/2022 | [Set up Safe Attachments policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/set-up-safe-attachments-policies?view=o365-21vianet) | modified |
-| 1/6/2022 | [Set up Safe Links policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/set-up-safe-links-policies?view=o365-21vianet) | modified |
-| 1/6/2022 | [Manage your allows and blocks in the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list?view=o365-21vianet) | modified |
-| 1/6/2022 | [Threat Explorer and Real-time detections](/microsoft-365/security/office-365-security/threat-explorer?view=o365-21vianet) | modified |
-| 1/6/2022 | [Threat hunting in Threat Explorer for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/threat-hunting-in-threat-explorer?view=o365-21vianet) | modified |
-| 1/6/2022 | [Threat Trackers - New and Noteworthy](/microsoft-365/security/office-365-security/threat-trackers?view=o365-21vianet) | modified |
-| 1/6/2022 | [Microsoft Defender for Office 365 trial playbook](/microsoft-365/security/office-365-security/trial-playbook-defender-for-office-365?view=o365-21vianet) | modified |
-| 1/6/2022 | [Turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](/microsoft-365/security/office-365-security/turn-on-mdo-for-spo-odb-and-teams?view=o365-21vianet) | modified |
-| 1/6/2022 | [How to use DKIM for email in your custom domain](/microsoft-365/security/office-365-security/use-dkim-to-validate-outbound-email?view=o365-21vianet) | modified |
-| 1/6/2022 | [Use Azure Privileged Identity Management (PIM) in Microsoft Defender for Office 365 to limit admin access to cyber security tools.](/microsoft-365/security/office-365-security/use-privileged-identity-management-in-defender-for-office-365?view=o365-21vianet) | modified |
-| 1/6/2022 | [User reported message settings](/microsoft-365/security/office-365-security/user-submission?view=o365-21vianet) | modified |
-| 1/6/2022 | [User tags in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/user-tags?view=o365-21vianet) | modified |
-| 1/6/2022 | [View email security reports](/microsoft-365/security/office-365-security/view-email-security-reports?view=o365-21vianet) | modified |
-| 1/6/2022 | [View mail flow reports in the Reports dashboard](/microsoft-365/security/office-365-security/view-mail-flow-reports?view=o365-21vianet) | modified |
-| 1/6/2022 | [View Defender for Office 365 reports](/microsoft-365/security/office-365-security/view-reports-for-mdo?view=o365-21vianet) | modified |
-| 1/6/2022 | [Manage spoofed senders using the spoof intelligence policy and spoof intelligence insight](/microsoft-365/security/office-365-security/walkthrough-spoof-intelligence-insight?view=o365-21vianet) | modified |
-| 1/6/2022 | [Overview of importing your organization's PST files](/microsoft-365/compliance/importing-pst-files-to-office-365?view=o365-21vianet) | modified |
-| 1/6/2022 | [Learn about retention for Yammer](/microsoft-365/compliance/retention-policies-yammer?view=o365-21vianet) | modified |
-| 1/6/2022 | [Explanation types in Microsoft SharePoint Syntex](/microsoft-365/contentunderstanding/explanation-types-overview) | modified |
-| 1/6/2022 | Batch apply model | removed |
-| 1/6/2022 | BatchDelete | removed |
-| 1/6/2022 | Create file classification request | removed |
-| 1/6/2022 | Create folder classification request | removed |
-| 1/6/2022 | Create model | removed |
-| 1/6/2022 | GetByTitle | removed |
-| 1/6/2022 | GetByUniqueId | removed |
-| 1/6/2022 | Get model and library info | removed |
-| 1/6/2022 | UpdateModelSettings | removed |
-| 1/6/2022 | SharePoint Syntex document understanding model REST API | removed |
-| 1/6/2022 | [Data move general FAQ](/microsoft-365/enterprise/data-move-faq?view=o365-21vianet) | modified |
-| 1/6/2022 | [Manage Microsoft Defender Antivirus updates and apply baselines](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-21vianet) | modified |
-| 1/6/2022 | [Microsoft Defender Antivirus compatibility with other security products](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility?view=o365-21vianet) | modified |
-| 1/7/2022 | [Microsoft 365 alert policies](/microsoft-365/compliance/alert-policies?view=o365-21vianet) | modified |
-| 1/7/2022 | [How to retrain a classifier in content explorer](/microsoft-365/compliance/classifier-how-to-retrain-content-explorer?view=o365-21vianet) | modified |
-| 1/7/2022 | [Learn about trainable classifiers](/microsoft-365/compliance/classifier-learn-about?view=o365-21vianet) | modified |
-| 1/7/2022 | [DLP policy conditions, exceptions, and actions](/microsoft-365/compliance/dlp-conditions-and-exceptions?view=o365-21vianet) | modified |
-| 1/7/2022 | [Insider risk management settings](/microsoft-365/compliance/insider-risk-management-settings?view=o365-21vianet) | modified |
-| 1/7/2022 | [Onboard Windows servers to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-21vianet) | modified |
-| 1/7/2022 | [Become a Microsoft Defender for Endpoint partner](/microsoft-365/security/defender-endpoint/get-started-partner-integration?view=o365-21vianet) | modified |
-| 1/7/2022 | Get user information API | removed |
-| 1/7/2022 | [Microsoft Defender Antivirus on Windows Server](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-on-windows-server?view=o365-21vianet) | modified |
-| 1/7/2022 | [Minimum requirements for Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/minimum-requirements?view=o365-21vianet) | modified |
-| 1/7/2022 | [Server migration scenarios for the new version of Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/server-migration?view=o365-21vianet) | modified |
-| 1/7/2022 | [Switch to Microsoft Defender for Endpoint - Setup](/microsoft-365/security/defender-endpoint/switch-to-mde-phase-2?view=o365-21vianet) | modified |
-| 1/7/2022 | [Microsoft Defender Antivirus event IDs and error codes](/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus?view=o365-21vianet) | modified |
-| 1/7/2022 | [Track your Microsoft Secure Score history and meet goals](/microsoft-365/security/defender/microsoft-secure-score-history-metrics-trends?view=o365-21vianet) | modified |
-| 1/7/2022 | [Microsoft 365 productivity illustrations](/microsoft-365/solutions/productivity-illustrations?view=o365-21vianet) | modified |
-| 1/7/2022 | [Determine if Centralized Deployment of add-ins works for your organization](/microsoft-365/admin/manage/centralized-deployment-of-add-ins?view=o365-21vianet) | modified |
-| 1/7/2022 | [Advanced Audit in Microsoft 365](/microsoft-365/compliance/advanced-audit?view=o365-21vianet) | modified |
-| 1/7/2022 | [Set up historical versions in Advanced eDiscovery](/microsoft-365/compliance/advanced-ediscovery-historical-versions?view=o365-21vianet) | modified |
-| 1/7/2022 | [Assign eDiscovery permissions in the Microsoft 365 compliance center](/microsoft-365/compliance/assign-ediscovery-permissions?view=o365-21vianet) | modified |
-| 1/7/2022 | [Set up attorney-client privilege detection in Advanced eDiscovery](/microsoft-365/compliance/attorney-privilege-detection?view=o365-21vianet) | modified |
-| 1/7/2022 | [Review conversations in Advanced eDiscovery](/microsoft-365/compliance/conversation-review-sets?view=o365-21vianet) | modified |
-| 1/7/2022 | [Create a Litigation hold](/microsoft-365/compliance/create-a-litigation-hold?view=o365-21vianet) | modified |
-| 1/7/2022 | [De-duplication in eDiscovery search results](/microsoft-365/compliance/de-duplication-in-ediscovery-search-results?view=o365-21vianet) | modified |
-| 1/7/2022 | [Detailed properties in the audit log](/microsoft-365/compliance/detailed-properties-in-the-office-365-audit-log?view=o365-21vianet) | modified |
-| 1/7/2022 | [Differences between estimated and actual eDiscovery search results](/microsoft-365/compliance/differences-between-estimated-and-actual-ediscovery-search-results?view=o365-21vianet) | modified |
-| 1/7/2022 | [Document metadata fields in Advanced eDiscovery](/microsoft-365/compliance/document-metadata-fields-in-advanced-ediscovery?view=o365-21vianet) | modified |
-| 1/7/2022 | [CJK/Double Byte support for Advanced eDiscovery](/microsoft-365/compliance/ediscovery-cjk-support?view=o365-21vianet) | modified |
-| 1/7/2022 | [Decryption in eDiscovery](/microsoft-365/compliance/ediscovery-decryption?view=o365-21vianet) | modified |
-| 1/7/2022 | [Collect eDiscovery diagnostic information](/microsoft-365/compliance/ediscovery-diagnostic-info?view=o365-21vianet) | modified |
-| 1/7/2022 | [Investigating partially indexed items in eDiscovery](/microsoft-365/compliance/investigating-partially-indexed-items-in-ediscovery?view=o365-21vianet) | modified |
-| 1/7/2022 | [Limits in core eDiscovery case](/microsoft-365/compliance/limits-core-ediscovery?view=o365-21vianet) | modified |
-| 1/7/2022 | [Limits for Content search and Core eDiscovery in the compliance center](/microsoft-365/compliance/limits-for-content-search?view=o365-21vianet) | modified |
-| 1/7/2022 | [Manage jobs in Advanced eDiscovery](/microsoft-365/compliance/managing-jobs-ediscovery20?view=o365-21vianet) | modified |
-| 1/7/2022 | [Partially indexed items in Content Search and other eDiscovery tools](/microsoft-365/compliance/partially-indexed-items-in-content-search?view=o365-21vianet) | modified |
-| 1/7/2022 | [Configure permissions filtering for eDiscovery](/microsoft-365/compliance/permissions-filtering-for-content-search?view=o365-21vianet) | modified |
-| 1/7/2022 | [Preserve Bcc and expanded distribution group recipients for eDiscovery](/microsoft-365/compliance/preserve-bcc-and-expanded-distribution-group-recipients-for-ediscovery?view=o365-21vianet) | modified |
-| 1/7/2022 | [Search for Teams chat data for on-premises users](/microsoft-365/compliance/search-cloud-based-mailboxes-for-on-premises-users?view=o365-21vianet) | modified |
-| 1/7/2022 | [Search for content](/microsoft-365/compliance/search-for-content?view=o365-21vianet) | modified |
-| 1/7/2022 | [Search for eDiscovery activities in the audit log](/microsoft-365/compliance/search-for-ediscovery-activities-in-the-audit-log?view=o365-21vianet) | modified |
-| 1/7/2022 | [Search statistics in Advance eDiscovery](/microsoft-365/compliance/search-statistics-in-advanced-ediscovery?view=o365-21vianet) | modified |
-| 1/7/2022 | [Supported file types in Advanced eDiscovery](/microsoft-365/compliance/supported-filetypes-ediscovery20?view=o365-21vianet) | modified |
-| 1/7/2022 | [View documents in a review set in Advanced eDiscovery](/microsoft-365/compliance/view-documents-in-review-set?view=o365-21vianet) | modified |
-| 1/7/2022 | [View statistics for eDiscovery search results](/microsoft-365/compliance/view-keyword-statistics-for-content-search?view=o365-21vianet) | modified |
-| 1/7/2022 | [Access the Admin portal](/microsoft-365/managed-desktop/get-started/access-admin-portal?view=o365-21vianet) | modified |
-| 1/7/2022 | [Microsoft 365 Zero Trust deployment plan](/microsoft-365/security/microsoft-365-zero-trust?view=o365-21vianet) | modified |
-| 1/7/2022 | [Email security with Threat Explorer in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/email-security-in-microsoft-defender?view=o365-21vianet) | modified |
-| 1/7/2022 | [The Microsoft Defender for Office 365 email entity page](/microsoft-365/security/office-365-security/mdo-email-entity-page?view=o365-21vianet) | modified |
-| 1/7/2022 | [Threat Explorer and Real-time detections basics in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/real-time-detections?view=o365-21vianet) | modified |
-| 1/7/2022 | [Threat hunting in Threat Explorer for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/threat-hunting-in-threat-explorer?view=o365-21vianet) | modified |
-| 1/7/2022 | [Step 1. Implement App Protection Policies](/microsoft-365/solutions/manage-devices-with-intune-app-protection?view=o365-21vianet) | modified |
-| 1/7/2022 | [Step 3. Set up compliance policies for devices with Intune](/microsoft-365/solutions/manage-devices-with-intune-compliance-policies?view=o365-21vianet) | modified |
-| 1/7/2022 | [Step 5. Deploy device profiles in Microsoft Intune](/microsoft-365/solutions/manage-devices-with-intune-configuration-profiles?view=o365-21vianet) | modified |
-| 1/7/2022 | [Step 7. Implement data loss prevention (DLP) with information protection capabilities](/microsoft-365/solutions/manage-devices-with-intune-dlp-mip?view=o365-21vianet) | modified |
-| 1/7/2022 | [Step 2. Enroll devices into management with Intune](/microsoft-365/solutions/manage-devices-with-intune-enroll?view=o365-21vianet) | modified |
-| 1/7/2022 | [Step 6. Monitor device risk and compliance to security baselines](/microsoft-365/solutions/manage-devices-with-intune-monitor-risk?view=o365-21vianet) | modified |
-| 1/7/2022 | [Manage devices with Intune](/microsoft-365/solutions/manage-devices-with-intune-overview?view=o365-21vianet) | modified |
-| 1/7/2022 | [Step 4. Require healthy and compliant devices with Intune](/microsoft-365/solutions/manage-devices-with-intune-require-compliance?view=o365-21vianet) | modified |
--
-## Week of December 20, 2021
--
-| Published On |Topic title | Change |
-|||--|
-| 12/20/2021 | [Increase threat protection for Microsoft 365 for Business](/microsoft-365/admin/security-and-compliance/increase-threat-protection?view=o365-21vianet) | modified |
-| 12/20/2021 | [Top 10 ways to secure Microsoft 365 for business plans](/microsoft-365/admin/security-and-compliance/secure-your-business-data?view=o365-21vianet) | modified |
-| 12/20/2021 | [Teams workflow in Advanced eDiscovery](/microsoft-365/compliance/teams-workflow-in-advanced-ediscovery?view=o365-21vianet) | modified |
-| 12/20/2021 | [Configure Microsoft Defender for Endpoint on Android features](/microsoft-365/security/defender-endpoint/android-configure?view=o365-21vianet) | modified |
-| 12/20/2021 | [Configure Microsoft Defender for Endpoint on iOS features](/microsoft-365/security/defender-endpoint/ios-configure-features?view=o365-21vianet) | modified |
-| 12/20/2021 | [What's new in Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-whatsnew?view=o365-21vianet) | modified |
-| 12/20/2021 | [Deploy a Microsoft Information Protection solution](/microsoft-365/compliance/information-protection-solution?view=o365-21vianet) | added |
-| 12/20/2021 | [Microsoft 365 alert policies](/microsoft-365/compliance/alert-policies?view=o365-21vianet) | modified |
-| 12/20/2021 | [Set up a connector to import Epic EHR data](/microsoft-365/compliance/import-epic-data?view=o365-21vianet) | modified |
-| 12/20/2021 | [Set up a connector to import generic healthcare audit data](/microsoft-365/compliance/import-healthcare-data?view=o365-21vianet) | modified |
-| 12/20/2021 | [Set up a connector to import HR data](/microsoft-365/compliance/import-hr-data?view=o365-21vianet) | modified |
-| 12/20/2021 | [Microsoft Information Protection in Microsoft 365](/microsoft-365/compliance/information-protection?view=o365-21vianet) | modified |
-| 12/20/2021 | [Windows and Office 365 deployment lab kit](/microsoft-365/enterprise/modern-desktop-deployment-and-management-lab?view=o365-21vianet) | modified |
-| 12/20/2021 | [An Overview to LTI Apps](/microsoft-365/lti/index?view=o365-21vianet) | modified |
-| 12/20/2021 | [Use Microsoft OneDrive Learning Tools Interoperability](/microsoft-365/lti/onedrive-lti?view=o365-21vianet) | modified |
-| 12/21/2021 | [Deploy a Microsoft Information Protection solution](/microsoft-365/compliance/information-protection-solution?view=o365-21vianet) | modified |
-| 12/21/2021 | [Set up a connector to archive Twitter data in Microsoft 365](/microsoft-365/compliance/archive-veritas-twitter-data?view=o365-21vianet) | added |
-| 12/21/2021 | [Automatically apply a sensitivity label to content in Microsoft 365](/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-21vianet) | modified |
-| 12/21/2021 | [Set up a connector to archive Twitter data](/microsoft-365/compliance/archive-twitter-data-with-sample-connector?view=o365-21vianet) | modified |
-| 12/21/2021 | [Archive third-party data](/microsoft-365/compliance/archiving-third-party-data?view=o365-21vianet) | modified |
-| 12/21/2021 | [Learn about retention for Teams](/microsoft-365/compliance/retention-policies-teams?view=o365-21vianet) | modified |
-| 12/21/2021 | [What's new in Microsoft 365 compliance](/microsoft-365/compliance/whats-new?view=o365-21vianet) | modified |
-| 12/21/2021 | [Overview of Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-overview?view=o365-21vianet) | modified |
-| 12/21/2021 | [Upload your package](/microsoft-365/test-base/uploadapplication?view=o365-21vianet) | modified |
-| 12/22/2021 | [Requirements for Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-requirements?view=o365-21vianet) | modified |
-| 12/22/2021 | [Turn on cloud protection in Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/enable-cloud-protection-microsoft-defender-antivirus?view=o365-21vianet) | modified |
-| 12/22/2021 | [Supported operating systems platforms and capabilities](/microsoft-365/security/defender-endpoint/tvm-supported-os?view=o365-21vianet) | modified |
-| 12/22/2021 | [Microsoft 365 Business Premium frequently asked questions](/microsoft-365/admin/misc/microsoft-365-business-faqs?view=o365-21vianet) | modified |
-| 12/22/2021 | Test how Microsoft Defender for Endpoint features work in audit mode | removed |
-| 12/22/2021 | Configure attack surface reduction capabilities | removed |
-| 12/22/2021 | View attack surface reduction events | removed |
-| 12/22/2021 | [Understand and use attack surface reduction](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction?view=o365-21vianet) | modified |
-| 12/23/2021 | [Understand next-generation protection configuration settings in Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-next-gen-configuration-settings?view=o365-21vianet) | modified |
-| 12/23/2021 | [Onboard devices to Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-onboard-devices?view=o365-21vianet) | modified |
-| 12/23/2021 | [What's new in Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-whatsnew?view=o365-21vianet) | modified |
-| 12/23/2021 | [Protect security settings with tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-21vianet) | modified |
--
-## Week of December 13, 2021
--
-| Published On |Topic title | Change |
-|||--|
-| 12/13/2021 | [Domains Frequently Asked Questions](/microsoft-365/admin/setup/domains-faq?view=o365-21vianet) | modified |
-| 12/13/2021 | Manage Windows 10 Pro device policies with Microsoft 365 Business Premium | removed |
-| 12/13/2021 | Set up a connector to archive StarHub mobile network data in Microsoft 365 | removed |
-| 12/13/2021 | [Archive third-party data](/microsoft-365/compliance/archiving-third-party-data?view=o365-21vianet) | modified |
-| 12/13/2021 | [Restrict access to content using sensitivity labels to apply encryption](/microsoft-365/compliance/encryption-sensitivity-labels?view=o365-21vianet) | modified |
-| 12/13/2021 | [Using Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-using?view=o365-21vianet) | modified |
-| 12/13/2021 | [Add a domain to Microsoft 365](/microsoft-365/admin/setup/add-domain?view=o365-21vianet) | modified |
-| 12/13/2021 | [De-duplication in eDiscovery search results](/microsoft-365/compliance/de-duplication-in-ediscovery-search-results?view=o365-21vianet) | modified |
-| 12/13/2021 | [Data Loss Prevention policy reference](/microsoft-365/compliance/dlp-policy-reference?view=o365-21vianet) | modified |
-| 12/13/2021 | [Learn about exact data match based sensitive information types](/microsoft-365/compliance/sit-learn-about-exact-data-match-based-sits?view=o365-21vianet) | modified |
-| 12/13/2021 | [Cross-tenant mailbox migration](/microsoft-365/enterprise/cross-tenant-mailbox-migration?view=o365-21vianet) | modified |
-| 12/13/2021 | [Enable attack surface reduction rules](/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction?view=o365-21vianet) | modified |
-| 12/13/2021 | [Get machine logon users API](/microsoft-365/security/defender-endpoint/get-machine-log-on-users?view=o365-21vianet) | modified |
-| 12/13/2021 | [Manage Microsoft Defender Antivirus updates and apply baselines](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-21vianet) | modified |
-| 12/13/2021 | [Set up a connector to import HR data](/microsoft-365/compliance/import-hr-data?view=o365-21vianet) | modified |
-| 12/13/2021 | [App-based deployment for Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-install?view=o365-21vianet) | modified |
-| 12/13/2021 | [Deploy Microsoft Defender for Endpoint on Linux manually](/microsoft-365/security/defender-endpoint/linux-install-manually?view=o365-21vianet) | modified |
-| 12/13/2021 | [Troubleshoot performance issues for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-support-perf?view=o365-21vianet) | modified |
-| 12/13/2021 | [Permissions - Security & Compliance Center](/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center?view=o365-21vianet) | modified |
-| 12/13/2021 | [Compare Microsoft Defender for Business to other Microsoft 365 plans](/microsoft-365/security/defender-business/compare-mdb-m365-plans?view=o365-21vianet) | modified |
-| 12/13/2021 | [Get Microsoft Defender for Business](/microsoft-365/security/defender-business/get-defender-business?view=o365-21vianet) | modified |
-| 12/13/2021 | [Microsoft Defender for Business](/microsoft-365/security/defender-business/index?view=o365-21vianet) | modified |
-| 12/13/2021 | [Configure your security settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-21vianet) | modified |
-| 12/13/2021 | [Device groups in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-create-edit-device-groups?view=o365-21vianet) | modified |
-| 12/13/2021 | [Create a new policy in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-create-new-policy?view=o365-21vianet) | modified |
-| 12/13/2021 | [Manage custom rules for firewall policies in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-custom-rules-firewall?view=o365-21vianet) | modified |
-| 12/13/2021 | [Set up email notifications for your security team](/microsoft-365/security/defender-business/mdb-email-notifications?view=o365-21vianet) | modified |
-| 12/13/2021 | [Microsoft Defender for Business frequently asked questions](/microsoft-365/security/defender-business/mdb-faq?view=o365-21vianet) | modified |
-| 12/13/2021 | [Firewall in Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-firewall?view=o365-21vianet) | modified |
-| 12/13/2021 | [Get help and support for Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-get-help?view=o365-21vianet) | modified |
-| 12/13/2021 | [Get started using Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-get-started?view=o365-21vianet) | modified |
-| 12/13/2021 | [Microsoft 365 Lighthouse and Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-lighthouse-integration?view=o365-21vianet) | modified |
-| 12/13/2021 | [Manage devices in Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-manage-devices?view=o365-21vianet) | modified |
-| 12/13/2021 | [Understand next-generation protection configuration settings in Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-next-gen-configuration-settings?view=o365-21vianet) | modified |
-| 12/13/2021 | [Onboard devices to Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-onboard-devices?view=o365-21vianet) | modified |
-| 12/13/2021 | [Overview of Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-overview?view=o365-21vianet) | modified |
-| 12/13/2021 | [Understand policy order in Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-policy-order?view=o365-21vianet) | modified |
-| 12/13/2021 | [Reports in Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-reports?view=o365-21vianet) | modified |
-| 12/13/2021 | [Requirements for Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-requirements?view=o365-21vianet) | modified |
-| 12/13/2021 | [Respond to and mitigate threats in Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-respond-mitigate-threats?view=o365-21vianet) | modified |
-| 12/13/2021 | [Review remediation actions in Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-review-remediation-actions?view=o365-21vianet) | modified |
-| 12/13/2021 | [Assign roles and permissions in Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-roles-permissions?view=o365-21vianet) | modified |
-| 12/13/2021 | [Set up and configure Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-setup-configuration?view=o365-21vianet) | modified |
-| 12/13/2021 | [The simplified configuration process in Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-simplified-configuration?view=o365-21vianet) | modified |
-| 12/13/2021 | [Microsoft Defender for Business (preview) troubleshooting](/microsoft-365/security/defender-business/mdb-troubleshooting?view=o365-21vianet) | modified |
-| 12/13/2021 | [Tutorials and simulations in Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-tutorials?view=o365-21vianet) | modified |
-| 12/13/2021 | [View or edit policies in Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-view-edit-policies?view=o365-21vianet) | modified |
-| 12/13/2021 | [View and manage incidents in Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-view-manage-incidents?view=o365-21vianet) | modified |
-| 12/14/2021 | [Create a custom sensitive information type using PowerShell](/microsoft-365/compliance/create-a-custom-sensitive-information-type-in-scc-powershell?view=o365-21vianet) | modified |
-| 12/14/2021 | [Email security with Threat Explorer in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/email-security-in-microsoft-defender?view=o365-21vianet) | modified |
-| 12/14/2021 | [Microsoft 365 Reports in the admin center - Microsoft 365 groups](/microsoft-365/admin/activity-reports/office-365-groups-ww?view=o365-21vianet) | modified |
-| 12/14/2021 | [Add a new employee to Microsoft 365](/microsoft-365/admin/add-users/add-new-employee?view=o365-21vianet) | modified |
-| 12/14/2021 | [Add users and assign licenses](/microsoft-365/admin/add-users/add-users?view=o365-21vianet) | modified |
-| 12/14/2021 | [Get support](/microsoft-365/admin/get-help-support?view=o365-21vianet) | modified |
-| 12/14/2021 | [Assign licenses to users](/microsoft-365/admin/manage/assign-licenses-to-users?view=o365-21vianet) | modified |
-| 12/14/2021 | [GDPR simplified A guide for your small business](/microsoft-365/admin/security-and-compliance/gdpr-compliance?view=o365-21vianet) | modified |
-| 12/14/2021 | [Increase threat protection for Microsoft 365 for Business](/microsoft-365/admin/security-and-compliance/increase-threat-protection?view=o365-21vianet) | modified |
-| 12/14/2021 | [Top 10 ways to secure Microsoft 365 for business plans](/microsoft-365/admin/security-and-compliance/secure-your-business-data?view=o365-21vianet) | modified |
-| 12/14/2021 | [Increase threat protection for Microsoft 365 Business Premium](/microsoft-365/admin/security-and-compliance/set-up-compliance?view=o365-21vianet) | modified |
-| 12/14/2021 | Create sensitivity labels | removed |
-| 12/14/2021 | Find docs and training | removed |
-| 12/14/2021 | Online meetings overview | removed |
-| 12/14/2021 | Plan an event with Microsoft Planner | removed |
-| 12/14/2021 | Manage safe attachments | removed |
-| 12/14/2021 | Prevent data loss | removed |
-| 12/14/2021 | Use Microsoft Lists to track business info | removed |
-| 12/14/2021 | [Configure and view alerts for data loss prevention policies](/microsoft-365/compliance/dlp-configure-view-alerts-policies?view=o365-21vianet) | modified |
-| 12/14/2021 | [How to identify the type of hold placed on an Exchange Online mailbox](/microsoft-365/compliance/identify-a-hold-on-an-exchange-online-mailbox?view=o365-21vianet) | modified |
-| 12/14/2021 | [Configure retention settings to automatically retain or delete content](/microsoft-365/compliance/retention-settings?view=o365-21vianet) | modified |
-| 12/14/2021 | [Use network upload to import your organization's PST files](/microsoft-365/compliance/use-network-upload-to-import-pst-files?view=o365-21vianet) | modified |
-| 12/14/2021 | [Apply a sensitivity label to a model in Microsoft SharePoint Syntex](/microsoft-365/contentunderstanding/apply-a-sensitivity-label-to-a-model) | modified |
-| 12/14/2021 | [Troubleshoot license issues for Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-support-license?view=o365-21vianet) | modified |
-| 12/14/2021 | [Simulation automations for Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-simulation-automations?view=o365-21vianet) | modified |
-| 12/14/2021 | [Simulate a phishing attack with Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/attack-simulation-training?view=o365-21vianet) | modified |
-| 12/14/2021 | [Configure anti-phishing policies in EOP](/microsoft-365/security/office-365-security/configure-anti-phishing-policies-eop?view=o365-21vianet) | modified |
-| 12/14/2021 | [Configure anti-phishing policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/configure-mdo-anti-phishing-policies?view=o365-21vianet) | modified |
-| 12/14/2021 | [Quarantine policies](/microsoft-365/security/office-365-security/quarantine-policies?view=o365-21vianet) | modified |
-| 12/14/2021 | [Anti-phishing policies](/microsoft-365/security/office-365-security/set-up-anti-phishing-policies?view=o365-21vianet) | modified |
-| 12/14/2021 | [Microsoft 365 infographics for users](/microsoft-365/solutions/infographics-for-users?view=o365-21vianet) | modified |
-| 12/15/2021 | [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-21vianet) | renamed |
-| 12/15/2021 | [Create, edit, or delete a custom user view](/microsoft-365/admin/add-users/create-edit-or-delete-a-custom-user-view?view=o365-21vianet) | modified |
-| 12/15/2021 | [Let users reset their own passwords](/microsoft-365/admin/add-users/let-users-reset-passwords?view=o365-21vianet) | modified |
-| 12/15/2021 | [Resend a user's password - Admin Help](/microsoft-365/admin/add-users/resend-user-password?view=o365-21vianet) | modified |
-| 12/15/2021 | [Reset passwords](/microsoft-365/admin/add-users/reset-passwords?view=o365-21vianet) | modified |
-| 12/15/2021 | [Set an individual user's password to never expire](/microsoft-365/admin/add-users/set-password-to-never-expire?view=o365-21vianet) | modified |
-| 12/15/2021 | [Turn off strong password requirements for users](/microsoft-365/admin/add-users/strong-password?view=o365-21vianet) | modified |
-| 12/15/2021 | [About the Microsoft 365 admin center](/microsoft-365/admin/admin-overview/about-the-admin-center?view=o365-21vianet) | modified |
-| 12/15/2021 | [Get support](/microsoft-365/admin/get-help-support?view=o365-21vianet) | modified |
-| 12/15/2021 | [Language translation for Message center posts](/microsoft-365/admin/manage/language-translation-for-message-center-posts?view=o365-21vianet) | modified |
-| 12/15/2021 | [Set the password expiration policy for your organization](/microsoft-365/admin/manage/set-password-expiration-policy?view=o365-21vianet) | modified |
-| 12/15/2021 | [Share calendars with external users](/microsoft-365/admin/manage/share-calendars-with-external-users?view=o365-21vianet) | modified |
-| 12/15/2021 | [Microsoft Productivity Score](/microsoft-365/admin/productivity/productivity-score?view=o365-worldwide) | modified |
-| 12/15/2021 | [Create organization-wide signatures and disclaimers](/microsoft-365/admin/setup/create-signatures-and-disclaimers?view=o365-21vianet) | modified |
-| 12/15/2021 | [Domains Frequently Asked Questions](/microsoft-365/admin/setup/domains-faq?view=o365-21vianet) | modified |
-| 12/15/2021 | [Migrate email and contacts to Microsoft 365](/microsoft-365/admin/setup/migrate-email-and-contacts-admin?view=o365-21vianet) | modified |
-| 12/15/2021 | [Accept an email invitation to Microsoft 365 Business Standard (User)](/microsoft-365/admin/simplified-signup/user-invite-business-standard?view=o365-21vianet) | modified |
-| 12/15/2021 | [Troubleshooting Microsoft 365 usage analytics](/microsoft-365/admin/usage-analytics/usage-analytics-errors?view=o365-21vianet) | modified |
-| 12/15/2021 | [What's new in the Microsoft 365 admin center?](/microsoft-365/admin/whats-new-in-preview?view=o365-21vianet) | modified |
-| 12/15/2021 | [Use AllowSelfServicePurchase for the MSCommerce PowerShell module](/microsoft-365/commerce/subscriptions/allowselfservicepurchase-powershell?view=o365-21vianet) | modified |
-| 12/15/2021 | [Get started with custom sensitive information types](/microsoft-365/compliance/create-a-custom-sensitive-information-type?view=o365-21vianet) | modified |
-| 12/15/2021 | [Use network upload to import your organization's PST files](/microsoft-365/compliance/use-network-upload-to-import-pst-files?view=o365-21vianet) | modified |
-| 12/15/2021 | [Apply a document understanding model in Microsoft SharePoint Syntex](/microsoft-365/contentunderstanding/apply-a-model) | modified |
-| 12/15/2021 | [Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune](/microsoft-365/security/defender-endpoint/android-intune?view=o365-21vianet) | modified |
-| 12/15/2021 | [Attack surface reduction frequently asked questions (FAQ)](/microsoft-365/security/defender-endpoint/attack-surface-reduction-faq?view=o365-21vianet) | modified |
-| 12/15/2021 | [ASR rules deployment phase 4 - operationalize](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-phase-4?view=o365-21vianet) | modified |
-| 12/15/2021 | [Deploy attack surface reduction (ASR) rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment?view=o365-21vianet) | modified |
-| 12/15/2021 | [Use attack surface reduction rules to prevent malware infection](/microsoft-365/security/defender-endpoint/attack-surface-reduction?view=o365-21vianet) | modified |
-| 12/15/2021 | [Configure device proxy and Internet connection settings](/microsoft-365/security/defender-endpoint/configure-proxy-internet?view=o365-21vianet) | modified |
-| 12/15/2021 | [Enable Corelight integration in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/corelight-integration?view=o365-21vianet) | modified |
-| 12/15/2021 | [Customize attack surface reduction rules](/microsoft-365/security/defender-endpoint/customize-attack-surface-reduction?view=o365-21vianet) | modified |
-| 12/15/2021 | [Enable attack surface reduction rules](/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction?view=o365-21vianet) | modified |
-| 12/15/2021 | [Evaluate attack surface reduction rules](/microsoft-365/security/defender-endpoint/evaluate-attack-surface-reduction?view=o365-21vianet) | modified |
-| 12/15/2021 | [Host firewall reporting in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/host-firewall-reporting?view=o365-21vianet) | modified |
-| 12/15/2021 | [Set up the Microsoft Defender for Endpoint on macOS policies in Jamf Pro](/microsoft-365/security/defender-endpoint/mac-jamfpro-policies?view=o365-21vianet) | modified |
-| 12/15/2021 | [Set up and configure Microsoft Defender for Endpoint Plan 1](/microsoft-365/security/defender-endpoint/mde-p1-setup-configuration?view=o365-21vianet) | modified |
-| 12/15/2021 | [Microsoft Defender for Endpoint for non-Windows platforms](/microsoft-365/security/defender-endpoint/non-windows?view=o365-21vianet) | modified |
-| 12/15/2021 | [Onboard Windows multi-session devices in Azure Virtual Desktop](/microsoft-365/security/defender-endpoint/onboard-windows-multi-session-device?view=o365-21vianet) | modified |
-| 12/15/2021 | [Troubleshoot sensor health using Microsoft Defender for Endpoint Client Analyzer](/microsoft-365/security/defender-endpoint/overview-client-analyzer?view=o365-21vianet) | modified |
-| 12/15/2021 | [Server migration scenarios for the new version of Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/server-migration?view=o365-21vianet) | modified |
-| 12/15/2021 | [AADSignInEventsBeta table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-aadsignineventsbeta-table?view=o365-21vianet) | modified |
-| 12/15/2021 | [AADSpnSignInEventsBeta table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-aadspnsignineventsbeta-table?view=o365-21vianet) | modified |
-| 12/15/2021 | [AlertEvidence table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-alertevidence-table?view=o365-21vianet) | modified |
-| 12/15/2021 | [AlertInfo table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-alertinfo-table?view=o365-21vianet) | modified |
-| 12/15/2021 | [AssignedIPAddresses() function in advanced hunting for Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-assignedipaddresses-function?view=o365-21vianet) | modified |
-| 12/15/2021 | [CloudAppEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-cloudappevents-table?view=o365-21vianet) | modified |
-| 12/15/2021 | [DeviceEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-deviceevents-table?view=o365-21vianet) | modified |
-| 12/15/2021 | [DeviceFileCertificateInfo table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-devicefilecertificateinfo-table?view=o365-21vianet) | modified |
-| 12/15/2021 | [DeviceFileEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-devicefileevents-table?view=o365-21vianet) | modified |
-| 12/15/2021 | [DeviceFromIP() function in advanced hunting for Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-devicefromip-function?view=o365-21vianet) | modified |
-| 12/15/2021 | [DeviceImageLoadEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-deviceimageloadevents-table?view=o365-21vianet) | modified |
-| 12/15/2021 | [DeviceInfo table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-deviceinfo-table?view=o365-21vianet) | modified |
-| 12/15/2021 | [DeviceLogonEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-devicelogonevents-table?view=o365-21vianet) | modified |
-| 12/15/2021 | [DeviceNetworkEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-devicenetworkevents-table?view=o365-21vianet) | modified |
-| 12/15/2021 | [DeviceNetworkInfo table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-devicenetworkinfo-table?view=o365-21vianet) | modified |
-| 12/15/2021 | [DeviceProcessEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-deviceprocessevents-table?view=o365-21vianet) | modified |
-| 12/15/2021 | [DeviceRegistryEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-deviceregistryevents-table?view=o365-21vianet) | modified |
-| 12/15/2021 | [DeviceTvmSecureConfigurationAssessment table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-devicetvmsecureconfigurationassessment-table?view=o365-21vianet) | modified |
-| 12/15/2021 | [DeviceTvmSecureConfigurationAssessmentKB table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table?view=o365-21vianet) | modified |
-| 12/15/2021 | [DeviceTvmSoftwareInventory table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-devicetvmsoftwareinventory-table?view=o365-21vianet) | modified |
-| 12/15/2021 | [DeviceTvmSoftwareVulnerabilities table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-devicetvmsoftwarevulnerabilities-table?view=o365-21vianet) | modified |
-| 12/15/2021 | [DeviceTvmSoftwareVulnerabilitiesKB table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table?view=o365-21vianet) | modified |
-| 12/15/2021 | [EmailAttachmentInfo table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-emailattachmentinfo-table?view=o365-21vianet) | modified |
-| 12/15/2021 | [EmailEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-emailevents-table?view=o365-21vianet) | modified |
-| 12/15/2021 | [EmailPostDeliveryEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-emailpostdeliveryevents-table?view=o365-21vianet) | modified |
-| 12/15/2021 | [EmailUrlInfo table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-emailurlinfo-table?view=o365-21vianet) | modified |
-| 12/15/2021 | [FileProfile() function in advanced hunting for Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-fileprofile-function?view=o365-21vianet) | modified |
-| 12/15/2021 | [IdentityDirectoryEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-identitydirectoryevents-table?view=o365-21vianet) | modified |
-| 12/15/2021 | [IdentityInfo table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-identityinfo-table?view=o365-21vianet) | modified |
-| 12/15/2021 | [IdentityLogonEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-identitylogonevents-table?view=o365-21vianet) | modified |
-| 12/15/2021 | [IdentityQueryEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-identityqueryevents-table?view=o365-21vianet) | modified |
-| 12/15/2021 | [Track your Microsoft Secure Score history and meet goals](/microsoft-365/security/defender/microsoft-secure-score-history-metrics-trends?view=o365-21vianet) | modified |
-| 12/15/2021 | [Microsoft Compliance Manager premium assessments trial playbook](/microsoft-365/compliance/compliance-easy-trials-compliance-manager-assessment-playbook?view=o365-21vianet) | added |
-| 12/16/2021 | [Using Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-using?view=o365-21vianet) | modified |
-| 12/16/2021 | [Use network upload to import your organization's PST files](/microsoft-365/compliance/use-network-upload-to-import-pst-files?view=o365-21vianet) | modified |
-| 12/16/2021 | [Move a SharePoint site to a different geo location](/microsoft-365/enterprise/move-sharepoint-between-geo-locations?view=o365-21vianet) | modified |
-| 12/16/2021 | [Create a custom sensitive information type using PowerShell](/microsoft-365/compliance/create-a-custom-sensitive-information-type-in-scc-powershell?view=o365-21vianet) | modified |
-| 12/16/2021 | [Search the audit log in the Microsoft 365 compliance center](/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-21vianet) | modified |
-| 12/16/2021 | [Admin support for Microsoft Managed Desktop](/microsoft-365/managed-desktop/working-with-managed-desktop/admin-support?view=o365-21vianet) | modified |
-| 12/16/2021 | [Manage Microsoft Defender Antivirus updates and apply baselines](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-21vianet) | modified |
-| 12/16/2021 | [User tags in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/user-tags?view=o365-21vianet) | modified |
-| 12/16/2021 | [Learn about Microsoft feedback for your organization](/microsoft-365/admin/misc/feedback-user-control?view=o365-21vianet) | modified |
-| 12/16/2021 | [Service encryption with Customer Key](/microsoft-365/compliance/customer-key-overview?view=o365-21vianet) | modified |
-| 12/16/2021 | [Microsoft 365 Lighthouse and Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-lighthouse-integration?view=o365-21vianet) | modified |
-| 12/16/2021 | [Tutorials and simulations in Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-tutorials?view=o365-21vianet) | modified |
-| 12/16/2021 | Microsoft Defender for Endpoint on Android Application license terms | removed |
-| 12/16/2021 | Microsoft Defender for Endpoint API license and terms of use | removed |
-| 12/16/2021 | Microsoft Defender for Endpoint on iOS Application license terms | removed |
-| 12/16/2021 | [Get started with Microsoft Defender for Endpoint Plan 1](/microsoft-365/security/defender-endpoint/mde-plan1-getting-started?view=o365-21vianet) | modified |
-| 12/16/2021 | [Microsoft Defender ATP application license terms](/microsoft-365/security/defender-endpoint/mde-terms-mac?view=o365-21vianet) | modified |
-| 12/16/2021 | [Microsoft Defender for Endpoint Application license terms](/microsoft-365/security/defender-endpoint/mde-terms-mobile?view=o365-21vianet) | modified |
-| 12/16/2021 | Microsoft Defender Preview application license terms | removed |
-| 12/16/2021 | [Configure Microsoft Defender for Cloud Apps integration](/microsoft-365/security/defender-endpoint/microsoft-cloud-app-security-config?view=o365-21vianet) | modified |
-| 12/16/2021 | [Microsoft Defender for Cloud Apps integration overview](/microsoft-365/security/defender-endpoint/microsoft-cloud-app-security-integration?view=o365-21vianet) | modified |
-| 12/16/2021 | [Microsoft Defender Antivirus compatibility with other security products](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility?view=o365-21vianet) | modified |
-| 12/16/2021 | [Microsoft Defender Antivirus on Windows Server](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-on-windows-server?view=o365-21vianet) | modified |
-| 12/16/2021 | [Microsoft Defender Antivirus in Windows](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows?view=o365-21vianet) | modified |
-| 12/16/2021 | [Microsoft Defender for Endpoint on Android](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-android?view=o365-21vianet) | modified |
-| 12/16/2021 | [Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-ios?view=o365-21vianet) | modified |
-| 12/16/2021 | [Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-linux?view=o365-21vianet) | modified |
-| 12/16/2021 | [Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-mac?view=o365-21vianet) | modified |
-| 12/16/2021 | [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-21vianet) | modified |
-| 12/16/2021 | [Microsoft Defender Offline in Windows](/microsoft-365/security/defender-endpoint/microsoft-defender-offline?view=o365-21vianet) | modified |
-| 12/16/2021 | [Microsoft Defender Antivirus in the Windows Security app](/microsoft-365/security/defender-endpoint/microsoft-defender-security-center-antivirus?view=o365-21vianet) | modified |
-| 12/16/2021 | [Microsoft Defender Security Center](/microsoft-365/security/defender-endpoint/microsoft-defender-security-center?view=o365-21vianet) | modified |
-| 12/16/2021 | [Microsoft Threat Experts](/microsoft-365/security/defender-endpoint/microsoft-threat-experts?view=o365-21vianet) | modified |
-| 12/16/2021 | [Migrating from a third-party HIPS to ASR rules](/microsoft-365/security/defender-endpoint/migrating-asr-rules?view=o365-21vianet) | modified |
-| 12/16/2021 | [Migration guides to make the switch to Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/migration-guides?view=o365-21vianet) | modified |
-| 12/16/2021 | [Minimum requirements for Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/minimum-requirements?view=o365-21vianet) | modified |
-| 12/16/2021 | [Supported managed security service providers](/microsoft-365/security/defender-endpoint/mssp-list?view=o365-21vianet) | modified |
-| 12/16/2021 | [Managed security service provider (MSSP) partnership opportunities](/microsoft-365/security/defender-endpoint/mssp-support?view=o365-21vianet) | modified |
-| 12/16/2021 | [Microsoft Defender for Endpoint - Mobile Threat Defense](/microsoft-365/security/defender-endpoint/mtd?view=o365-21vianet) | modified |
-| 12/16/2021 | [Network device discovery and vulnerability management](/microsoft-365/security/defender-endpoint/network-devices?view=o365-21vianet) | modified |
-| 12/16/2021 | Microsoft 365 Defender APIs license and terms of use | removed |
-| 12/16/2021 | Terms of use for the Microsoft Defender for Office 365 trial | removed |
-| 12/16/2021 | Microsoft Report Message and Report Phishing Add-In license terms | removed |
-| 12/16/2021 | [End-user notifications for Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-traning-end-user-notifications?view=o365-21vianet) | added |
-| 12/16/2021 | [Simulation automations for Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-simulation-automations?view=o365-21vianet) | modified |
-| 12/16/2021 | [Simulate a phishing attack with Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/attack-simulation-training?view=o365-21vianet) | modified |
-| 12/17/2021 | [Get support](/microsoft-365/admin/get-help-support?view=o365-21vianet) | modified |
-| 12/17/2021 | [Add a domain to Microsoft 365](/microsoft-365/admin/setup/add-domain?view=o365-21vianet) | modified |
-| 12/17/2021 | [Use record versioning to update records stored in SharePoint or OneDrive](/microsoft-365/compliance/record-versioning?view=o365-21vianet) | modified |
-| 12/17/2021 | [Records Management in Microsoft 365](/microsoft-365/compliance/records-management?view=o365-21vianet) | modified |
-| 12/17/2021 | [Push content types to a hub](/microsoft-365/contentunderstanding/push-content-type-to-hub) | modified |
-| 12/17/2021 | [Move a OneDrive site to a different geo location](/microsoft-365/enterprise/move-onedrive-between-geo-locations?view=o365-21vianet) | modified |
-| 12/17/2021 | [Configure Microsoft Defender Antivirus using Microsoft Endpoint Manager](/microsoft-365/security/defender-endpoint/use-intune-config-manager-microsoft-defender-antivirus?view=o365-21vianet) | modified |
-| 12/17/2021 | [Using Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-using?view=o365-21vianet) | modified |
-| 12/17/2021 | [Use named entities in your data loss prevention policies (preview)](/microsoft-365/compliance/named-entities-use?view=o365-21vianet) | modified |
-| 12/17/2021 | [Microsoft 365 endpoints](/microsoft-365/enterprise/microsoft-365-endpoints?view=o365-21vianet) | modified |
-| 12/17/2021 | Office 365 endpoints for Germany | removed |
-| 12/17/2021 | [Office 365 US Government DOD endpoints](/microsoft-365/enterprise/microsoft-365-u-s-government-dod-endpoints?view=o365-21vianet) | modified |
-| 12/17/2021 | [Office 365 U.S. Government GCC High endpoints](/microsoft-365/enterprise/microsoft-365-u-s-government-gcc-high-endpoints?view=o365-21vianet) | modified |
-| 12/17/2021 | How to opt-in for migration from Microsoft Cloud Germany (Microsoft Cloud Deutschland) to Office 365 services in the new German datacenter regions | removed |
-| 12/17/2021 | AD FS migration steps for the migration from Microsoft Cloud Deutschland | removed |
-| 12/17/2021 | Additional information for Cloud Solution Providers | removed |
-| 12/17/2021 | Additional device information for the migration from Microsoft Cloud Deutschland | removed |
-| 12/17/2021 | Post-migration activities for the migration from Microsoft Cloud Deutschland | removed |
-| 12/17/2021 | Pre-migration activities for the migration from Microsoft Cloud Deutschland | removed |
-| 12/17/2021 | Information about eDiscovery experience during the migration from Microsoft Cloud Deutschland | removed |
-| 12/17/2021 | Additional Azure Active Directory information for the migration from Microsoft Cloud Deutschland | removed |
-| 12/17/2021 | What will change after the migration to Office 365 services in the new German datacenter regions | removed |
-| 12/17/2021 | Migration phases actions and impacts for the migration from Microsoft Cloud Deutschland) | removed |
-| 12/17/2021 | Migration from Microsoft Cloud Deutschland to Office 365 services in the new German datacenter regions | removed |
-| 12/17/2021 | [Set up your network for Microsoft 365](/microsoft-365/enterprise/set-up-network-for-microsoft-365?view=o365-21vianet) | modified |
-| 12/17/2021 | [URLs and IP address ranges for Office 365 operated by 21Vianet](/microsoft-365/enterprise/urls-and-ip-address-ranges-21vianet?view=o365-21vianet) | modified |
-| 12/17/2021 | [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-21vianet) | modified |
-| 12/17/2021 | [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-21vianet) | modified |
-| 12/17/2021 | [Configure and validate exclusions based on extension, name, or location](/microsoft-365/security/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus?view=o365-21vianet) | modified |
-| 12/17/2021 | [Evaluate attack surface reduction rules](/microsoft-365/security/defender-endpoint/evaluate-attack-surface-reduction?view=o365-21vianet) | modified |
-| 12/17/2021 | [Microsoft Defender Antivirus in the Windows Security app](/microsoft-365/security/defender-endpoint/microsoft-defender-security-center-antivirus?view=o365-21vianet) | modified |
-| 12/17/2021 | [Protect security settings with tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-21vianet) | modified |
-| 12/17/2021 | [User tags in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/user-tags?view=o365-21vianet) | modified |
+| 3/7/2022 | [Declare records by using retention labels](/microsoft-365/compliance/declare-records?view=o365-21vianet) | modified |
+| 3/7/2022 | [Use file plan to manage retention labels throughout the content lifecycle](/microsoft-365/compliance/file-plan-manager?view=o365-21vianet) | modified |
+| 3/7/2022 | [Visit the Action center to see remediation actions](/microsoft-365/security/defender-endpoint/auto-investigation-action-center?view=o365-21vianet) | modified |
+| 3/7/2022 | [View the details and results of an automated investigation](/microsoft-365/security/defender-endpoint/autoir-investigation-results?view=o365-21vianet) | modified |
+| 3/7/2022 | [Use automated investigations to investigate and remediate threats](/microsoft-365/security/defender-endpoint/automated-investigations?view=o365-21vianet) | modified |
+| 3/7/2022 | [Automation levels in automated investigation and remediation](/microsoft-365/security/defender-endpoint/automation-levels?view=o365-21vianet) | modified |
+| 3/7/2022 | [Configure automated investigation and remediation capabilities](/microsoft-365/security/defender-endpoint/configure-automated-investigations-remediation?view=o365-21vianet) | modified |
+| 3/7/2022 | [Configure device discovery](/microsoft-365/security/defender-endpoint/configure-device-discovery?view=o365-21vianet) | modified |
+| 3/7/2022 | [Create indicators for files](/microsoft-365/security/defender-endpoint/indicator-file?view=o365-21vianet) | modified |
+| 3/7/2022 | [Review remediation actions following automated investigations](/microsoft-365/security/defender-endpoint/manage-auto-investigation?view=o365-21vianet) | modified |
+| 3/7/2022 | [Security recommendations by threat and vulnerability management](/microsoft-365/security/defender-endpoint/tvm-security-recommendation?view=o365-21vianet) | modified |
+| 3/7/2022 | [Alert grading for suspicious email forwarding activity](/microsoft-365/security/defender/alert-grading-playbook-email-forwarding?view=o365-21vianet) | modified |
+| 3/7/2022 | [Alert grading for suspicious inbox forwarding rules](/microsoft-365/security/defender/alert-grading-playbook-inbox-forwarding-rules?view=o365-21vianet) | modified |
+| 3/7/2022 | [Alert grading for suspicious inbox manipulation rules](/microsoft-365/security/defender/alert-grading-playbook-inbox-manipulation-rules?view=o365-21vianet) | modified |
+| 3/7/2022 | [Alert grading playbooks](/microsoft-365/security/defender/alert-grading-playbooks?view=o365-21vianet) | modified |
+| 3/7/2022 | [Review architecture requirements and the technical framework for Microsoft Defender for Identity](/microsoft-365/security/defender/eval-defender-identity-architecture?view=o365-21vianet) | modified |
+| 3/7/2022 | [Enable the evaluation environment for Microsoft Defender for Identity](/microsoft-365/security/defender/eval-defender-identity-enable-eval?view=o365-21vianet) | modified |
+| 3/7/2022 | [Step 2. Evaluate Microsoft 365 Defender for Identity overview, set up evaluation](/microsoft-365/security/defender/eval-defender-identity-overview?view=o365-21vianet) | modified |
+| 3/7/2022 | [Pilot Microsoft Defender for Identity](/microsoft-365/security/defender/eval-defender-identity-pilot?view=o365-21vianet) | modified |
+| 3/7/2022 | [Try Microsoft 365 Defender incident response capabilities in a pilot environment](/microsoft-365/security/defender/eval-defender-investigate-respond-additional?view=o365-21vianet) | modified |
+| 3/7/2022 | [Run an attack simulation in a Microsoft 365 Defender pilot environment](/microsoft-365/security/defender/eval-defender-investigate-respond-simulate-attack?view=o365-21vianet) | modified |
+| 3/7/2022 | [Step 6. Investigate and respond using Microsoft 365 Defender in a pilot environment](/microsoft-365/security/defender/eval-defender-investigate-respond?view=o365-21vianet) | modified |
+| 3/7/2022 | [Step 1. Triage and analyze your first incident](/microsoft-365/security/defender/first-incident-analyze?view=o365-21vianet) | modified |
+| 3/7/2022 | [Responding to your first incident](/microsoft-365/security/defender/first-incident-overview?view=o365-21vianet) | modified |
+| 3/7/2022 | [Example of an identity-based attack](/microsoft-365/security/defender/first-incident-path-identity?view=o365-21vianet) | modified |
+| 3/7/2022 | [Example of a phishing email attack](/microsoft-365/security/defender/first-incident-path-phishing?view=o365-21vianet) | modified |
+| 3/7/2022 | [Step 3. Perform a post-incident review of your first incident](/microsoft-365/security/defender/first-incident-post?view=o365-21vianet) | modified |
+| 3/7/2022 | [Prepare your security posture for your first incident](/microsoft-365/security/defender/first-incident-prepare?view=o365-21vianet) | modified |
+| 3/7/2022 | [Step 2. Remediate your first incident](/microsoft-365/security/defender/first-incident-remediate?view=o365-21vianet) | modified |
+| 3/7/2022 | [Prioritize incidents in Microsoft 365 Defender](/microsoft-365/security/defender/incident-queue?view=o365-21vianet) | modified |
+| 3/7/2022 | [Investigate and respond with Microsoft 365 Defender](/microsoft-365/security/defender/incident-response-overview?view=o365-21vianet) | modified |
+| 3/7/2022 | [Incident response with Microsoft 365 Defender](/microsoft-365/security/defender/incidents-overview?view=o365-21vianet) | modified |
+| 3/7/2022 | [Step 1. Plan for Microsoft 365 Defender operations readiness](/microsoft-365/security/defender/integrate-microsoft-365-defender-secops-plan?view=o365-21vianet) | modified |
+| 3/7/2022 | [Step 2. Perform a SOC integration readiness assessment using the Zero Trust Framework](/microsoft-365/security/defender/integrate-microsoft-365-defender-secops-readiness?view=o365-21vianet) | modified |
+| 3/7/2022 | [Step 4. Define Microsoft 365 Defender roles, responsibilities, and oversight](/microsoft-365/security/defender/integrate-microsoft-365-defender-secops-roles?view=o365-21vianet) | modified |
+| 3/7/2022 | [Step 3. Plan for Microsoft 365 Defender integration with your SOC catalog of services](/microsoft-365/security/defender/integrate-microsoft-365-defender-secops-services?view=o365-21vianet) | modified |
+| 3/7/2022 | [Step 6. Identify SOC maintenance tasks](/microsoft-365/security/defender/integrate-microsoft-365-defender-secops-tasks?view=o365-21vianet) | modified |
+| 3/7/2022 | [Step 5. Develop and test use cases](/microsoft-365/security/defender/integrate-microsoft-365-defender-secops-use-cases?view=o365-21vianet) | modified |
+| 3/7/2022 | [Integrating Microsoft 365 Defender into your security operations](/microsoft-365/security/defender/integrate-microsoft-365-defender-secops?view=o365-21vianet) | modified |
+| 3/7/2022 | [Investigate alerts in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-alerts?view=o365-21vianet) | modified |
+| 3/7/2022 | [Investigate incidents in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-incidents?view=o365-21vianet) | modified |
+| 3/7/2022 | [Investigate users in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-users?view=o365-21vianet) | modified |
+| 3/7/2022 | [Go to the Action center to view and approve your automated investigation and remediation tasks](/microsoft-365/security/defender/m365d-action-center?view=o365-21vianet) | modified |
+| 3/7/2022 | [View and manage actions in the Action center](/microsoft-365/security/defender/m365d-autoir-actions?view=o365-21vianet) | modified |
+| 3/7/2022 | [Address false positives or false negatives in Microsoft 365 Defender](/microsoft-365/security/defender/m365d-autoir-report-false-positives-negatives?view=o365-21vianet) | modified |
+| 3/7/2022 | [Details and results of an automated investigation](/microsoft-365/security/defender/m365d-autoir-results?view=o365-21vianet) | modified |
+| 3/7/2022 | [Automated investigation and response in Microsoft 365 Defender](/microsoft-365/security/defender/m365d-autoir?view=o365-21vianet) | modified |
+| 3/7/2022 | [Configure automated investigation and response capabilities in Microsoft 365 Defender](/microsoft-365/security/defender/m365d-configure-auto-investigation-response?view=o365-21vianet) | modified |
+| 3/7/2022 | [Remediation actions in Microsoft 365 Defender](/microsoft-365/security/defender/m365d-remediation-actions?view=o365-21vianet) | modified |
+| 3/7/2022 | [Manage incidents in Microsoft 365 Defender](/microsoft-365/security/defender/manage-incidents?view=o365-21vianet) | modified |
+| 3/7/2022 | [Microsoft 365 Defender integration with Microsoft Sentinel](/microsoft-365/security/defender/microsoft-365-defender-integration-with-azure-sentinel?view=o365-21vianet) | modified |
+| 3/7/2022 | [Train your security staff for Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-defender-train-security-staff?view=o365-21vianet) | modified |
+| 3/7/2022 | [Custom reporting solutions with automated investigation and response](/microsoft-365/security/office-365-security/air-custom-reporting?view=o365-21vianet) | modified |
+| 3/7/2022 | [Remediation actions in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/air-remediation-actions?view=o365-21vianet) | modified |
+| 3/7/2022 | [How to report false positives or false negatives following automated investigation in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/air-report-false-positives-negatives?view=o365-21vianet) | modified |
+| 3/7/2022 | [Review and manage remediation actions in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/air-review-approve-pending-completed-actions?view=o365-21vianet) | modified |
+| 3/7/2022 | [View the results of an automated investigation in Microsoft 365](/microsoft-365/security/office-365-security/air-view-investigation-results?view=o365-21vianet) | modified |
+| 3/7/2022 | [How automated investigation and response works in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/automated-investigation-response-office?view=o365-21vianet) | modified |
+| 3/7/2022 | [Email analysis in investigations for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/email-analysis-investigations?view=o365-21vianet) | modified |
+| 3/7/2022 | [Identity and device access policies for allowing guest and external user B2B access - Microsoft 365 for enterprise \| Microsoft Docs](/microsoft-365/security/office-365-security/identity-access-policies-guest-access?view=o365-21vianet) | modified |
+| 3/7/2022 | [Common Zero Trust identity and device access policies - Microsoft 365 for enterprise \| Microsoft Docs](/microsoft-365/security/office-365-security/identity-access-policies?view=o365-21vianet) | modified |
+| 3/7/2022 | [Prerequisite work for implementing identity and device access policies - Microsoft 365 for enterprise \| Microsoft Docs](/microsoft-365/security/office-365-security/identity-access-prerequisites?view=o365-21vianet) | modified |
+| 3/7/2022 | [Continuous access evaluation for Microsoft 365 - Microsoft 365 for enterprise](/microsoft-365/security/office-365-security/microsoft-365-continuous-access-evaluation?view=o365-21vianet) | modified |
+| 3/7/2022 | [Zero Trust identity and device access configurations - Microsoft 365 for enterprise](/microsoft-365/security/office-365-security/microsoft-365-policies-configurations?view=o365-21vianet) | modified |
+| 3/7/2022 | [Automated investigation and response in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/office-365-air?view=o365-21vianet) | modified |
+| 3/7/2022 | [Secure email recommended policies - Microsoft 365 for enterprise \| Microsoft Docs](/microsoft-365/security/office-365-security/secure-email-recommended-policies?view=o365-21vianet) | modified |
+| 3/7/2022 | [Recommended secure document policies - Microsoft 365 for enterprise \| Microsoft Docs](/microsoft-365/security/office-365-security/sharepoint-file-access-policies?view=o365-21vianet) | modified |
+| 3/7/2022 | [View email security reports](/microsoft-365/security/office-365-security/view-email-security-reports?view=o365-21vianet) | modified |
+| 3/7/2022 | [Contoso's COVID-19 response and support for hybrid work](/microsoft-365/solutions/contoso-remote-onsite-work?view=o365-21vianet) | modified |
+| 3/7/2022 | [Step 4. Deploy endpoint management for your devices, PCs, and other endpoints](/microsoft-365/solutions/empower-people-to-work-remotely-manage-endpoints?view=o365-21vianet) | modified |
+| 3/7/2022 | [Step 2. Provide remote access to on-premises apps and services](/microsoft-365/solutions/empower-people-to-work-remotely-remote-access?view=o365-21vianet) | modified |
+| 3/7/2022 | [Step 1. Increase sign-in security for hybrid workers with MFA](/microsoft-365/solutions/empower-people-to-work-remotely-secure-sign-in?view=o365-21vianet) | modified |
+| 3/7/2022 | [Step 3: Deploy security and compliance for hybrid workers](/microsoft-365/solutions/empower-people-to-work-remotely-security-compliance?view=o365-21vianet) | modified |
+| 3/7/2022 | [Step 5. Deploy hybrid worker productivity apps and services](/microsoft-365/solutions/empower-people-to-work-remotely-teams-productivity-apps?view=o365-21vianet) | modified |
+| 3/7/2022 | [Step 6: Train your workers and address usage feedback](/microsoft-365/solutions/empower-people-to-work-remotely-train-monitor-usage?view=o365-21vianet) | modified |
+| 3/7/2022 | [Set up your infrastructure for hybrid work with Microsoft 365](/microsoft-365/solutions/empower-people-to-work-remotely?view=o365-21vianet) | modified |
+| 3/7/2022 | [Step 2. Deploy attack detection and response](/microsoft-365/solutions/ransomware-protection-microsoft-365-attack-detection-response?view=o365-21vianet) | modified |
+| 3/7/2022 | [Step 4. Protect devices](/microsoft-365/solutions/ransomware-protection-microsoft-365-devices?view=o365-21vianet) | modified |
+| 3/7/2022 | [Step 3. Protect identities](/microsoft-365/solutions/ransomware-protection-microsoft-365-identities?view=o365-21vianet) | modified |
+| 3/7/2022 | [Step 5. Protect information](/microsoft-365/solutions/ransomware-protection-microsoft-365-information?view=o365-21vianet) | modified |
+| 3/7/2022 | [Step 1. Configure security baselines](/microsoft-365/solutions/ransomware-protection-microsoft-365-security-baselines?view=o365-21vianet) | modified |
+| 3/7/2022 | [Deploy ransomware protection for your Microsoft 365 tenant](/microsoft-365/solutions/ransomware-protection-microsoft-365?view=o365-21vianet) | modified |
+| 3/7/2022 | [What's new in Microsoft 365 compliance](/microsoft-365/compliance/whats-new?view=o365-21vianet) | modified |
+| 3/7/2022 | [Create a model on a local SharePoint site with Microsoft SharePoint Syntex](/microsoft-365/contentunderstanding/create-local-model) | added |
+| 3/7/2022 | [Introduction to Microsoft SharePoint Syntex](/microsoft-365/contentunderstanding/index) | modified |
+| 3/7/2022 | [Onboard Windows servers to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-21vianet) | modified |
+| 3/7/2022 | [Manage Microsoft Defender Antivirus updates and apply baselines](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 3/7/2022 | [Microsoft Defender Antivirus compatibility with other security products](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility?view=o365-21vianet) | modified |
+| 3/8/2022 | [Microsoft Defender for Identity notifications in Microsoft 365 Defender](/microsoft-365/security/defender-identity/notifications?view=o365-21vianet) | modified |
+| 3/8/2022 | [Use a prebuilt model to extract info from invoices or receipts in Microsoft SharePoint Syntex](/microsoft-365/contentunderstanding/prebuilt-models) | modified |
+| 3/8/2022 | [What's new in Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-whatsnew?view=o365-21vianet) | modified |
+| 3/8/2022 | [What's new in Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-whatsnew?view=o365-21vianet) | modified |
+| 3/8/2022 | [Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-linux?view=o365-21vianet) | modified |
+| 3/8/2022 | [Take response actions on a file in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/respond-file-alerts?view=o365-21vianet) | modified |
+| 3/8/2022 | [Collect support logs in Microsoft Defender for Endpoint using live response](/microsoft-365/security/defender-endpoint/troubleshoot-collect-support-log?view=o365-21vianet) | modified |
+| 3/8/2022 | [Microsoft 365 admin center activity reports](/microsoft-365/admin/activity-reports/activity-reports?view=o365-21vianet) | modified |
+| 3/8/2022 | [Microsoft 365 admin center browser usage reports](/microsoft-365/admin/activity-reports/browser-usage-report?view=o365-21vianet) | modified |
+| 3/8/2022 | [Microsoft 365 admin center email activity reports](/microsoft-365/admin/activity-reports/email-activity-ww?view=o365-21vianet) | modified |
+| 3/8/2022 | [Microsoft 365 admin center email apps usage reports](/microsoft-365/admin/activity-reports/email-apps-usage-ww?view=o365-21vianet) | modified |
+| 3/8/2022 | [Microsoft 365 admin center forms activity reports](/microsoft-365/admin/activity-reports/forms-activity-ww?view=o365-21vianet) | modified |
+| 3/8/2022 | [Microsoft Dynamics 365 customer voice activity reports](/microsoft-365/admin/activity-reports/forms-pro-activity-ww?view=o365-21vianet) | modified |
+| 3/8/2022 | [Microsoft 365 admin center mailbox usage reports](/microsoft-365/admin/activity-reports/mailbox-usage?view=o365-21vianet) | modified |
+| 3/8/2022 | [Microsoft 365 admin center Office activations reports](/microsoft-365/admin/activity-reports/microsoft-office-activations-ww?view=o365-21vianet) | modified |
+| 3/8/2022 | [Microsoft 365 admin center Teams app usage reports](/microsoft-365/admin/activity-reports/microsoft-teams-device-usage-preview?view=o365-21vianet) | modified |
+| 3/8/2022 | Microsoft Teams device usage | removed |
+| 3/8/2022 | [Microsoft 365 admin center Teams user activity reports](/microsoft-365/admin/activity-reports/microsoft-teams-user-activity-preview?view=o365-21vianet) | modified |
+| 3/8/2022 | Microsoft 365 admin center reports - Microsoft Teams user activity | removed |
+| 3/8/2022 | [Microsoft 365 admin center apps usage reports](/microsoft-365/admin/activity-reports/microsoft365-apps-usage-ww?view=o365-21vianet) | modified |
+| 3/8/2022 | [Microsoft 365 admin center groups reports](/microsoft-365/admin/activity-reports/office-365-groups-ww?view=o365-21vianet) | modified |
+| 3/8/2022 | [Microsoft 365 OneDrive for Business activity reports](/microsoft-365/admin/activity-reports/onedrive-for-business-activity-ww?view=o365-21vianet) | modified |
+| 3/8/2022 | [Microsoft 365 OneDrive for Business usage reports](/microsoft-365/admin/activity-reports/onedrive-for-business-usage-ww?view=o365-21vianet) | modified |
+| 3/8/2022 | [Microsoft 365 admin center SharePoint activity reports](/microsoft-365/admin/activity-reports/sharepoint-activity-ww?view=o365-21vianet) | modified |
+| 3/8/2022 | [Microsoft 365 admin center SharePoint site usage reports](/microsoft-365/admin/activity-reports/sharepoint-site-usage-ww?view=o365-21vianet) | modified |
+| 3/8/2022 | [Microsoft 365 admin center Viva Insights activity reports](/microsoft-365/admin/activity-reports/viva-insights-activity?view=o365-21vianet) | modified |
+| 3/8/2022 | [Microsoft 365 admin center Viva Learning activity reports](/microsoft-365/admin/activity-reports/viva-learning-activity?view=o365-21vianet) | modified |
+| 3/8/2022 | [Microsoft 365 admin center Yammer activity reports](/microsoft-365/admin/activity-reports/yammer-activity-report-ww?view=o365-21vianet) | modified |
+| 3/8/2022 | [Microsoft 365 admin center Yammer device usage reports](/microsoft-365/admin/activity-reports/yammer-device-usage-report-ww?view=o365-21vianet) | modified |
+| 3/8/2022 | [Microsoft 365 admin center Yammer groups activity reports](/microsoft-365/admin/activity-reports/yammer-groups-activity-report-ww?view=o365-21vianet) | modified |
+| 3/8/2022 | [Choose between Basic Mobility and Security and Intune](/microsoft-365/admin/basic-mobility-security/choose-between-basic-mobility-and-security-and-intune?view=o365-21vianet) | modified |
+| 3/8/2022 | [Create device security policies in Basic Mobility and Security](/microsoft-365/admin/basic-mobility-security/create-device-security-policies?view=o365-21vianet) | modified |
+| 3/8/2022 | [Enroll your mobile device using Basic Mobility and Security](/microsoft-365/admin/basic-mobility-security/enroll-your-mobile-device?view=o365-21vianet) | modified |
+| 3/8/2022 | [Troubleshoot Basic Mobility and Security](/microsoft-365/admin/basic-mobility-security/troubleshoot?view=o365-21vianet) | modified |
+| 3/8/2022 | [Wipe a mobile device in Basic Mobility and Security](/microsoft-365/admin/basic-mobility-security/wipe-mobile-device?view=o365-21vianet) | modified |
+| 3/8/2022 | [DLP policy conditions, exceptions, and actions](/microsoft-365/compliance/dlp-conditions-and-exceptions?view=o365-21vianet) | modified |
+| 3/8/2022 | [Export documents from a review set](/microsoft-365/compliance/export-documents-from-review-set?view=o365-21vianet) | modified |
+| 3/8/2022 | [Search for and delete email messages in your organization](/microsoft-365/compliance/search-for-and-delete-messages-in-your-organization?view=o365-21vianet) | modified |
+| 3/8/2022 | [Configure Microsoft 365 Multi-Geo eDiscovery](/microsoft-365/enterprise/multi-geo-ediscovery-configuration?view=o365-21vianet) | modified |
+| 3/8/2022 | [Microsoft Defender for Endpoint Device Control Removable Storage Access Control, removable storage media](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control?view=o365-21vianet) | modified |
+| 3/8/2022 | [Turn on network protection](/microsoft-365/security/defender-endpoint/enable-network-protection?view=o365-21vianet) | modified |
+| 3/8/2022 | [Run the client analyzer on macOS or Linux](/microsoft-365/security/defender-endpoint/run-analyzer-macos-linux?view=o365-21vianet) | modified |
+| 3/8/2022 | [Configuring and controlling external email forwarding in Microsoft 365.](/microsoft-365/security/office-365-security/external-email-forwarding?view=o365-21vianet) | modified |
+| 3/8/2022 | [Allow members to send as or send on behalf of a group](/microsoft-365/solutions/allow-members-to-send-as-or-send-on-behalf-of-group?view=o365-21vianet) | modified |
+| 3/9/2022 | [Working with device groups in Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-device-groups-mdb?view=o365-21vianet) | added |
+| 3/9/2022 | [Onboard your organization's devices to Microsoft Defender for Business](/microsoft-365/business-premium/m365bp-onboard-devices-mdb?view=o365-21vianet) | added |
+| 3/9/2022 | [Review remediation actions in Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-review-remediation-actions-devices?view=o365-21vianet) | added |
+| 3/9/2022 | [View or edit device protection policies](/microsoft-365/business-premium/m365bp-view-edit-create-mdb-policies?view=o365-21vianet) | added |
+| 3/9/2022 | [Integrate Microsoft OneDrive LTI with Blackboard](/microsoft-365/lti/onedrive-lti-blackboard?view=o365-21vianet) | added |
+| 3/9/2022 | [Import custodians to an Advanced eDiscovery case](/microsoft-365/compliance/bulk-add-custodians?view=o365-21vianet) | modified |
+| 3/9/2022 | [Create eDiscovery holds in a Core eDiscovery case](/microsoft-365/compliance/create-ediscovery-holds?view=o365-21vianet) | modified |
+| 3/9/2022 | [Manage holds in Advanced eDiscovery](/microsoft-365/compliance/managing-holds?view=o365-21vianet) | modified |
+| 3/9/2022 | [Search the audit log in the Microsoft 365 compliance center](/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-21vianet) | modified |
+| 3/9/2022 | [Use Content search for targeted collections](/microsoft-365/compliance/use-content-search-for-targeted-collections?view=o365-21vianet) | modified |
+| 3/9/2022 | [Overview of Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-overview?view=o365-21vianet) | modified |
+| 3/9/2022 | [Microsoft Defender for Endpoint Device Control Removable Storage Access Control, removable storage media](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control?view=o365-21vianet) | modified |
+| 3/9/2022 | [Anti-malware protection](/microsoft-365/security/office-365-security/anti-malware-protection?view=o365-21vianet) | modified |
+| 3/9/2022 | [Configure anti-malware policies](/microsoft-365/security/office-365-security/configure-anti-malware-policies?view=o365-21vianet) | modified |
+| 3/9/2022 | [Test Base FAQ](/microsoft-365/test-base/faq?view=o365-21vianet) | modified |
+| 3/9/2022 | [Overview](/microsoft-365/test-base/overview?view=o365-21vianet) | modified |
+| 3/9/2022 | [Automatically apply a sensitivity label to content in Microsoft 365](/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-21vianet) | modified |
+| 3/9/2022 | [Create custom sensitive information types](/microsoft-365/compliance/create-a-custom-sensitive-information-type?view=o365-21vianet) | modified |
+| 3/9/2022 | [Disposition of content](/microsoft-365/compliance/disposition?view=o365-21vianet) | modified |
+| 3/9/2022 | [Using Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-using?view=o365-21vianet) | modified |
+| 3/9/2022 | [Limits for retention policies and retention label policies](/microsoft-365/compliance/retention-limits?view=o365-21vianet) | modified |
+| 3/9/2022 | [Accessibility mode in SharePoint Syntex](/microsoft-365/contentunderstanding/accessibility-mode) | modified |
+| 3/9/2022 | [Scenarios and use cases for Microsoft SharePoint Syntex](/microsoft-365/contentunderstanding/adoption-scenarios) | modified |
+| 3/9/2022 | [Differences between document understanding and form processing models](/microsoft-365/contentunderstanding/difference-between-document-understanding-and-form-processing-model) | modified |
+| 3/9/2022 | [Duplicate a model in Microsoft SharePoint Syntex](/microsoft-365/contentunderstanding/duplicate-a-model) | modified |
+| 3/9/2022 | [Onboard devices to Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-onboard-devices?view=o365-21vianet) | modified |
+| 3/9/2022 | [Use the wizard to set up Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-use-wizard?view=o365-21vianet) | modified |
+| 3/9/2022 | [Minimum requirements for Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/minimum-requirements?view=o365-21vianet) | modified |
+| 3/9/2022 | [Top scoring in industry tests - Microsoft 365 Defender](/microsoft-365/security/defender/top-scoring-industry-tests?view=o365-21vianet) | modified |
+| 3/9/2022 | [Simulation automations for Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-simulation-automations?view=o365-21vianet) | modified |
+| 3/9/2022 | [Simulate a phishing attack with Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training?view=o365-21vianet) | modified |
+| 3/10/2022 | [View and organize the Microsoft Defender for Endpoint Alerts queue](/microsoft-365/security/defender-endpoint/alerts-queue?view=o365-21vianet) | modified |
+| 3/10/2022 | [Onboard non-persistent virtual desktop infrastructure (VDI) devices](/microsoft-365/security/defender-endpoint/configure-endpoints-vdi?view=o365-21vianet) | modified |
+| 3/10/2022 | [Onboard Windows servers to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-21vianet) | modified |
+| 3/10/2022 | [How to schedule an update of the Microsoft Defender for Endpoint (Linux)](/microsoft-365/security/defender-endpoint/linux-update-mde-linux?view=o365-21vianet) | modified |
+| 3/10/2022 | [Investigate entities on devices using live response in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/live-response?view=o365-21vianet) | modified |
+| 3/10/2022 | [Use Cost management in the Microsoft 365 admin center](/microsoft-365/commerce/use-cost-mgmt?view=o365-21vianet) | added |
+| 3/10/2022 | [Automatically apply a sensitivity label to content in Microsoft 365](/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-21vianet) | modified |
+| 3/10/2022 | [eDiscovery solution series Data spillage scenario - Search and purge](/microsoft-365/compliance/data-spillage-scenariosearch-and-purge?view=o365-21vianet) | modified |
+| 3/10/2022 | [Predictive coding in Advanced eDiscovery - Quick start](/microsoft-365/compliance/predictive-coding-quick-start?view=o365-21vianet) | modified |
+| 3/10/2022 | [Form processing overview in Microsoft SharePoint Syntex](/microsoft-365/contentunderstanding/form-processing-overview) | modified |
+| 3/10/2022 | [Introduction to Microsoft SharePoint Syntex](/microsoft-365/contentunderstanding/index) | modified |
+| 3/10/2022 | [Analyze how your models are used in Microsoft SharePoint Syntex](/microsoft-365/contentunderstanding/model-usage-analytics) | modified |
+| 3/10/2022 | [Rename a model in Microsoft SharePoint Syntex](/microsoft-365/contentunderstanding/rename-a-model) | modified |
+| 3/10/2022 | [Rename an extractor in Microsoft SharePoint Syntex](/microsoft-365/contentunderstanding/rename-an-extractor) | modified |
+| 3/10/2022 | [Network connectivity in the Microsoft 365 Admin Center](/microsoft-365/enterprise/office-365-network-mac-perf-overview?view=o365-21vianet) | modified |
+| 3/10/2022 | [Compare security features in Microsoft 365 plans for small and medium-sized businesses](/microsoft-365/security/defender-business/compare-mdb-m365-plans?view=o365-21vianet) | modified |
+| 3/10/2022 | [Get Microsoft Defender for Business](/microsoft-365/security/defender-business/get-defender-business?view=o365-21vianet) | modified |
+| 3/10/2022 | [Microsoft Defender for Business](/microsoft-365/security/defender-business/index?view=o365-21vianet) | modified |
+| 3/10/2022 | [View and edit your security settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-21vianet) | modified |
+| 3/10/2022 | [Device groups in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-create-edit-device-groups?view=o365-21vianet) | modified |
+| 3/10/2022 | [Manage custom rules for firewall policies in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-custom-rules-firewall?view=o365-21vianet) | modified |
+| 3/10/2022 | [Set up email notifications for your security team](/microsoft-365/security/defender-business/mdb-email-notifications?view=o365-21vianet) | modified |
+| 3/10/2022 | [Firewall in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-firewall?view=o365-21vianet) | modified |
+| 3/10/2022 | [Get help and support for Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-get-help?view=o365-21vianet) | modified |
+| 3/10/2022 | [Get started using the Microsoft 365 Defender portal](/microsoft-365/security/defender-business/mdb-get-started?view=o365-21vianet) | modified |
+| 3/10/2022 | [Microsoft 365 Lighthouse and Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-lighthouse-integration?view=o365-21vianet) | modified |
+| 3/10/2022 | [Manage devices in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-manage-devices?view=o365-21vianet) | modified |
+| 3/10/2022 | [Understand next-generation protection configuration settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-next-gen-configuration-settings?view=o365-21vianet) | modified |
+| 3/10/2022 | [Onboard devices to Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-onboard-devices?view=o365-21vianet) | modified |
+| 3/10/2022 | [Overview of Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-overview?view=o365-21vianet) | modified |
+| 3/10/2022 | [Understand policy order in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-policy-order?view=o365-21vianet) | modified |
+| 3/10/2022 | [Reports in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-reports?view=o365-21vianet) | modified |
+| 3/10/2022 | [Requirements for Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-requirements?view=o365-21vianet) | modified |
+| 3/10/2022 | [Respond to and mitigate threats in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-respond-mitigate-threats?view=o365-21vianet) | modified |
+| 3/10/2022 | [Review remediation actions in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-review-remediation-actions?view=o365-21vianet) | modified |
+| 3/10/2022 | [Assign roles and permissions in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-roles-permissions?view=o365-21vianet) | modified |
+| 3/10/2022 | [Set up and configure Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-setup-configuration?view=o365-21vianet) | modified |
+| 3/10/2022 | [The simplified configuration process in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-simplified-configuration?view=o365-21vianet) | modified |
+| 3/10/2022 | [Use the wizard to set up Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-use-wizard?view=o365-21vianet) | modified |
+| 3/10/2022 | [View or edit policies in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-view-edit-create-policies?view=o365-21vianet) | modified |
+| 3/10/2022 | [View and manage incidents in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-view-manage-incidents?view=o365-21vianet) | modified |
+| 3/10/2022 | [View your Threat & Vulnerability Management dashboard in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-view-tvm-dashboard?view=o365-21vianet) | modified |
+| 3/10/2022 | [Understand the analyst report section in threat analytics in Microsoft 365 Defender](/microsoft-365/security/defender/threat-analytics-analyst-reports?view=o365-21vianet) | modified |
+| 3/10/2022 | [Threat analytics in Microsoft 365 Defender](/microsoft-365/security/defender/threat-analytics?view=o365-21vianet) | modified |
+| 3/10/2022 | [View and release quarantined messages from shared mailboxes](/microsoft-365/security/office-365-security/view-and-release-quarantined-messages-from-shared-mailboxes?view=o365-21vianet) | modified |
+| 3/11/2022 | [Investigate and remediate communication compliance alerts](/microsoft-365/compliance/communication-compliance-investigate-remediate?view=o365-21vianet) | modified |
+| 3/11/2022 | [Communication compliance policies](/microsoft-365/compliance/communication-compliance-policies?view=o365-21vianet) | modified |
+| 3/11/2022 | [Learn about communication compliance](/microsoft-365/compliance/communication-compliance?view=o365-21vianet) | modified |
+| 3/11/2022 | [Office TLS Certificate Changes](/microsoft-365/compliance/encryption-office-365-tls-certificates-changes?view=o365-21vianet) | modified |
+| 3/11/2022 | [Introduction to Microsoft SharePoint Syntex](/microsoft-365/contentunderstanding/index) | modified |
+| 3/11/2022 | [Onboard devices and configure Microsoft Defender for Endpoint capabilities](/microsoft-365/security/defender-endpoint/onboard-configure?view=o365-21vianet) | modified |
+| 3/11/2022 | [Configure retention settings to automatically retain or delete content](/microsoft-365/compliance/retention-settings?view=o365-21vianet) | modified |
+| 3/11/2022 | [Windows and Office 365 deployment lab kit](/microsoft-365/enterprise/modern-desktop-deployment-and-management-lab?view=o365-21vianet) | modified |
+| 3/11/2022 | [Upgrade distribution lists to Microsoft 365 Groups in Outlook](/microsoft-365/admin/manage/upgrade-distribution-lists?view=o365-21vianet) | modified |
+| 3/11/2022 | [Learn about Microsoft 365 Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-learn-about?view=o365-21vianet) | modified |
+| 3/11/2022 | [Export documents from a review set](/microsoft-365/compliance/export-documents-from-review-set?view=o365-21vianet) | modified |
+| 3/11/2022 | [Microsoft Defender for Endpoint for US Government customers](/microsoft-365/security/defender-endpoint/gov?view=o365-21vianet) | modified |
managed-desktop Readiness Assessment Fix https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/get-ready/readiness-assessment-fix.md
Conditional access policies can't prevent Microsoft Managed Desktop from managin
| Result | Meaning | | -- | -- |
-| Not ready | You have at least one conditional access policy that targets all users. <br><br> During enrollment, we'll exclude Microsoft Managed Desktop service accounts from relevant conditional access policies and apply new conditional access policies to restrict access to these accounts. <br><br> After enrollment, you can review the Microsoft Managed Desktop conditional access policy in Microsoft Endpoint Manager. For more about these service accounts, see [Standard operating procedures](../service-description/operations-and-monitoring.md#standard-operating-procedures). |
+| Not ready | You have at least one conditional access policy that targets all users. <br><br> During enrollment, we'll attempt to exclude Microsoft Managed Desktop service accounts from relevant conditional access policies and apply new conditional access policies to restrict access to these accounts. However, if we are unsuccessful, this can cause errors during your enrollment experience. For best practice, create an assignment that targets a specific Azure AD group that doesn't include Microsoft Managed Desktop service accounts. <br><br> After enrollment, you can review the Microsoft Managed Desktop conditional access policy in Microsoft Endpoint Manager. For more about these service accounts, see [Standard operating procedures](../service-description/operations-and-monitoring.md#standard-operating-procedures). |
| Advisory | You have conditional access policies that could prevent Microsoft Managed Desktop from managing the Microsoft Managed Desktop service. <br><br> During enrollment, we'll exclude Microsoft Managed Desktop service accounts from relevant conditional access policies and apply new conditional access policies to restrict access to these accounts. <br><br> For more information about these service accounts, see [Standard operating procedures](../service-description/operations-and-monitoring.md#standard-operating-procedures). | | Error | The Intune Administrator role doesn't have sufficient permissions for this check. You'll also need to have these Azure AD roles assigned to run this check: <ul><li>Security Reader</li><li>Security Administrator</li><li>Conditional Access Administrator</li><li>Global Reader</li><li>Devices Administrator</li></ul> ### Device Compliance policies
managed-desktop Edge Browser App https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/get-started/edge-browser-app.md
The security baseline for Microsoft Edge on Microsoft Managed Desktop devices se
| Setting | Default value | Description | | | |
-| Enable saving passwords to the password manager | Disabled | The password manager is disabled by default. If you'd like this feature enabled, file a support request and our service engineers can enable the setting in your environment. |
+| Enable saving passwords to the password manager | Disabled | The password manager is disabled by default. If you'd like this feature enabled, file a support request and our engineers can enable the setting in your environment. |
### Internet Explorer Mode in Microsoft Edge
security Active Content In Trusted Docs https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/active-content-in-trusted-docs.md
audience: Admin - ms.localizationpriority: medium - M365-security-compliance search.appverid:
Trusted documents are Office documents that open without any security prompts fo
Because of this behavior, users should clearly trust documents only if they trust the document source.
-If an admin blocks active content by using a policy, or if users set a Trust Center setting that blocks active content, the the active content will remain blocked.
+If an admin blocks active content by using a policy, or if users set a Trust Center setting that blocks active content, the active content will remain blocked.
For more information, see the following articles:
There's a big difference in the level of trust in internally created content vs.
If your users don't need specific types of active content, your most secure option is to use policies to turn off user access to that active content, and allow exceptions as needed.
-The following policies are are available:
+The following policies are available:
- **Turn off Trusted Locations**: Exceptions for groups available. - **Turn off Trusted Documents**: Exceptions for groups available.
security Mdb Email Notifications https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-email-notifications.md
ms.technology: mdb
ms.localizationpriority: medium f1.keywords: NOCSH + # Set up email notifications
security Attack Surface Reduction Rules Deployment Implement https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-implement.md
ms.technology: mde -+
+ - m365solution-scenario
+ - M365-security-compliance
Last updated 1/18/2022
security Attack Surface Reduction Rules Deployment Operationalize https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-operationalize.md
ms.technology: mde -+
+ - m365solution-scenario
+ - M365-security-compliance
Last updated 1/18/2022
security Attack Surface Reduction Rules Deployment Plan https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-plan.md
ms.technology: mde -+
+- m365solution-scenario
+- M365-security-compliance
Last updated 1/18/2022
security Attack Surface Reduction Rules Deployment Test https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-test.md
ms.technology: mde -+
+ - m365solution-scenario
+ - M365-security-compliance
Last updated 1/18/2022
security Attack Surface Reduction Rules Deployment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment.md
ms.technology: mde -+
+ - m365solution-scenario
+ - M365-security-compliance
Last updated 1/18/2022
security Attack Surface Reduction https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction.md
- admindeeplinkDEFENDER ms.technology: mde -+
+- m365initiative-m365-defender
+- M365-security-compliance
Last updated 1/18/2022
security Customize Controlled Folders https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/customize-controlled-folders.md
ms.technology: mde -+ Last updated
security Defender Endpoint False Positives Negatives https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/defender-endpoint-false-positives-negatives.md
You can roll back and remove a file from quarantine if you've determined that it
2. Enter the following command, and press **Enter**: ```console
- "ProgramFiles%\Windows Defender\MpCmdRun.exe" -Restore -Name EUS:Win32/CustomEnterpriseBlock -All
+ "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Restore -Name EUS:Win32/CustomEnterpriseBlock -All
``` > [!IMPORTANT]
security Deployment Vdi Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/deployment-vdi-microsoft-defender-antivirus.md
Previously updated : 02/11/2022 Last updated : 03/18/2022 ms.technology: mde
New-Item -ItemType Directory -Force -Path $vdmpath | Out-Null
Invoke-WebRequest -Uri 'https://go.microsoft.com/fwlink/?LinkID=121721&arch=x64' -OutFile $vdmpackage
-cmd /c "cd $vdmpath & c: & mpam-fe.exe /x"
+cmd /c "cd /d $vdmpath & mpam-fe.exe /x"
``` You can set a scheduled task to run once a day so that whenever the package is downloaded and unpacked then the VMs will receive the new update.
security Device Control Removable Storage Access Control https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control.md
ms.technology: mde Previously updated : 03/09/2022 Last updated : 03/18/2022 # Microsoft Defender for Endpoint Device Control Removable Storage Access Control
Microsoft Defender for Endpoint Device Control Removable Storage Access Control
|Capability|Description|Deploy through Intune|Deploy through Group Policy| |||||
-|Removable Media Group Creation|Allows you to create reusable removable media group|Step 1 and step 3 in the section, [Deploying policy via OMA-URI](#deploying-policy-via-oma-uri) | Step 1 in the section, [Deploying policy via Group Policy](#deploying-policy-via-group-policy)|
-|Policy Creation|Allows you to create policy to enforce each removable media group|Steps 2 and 3 in the section, [Deploying policy via OMA-URI](#deploying-policy-via-oma-uri) | Step 2 in the section, [Deploying policy via Group Policy](#deploying-policy-via-group-policy) |
-|Default Enforcement|Allows you to set default access (Deny or Allow) to removable media if there is no policy|Step 4 in the section, [Deploying policy via OMA-URI](#deploying-policy-via-oma-uri) | Step 3 in the section, [Deploying policy via Group Policy](#deploying-policy-via-group-policy) |
-|Enable or Disable Removable Storage Access Control|If you set Disable, it will disable the Removable Storage Access Control policy on this machine| Step 5 in the section, [Deploying policy via OMA-URI](#deploying-policy-via-oma-uri) | Step 4 in the section, [Deploying policy via Group Policy](#deploying-policy-via-group-policy) |
-|Capture file information|Allows you to create policy to capture file information when Write access happens| Step 2 and 6 in the section, [Deploying policy via OMA-URI](#deploying-policy-via-oma-uri) | Step 2 and 5 in the section, [Deploying policy via Group Policy](#deploying-policy-via-group-policy) |
+|Removable Media Group Creation|Allows you to create reusable removable media group|Step 1 in the section, [Deploying policy via OMA-URI](#deploying-policy-via-oma-uri) | Step 1 in the section, [Deploying policy via Group Policy](#deploying-policy-via-group-policy)|
+|Policy Creation|Allows you to create policy to enforce each removable media group|Step 2 in the section, [Deploying policy via OMA-URI](#deploying-policy-via-oma-uri) | Steps 2 and 3 in the section, [Deploying policy via Group Policy](#deploying-policy-via-group-policy) |
+|Default Enforcement|Allows you to set default access (Deny or Allow) to removable media if there is no policy|Step 3 in the section, [Deploying policy via OMA-URI](#deploying-policy-via-oma-uri) | Step 4 in the section, [Deploying policy via Group Policy](#deploying-policy-via-group-policy) |
+|Enable or Disable Removable Storage Access Control|If you set Disable, it will disable the Removable Storage Access Control policy on this machine| Step 4 in the section, [Deploying policy via OMA-URI](#deploying-policy-via-oma-uri) | Step 5 in the section, [Deploying policy via Group Policy](#deploying-policy-via-group-policy) |
+|Capture file information|Allows you to create policy to capture file information when Write access happens| Steps 2 and 5 in the section, [Deploying policy via OMA-URI](#deploying-policy-via-oma-uri) | Step 2 and 6 in the section, [Deploying policy via Group Policy](#deploying-policy-via-group-policy) |
## Prepare your endpoints
You can use the following properties to create a removable storage group:
|Property Name|Description|Options| ||||
-|**GroupId**|GUID, a unique ID, represents the group and will be used in the policy.||
+|**Group Id**|GUID, a unique ID, represents the group and will be used in the policy as GroupId||
|**DescriptorIdList**|List the device properties you want to use to cover in the group. For each device property, see [Device Properties](device-control-removable-storage-protection.md) for more detail. All properties are case sensitive. |**PrimaryId**: `RemovableMediaDevices`, `CdRomDevices`, `WpdDevices`<p>**BusId**: For example, USB, SCSI<p>**DeviceId**<p>**HardwareId**<p>**InstancePathId**: InstancePathId is a string that uniquely identifies the device in the system, for example, `USBSTOR\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07\8735B611&0`. The number at the end (for example &0) represents the available slot and may change from device to device. For best results, use a wildcard at the end. For example, `USBSTOR\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07\8735B611*`.<p>**FriendlyNameId**<p>**SerialNumberId**<p>**VID**<p>**PID**<p>**VID_PID**<p>`0751_55E0`: match this exact VID/PID pair<p>`_55E0`: match any media with PID=55E0 <p>`0751_`: match any media with VID=0751| |**MatchType**|When there are multiple device properties being used in the `DescriptorIDList`, MatchType defines the relationship.|**MatchAll**: Any attributes under the `DescriptorIdList` will be **And** relationship; for example, if administrator puts `DeviceID` and `InstancePathID`, for every connected USB, system will check to see whether the USB meets both values. <p> **MatchAny**: The attributes under the DescriptorIdList will be **Or** relationship; for example, if administrator puts `DeviceID` and `InstancePathID`, for every connected USB, system will do the enforcement as long as the USB has either an identical **DeviceID** or **InstanceID** value. |
You can use the following properties to create a removable storage group:
| Property Name | Description | Options | ||||
-| **PolicyRuleId** | GUID, a unique ID, represents the policy and will be used in the reporting and troubleshooting. | |
+| **PolicyRule Id** | GUID, a unique ID, represents the policy and will be used in the reporting and troubleshooting. | |
| **IncludedIdList** | The group(s) that the policy will be applied to. If multiple groups are added, the policy will be applied to any media in all those groups.|The Group ID/GUID must be used at this instance. <p> The following example shows the usage of GroupID: <p> `<IncludedIdList> <GroupId> {EAA4CCE5-F6C9-4760-8BAD-FDCC76A2ACA1}</GroupId> </IncludedIdList>` | | **ExcludedIDList** | The group(s) that the policy will not be applied to. | The Group ID/GUID must be used at this instance. | | **Entry Id** | One PolicyRule can have multiple entries; each entry with a unique GUID tells Device Control one restriction.| |
Microsoft Endpoint Manager admin center (<https://endpoint.microsoft.com/>) \> *
## Deploying and managing policy by using Intune user interface
-This capability is available in the Microsoft Endpoint Manager admin center (<https://endpoint.microsoft.com/>). Go to **Endpoint Security** > **Attack Surface Reduction** > **Create Policy**. Choose **Platform: Windows 10 and later** with **Profile: Device Control**.
+(*Coming soon!*) This capability will be available in the Microsoft Endpoint Manager admin center (<https://endpoint.microsoft.com/>). Go to **Endpoint Security** > **Attack Surface Reduction** > **Create Policy**. Choose **Platform: Windows 10 and later** with **Profile: Device Control**.
## View Device Control Removable Storage Access Control data in Microsoft Defender for Endpoint
DeviceEvents
## Frequently asked questions +
+### How to generate GUID for Group Id/PolicyRule Id/Entry Id?
+
+You can generate GUID through online open source, or through PowerShell - [How to generate GUID through PowerShell](/powershell/module/microsoft.powershell.utility/new-guid?msclkid=c1398a25a6d911ec9c888875fa1f24f5&view=powershell-7.2)
+
+![image](https://user-images.githubusercontent.com/81826151/159046476-26ea0a21-8087-4f01-b8ae-5aa73b392d8f.png)
+
### What is the removable storage media limitation for the maximum number of USBs? We've validated one USB group with 100,000 media - up to 7 MB in size. The policy works in both Intune and GPO without performance issues. ### Why does the policy not work?
-The most common reason is there's no required [antimalware client version](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control#prepare-your-endpoints).
+1. The most common reason is there's no required [antimalware client version](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control#prepare-your-endpoints).
-Another reason could be that the XML file isn't correctly formatted, for example, not using the correct markdown formatting for the "&" character in the XML file, or the text editor might add a byte order mark (BOM) 0xEF 0xBB 0xBF at the beginning of the files, which causes the XML parsing not to work. One simple solution is to download the [sample file](https://github.com/microsoft/mdatp-devicecontrol/tree/main/Removable%20Storage%20Access%20Control%20Samples) (select **Raw** and then **Save as**) and then update.
+2. Another reason could be that the XML file isn't correctly formatted, for example, not using the correct markdown formatting for the "&" character in the XML file, or the text editor might add a byte order mark (BOM) 0xEF 0xBB 0xBF at the beginning of the files, which causes the XML parsing not to work. One simple solution is to download the [sample file](https://github.com/microsoft/mdatp-devicecontrol/tree/main/Removable%20Storage%20Access%20Control%20Samples) (select **Raw** and then **Save as**) and then update.
-If you are deploying and managing the policy via Group Policy, please make sure combine all PolicyRule into one XML file within a parent node called PolicyRules and all Group into one XML file within a parent node called Groups; if you manage through Intune, keep one PolicyRule one XML file, same thing, one Group one XML file.
+3. If you are deploying and managing the policy via Group Policy, please make sure combine all PolicyRule into one XML file within a parent node called PolicyRules and all Group into one XML file within a parent node called Groups; if you manage through Intune, keep one PolicyRule one XML file, same thing, one Group one XML file.
+
+If still not working, you may want to contact us and share support cab by running cmd with administrator: ΓÇ£%programfiles%\Windows Defender\MpCmdRun.exe" -GetFiles
### There is no configuration UX for 'Define device control policy groups' and 'Define device control policy rules' on my Group Policy
security Edr In Block Mode https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/edr-in-block-mode.md
- next-gen - edr - admindeeplinkDEFENDER Previously updated : 03/16/2022 Last updated : 03/18/2022 ms.technology: mde
The following image shows an instance of unwanted software that was detected and
## Enable EDR in block mode > [!IMPORTANT]
-> Starting with platform version 4.18.2202.X, you can now set EDR in block mode to target specific device groups using Intune CSPs. You can continue to set EDR in block mode tenant-wide in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft 365 Defender portal</a>. Please note that EDR in block mode is primarily recommended for devices running MDAV in passive mode (a 3rd party AV is active).
+> Starting with platform version 4.18.2202.X, you can now set EDR in block mode to target specific device groups using Intune CSPs. You can continue to set EDR in block mode tenant-wide in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft 365 Defender portal</a>. EDR in block mode is primarily recommended for devices that are running Microsoft Defender Antivirus in passive mode (a non-Microsoft antivirus solution is installed and active on the device).
> [!TIP] > Make sure the [requirements](#requirements-for-edr-in-block-mode) are met before turning on EDR in block mode.
The following table lists requirements for EDR in block mode:
|Requirement|Details| ||| |Permissions|You must have either the Global Administrator or Security Administrator role assigned in [Azure Active Directory](/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal). For more information, see [Basic permissions](basic-permissions.md).|
-|Operating system|Devices must be running one of the following versions of Windows: <br/>- Windows 10 (all releases)<br/>- Windows Server, version 1803 or newer<br/>- Windows Server 2019<br/>- Windows Server 2022<br/>- Windows Server 2016 (only when Microsoft Defender Antivirus is in active mode)|
-|Microsoft Defender for Endpoint|Devices must be onboarded to Defender for Endpoint. See [Minimum requirements for Microsoft Defender for Endpoint](minimum-requirements.md).|
+|Operating system|Devices must be running one of the following versions of Windows: <br/>- Windows 11 <br/>- Windows 10 (all releases)<br/>- Windows Server 2022 <br/>- Windows Server 2019<br/>- Windows Server, version 1803 or newer<br/>- Windows Server 2016 and Windows Server 2012 R2 (with the [new unified client solution](configure-server-endpoints.md#new-windows-server-2012-r2-and-2016-functionality-in-the-modern-unified-solution-preview))<sup>[[1](#fn1)]</sup> |
+|Microsoft Defender for Endpoint|Devices must be onboarded to Defender for Endpoint. See the following articles: <br/>- [Minimum requirements for Microsoft Defender for Endpoint](minimum-requirements.md)<br/>- [Onboard devices and configure Microsoft Defender for Endpoint capabilities](onboard-configure.md)<br/>- [Onboard Windows servers to the Defender for Endpoint service](configure-server-endpoints.md)<br/>- [New Windows Server 2012 R2 and 2016 functionality in the modern unified solution (Preview)](configure-server-endpoints.md#new-windows-server-2012-r2-and-2016-functionality-in-the-modern-unified-solution-preview) |
|Microsoft Defender Antivirus|Devices must have Microsoft Defender Antivirus installed and running in either active mode or passive mode. [Confirm Microsoft Defender Antivirus is in active or passive mode](#how-do-i-confirm-microsoft-defender-antivirus-is-in-active-or-passive-mode).| |Cloud-delivered protection|Microsoft Defender Antivirus must be configured such that [cloud-delivered protection is enabled](enable-cloud-protection-microsoft-defender-antivirus.md).| |Microsoft Defender Antivirus platform|Devices must be up to date. To confirm, using PowerShell, run the [Get-MpComputerStatus](/powershell/module/defender/get-mpcomputerstatus) cmdlet as an administrator. In the **AMProductVersion** line, you should see **4.18.2001.10** or above. <p> To learn more, see [Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md).| |Microsoft Defender Antivirus engine|Devices must be up to date. To confirm, using PowerShell, run the [Get-MpComputerStatus](/powershell/module/defender/get-mpcomputerstatus) cmdlet as an administrator. In the **AMEngineVersion** line, you should see **1.1.16700.2** or above. <p> To learn more, see [Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md).|
+(<a id="fn1">1</a>) See [Is EDR in block mode supported on Windows Server 2016 and Windows Server 2012 R2?](#is-edr-in-block-mode-supported-on-windows-server-2016-and-windows-server-2012-r2)
+ > [!IMPORTANT] > To get the best protection value, make sure your antivirus solution is configured to receive regular updates and essential features, and that your [exclusions are configured](configure-exclusions-microsoft-defender-antivirus.md). EDR in block mode respects exclusions that are defined for Microsoft Defender Antivirus, but not [indicators](manage-indicators.md) that are defined for Microsoft Defender for Endpoint.
You can use PowerShell to confirm that EDR in block mode is turned on with Micro
> [!TIP] > If Microsoft Defender Antivirus is in active mode, you will see `Normal` instead of `EDR Block Mode`. To learn more, see [Get-MpComputerStatus](/powershell/module/defender/get-mpcomputerstatus).
-### Is EDR in block mode supported on Windows Server 2016?
+### Is EDR in block mode supported on Windows Server 2016 and Windows Server 2012 R2?
If Microsoft Defender Antivirus is running in active mode or passive mode, EDR in block mode is supported of the following versions of Windows:
+- Windows 11
- Windows 10 (all releases) - Windows Server, version 1803 or newer - Windows Server 2022 - Windows Server 2019 -- Windows Server 2016-- Windows Server 2012 R2-- Windows 11
+- Windows Server 2016 and Windows Server 2012 R2 (with the [new unified client solution](configure-server-endpoints.md#new-windows-server-2012-r2-and-2016-functionality-in-the-modern-unified-solution-preview))
->[!NOTE]
->Windows Server 2016 and Windows Server 2012 R2 will need to be onboarded using the instructions in [Onboard Windows servers](configure-server-endpoints.md) for this feature to work.
+With the [new unified client solution](configure-server-endpoints.md#new-windows-server-2012-r2-and-2016-functionality-in-the-modern-unified-solution-preview) for Windows Server 2016 and Windows Server 2012 R2, you can run EDR in block mode in either passive mode or active mode.
+
+> [!NOTE]
+> Windows Server 2016 and Windows Server 2012 R2 must be onboarded using the instructions in [Onboard Windows servers](configure-server-endpoints.md) for this feature to work.
### How much time does it take for EDR in block mode to be disabled?
security Enable Attack Surface Reduction https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction.md
ms.technology: mde -+
+- m365solution-scenario
+- M365-security-compliance
Last updated 1/18/2022
security Evaluate Network Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/evaluate-network-protection.md
ms.technology: mde-+
+- m365solution-scenario
+- M365-security-compliance
Last updated
security Exploit Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/exploit-protection.md
ms.technology: mde -+
+- m365initiative-m365-defender
+- M365-security-compliance
Last updated 10/19/2021
security Gov https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/gov.md
Windows 7 SP1 Enterprise (Legacy) <sup>3</sup>|![Yes.](images/svg/check-yes.svg)
Windows 7 SP1 Pro (Legacy) <sup>3</sup>|![Yes.](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg) Linux|![Yes.](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg) macOS|![Yes.](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)
-Android|![No.](images/svg/check-no.svg) In development|![No](images/svg/check-no.svg) In development|![No](images/svg/check-no.svg) In development
-iOS|![No.](images/svg/check-no.svg) In development|![No](images/svg/check-no.svg) In development|![No](images/svg/check-no.svg) In development
+Android|![Yes.](images/svg/check-yes.svg) <br /> Public preview|![Yes](images/svg/check-yes.svg) <br /> Public preview|![Yes](images/svg/check-yes.svg) <br /> Public preview
+iOS|![Yes.](images/svg/check-yes.svg) <br /> Public preview|![Yes](images/svg/check-yes.svg) <br /> Public preview|![Yes](images/svg/check-yes.svg) <br /> Public preview
| > [!NOTE]
These are the known gaps:
|Network discovery|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)| |Reports: Device Control, Device health, Firewall|![No](images/svg/check-no.svg) In development|![No](images/svg/check-no.svg) In development|![No](images/svg/check-no.svg) In development| |Web content filtering|![No](images/svg/check-no.svg) In development|![No](images/svg/check-no.svg) In development|![No](images/svg/check-no.svg) In development|
+
+
+These are the features and known gaps for [Mobile Threat Defense (Microsoft Defender for Endpoint on Android & iOS)](mtd.md):
+
+<br />
+
+****
+
+|Feature name|GCC|GCC High|DoD|
+||::|::|::|
+|Web Protection (Anti-Phishing and custom indicators)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|
+|Malware Protection (Android-Only)|![No](images/svg/check-no.svg) In development|![No](images/svg/check-no.svg) In development|![No](images/svg/check-no.svg) In development|
+|Jailbreak Detection (iOS-Only)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|
+|Conditional Access/Conditional Launch|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|
+|Support for MAM|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|
+|Privacy Controls|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|
+|Threat and Vulnerability Management (TVM)|![No](images/svg/check-no.svg) In development|![No](images/svg/check-no.svg) In development|![No](images/svg/check-no.svg) In development|
+|Web content filtering|![No](images/svg/check-no.svg) In development|![No](images/svg/check-no.svg) In development|![No](images/svg/check-no.svg) In development|
+
+
security Import Export Exploit Protection Emet Xml https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/import-export-exploit-protection-emet-xml.md
ms.technology: mde-+ Last updated
security Ios Configure Features https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/ios-configure-features.md
Defender for Endpoint on iOS enables admins to configure custom indicators on iO
> [!NOTE] > Defender for Endpoint on iOS supports creating custom indicators only for IP addresses and URLs/domains.
+## Configure option to send in-app feedback
+
+Customers now have the option to configure the ability to send feedback data to Microsoft within the Defender for Endpoint app. Feedback data helps Microsoft improve products and troubleshoot issues.
+
+> [!NOTE]
+> For US Government cloud customers, feedback data collection is **disabled** by default.
+
+Use the following steps to configure the option to send feedback data to Microsoft:
+
+1. In [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and go to **Apps** > **App configuration policies** > **Add** > **Managed devices**.
+1. Give the policy a name, **Platform > iOS/iPadOS**, select the profile type.
+1. Select **Microsoft Defender for Endpoint** as the target app.
+1. In Settings page, select **Use configuration designer** and add **DefenderSendFeedback** as the key and value type as **Boolean**
+ - To remove the ability of end-users to provide feedback, set the value as `false` and assign this policy to users. By default, this value is set to `true`. For US Government customers, the default value is set to 'false'.
+ - For users with key set as `true`, there will be an option to send Feedback data to Microsoft within the app (Menu > Help & Feedback > Send Feedback to Microsoft)
+1. Click **Next** and assign this profile to targeted devices/users.
++ ## Report unsafe site Phishing websites impersonate trustworthy websites for the purpose of obtaining your personal or financial information. Visit the [Provide feedback about network protection](https://www.microsoft.com/wdsi/filesubmission/exploitguard/networkprotection) page if you want to report a website that could be a phishing site.
security Microsoft Defender Endpoint Linux https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-linux.md
This topic describes how to install, configure, update, and use Microsoft Defend
## How to install Microsoft Defender for Endpoint on Linux
+Microsoft Defender for Endpoint for Linux includes antimalware and endpoint detection and response (EDR) capabilities.
++ ### Prerequisites - Access to the Microsoft 365 Defender portal
security Network Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/network-protection.md
ms.technology: mde -+
+- m365initiative-m365-defender
+- M365-security-compliance
Last updated
security Overview Attack Surface Reduction https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction.md
audience: ITPro
ms.technology: mde-+
+- m365initiative-m365-defender
+- M365-security-compliance
Last updated 1/18/2022
security Switch To Mde Troubleshooting https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/switch-to-mde-troubleshooting.md
audience: ITPro - m365solution-scenario
+- M365-security-compliance
Last updated 01/11/2022
security Directory Service Accounts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-identity/directory-service-accounts.md
+ # Microsoft Defender for Identity Directory Services account in Microsoft 365 Defender
security Entity Tags https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-identity/entity-tags.md
+ # Defender for Identity entity tags in Microsoft 365 Defender
security Exclusions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-identity/exclusions.md
+ # Configure Defender for Identity detection exclusions in Microsoft 365 Defender
security Manage Security Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-identity/manage-security-alerts.md
+ # Defender for Identity security alerts in Microsoft 365 Defender
security Notifications https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-identity/notifications.md
+ # Defender for Identity notifications in Microsoft 365 Defender
security Sensor Health https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-identity/sensor-health.md
+ # Microsoft Defender for Identity sensor health and settings in Microsoft 365 Defender
security Vpn Integration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-identity/vpn-integration.md
+ # Defender for Identity VPN integration in Microsoft 365 Defender
security Configure Microsoft Threat Experts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/configure-microsoft-threat-experts.md
ms.localizationpriority: medium
audience: ITPro +
+- M365-security-compliance
+- m365initiative-m365-defender
# Configure and manage Microsoft Threat Experts capabilities through Microsoft 365 Defender
security Microsoft Threat Experts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/microsoft-threat-experts.md
ms.localizationpriority: medium
audience: ITPro +
+- M365-security-compliance
+- m365initiative-m365-defender
# Microsoft Threat Experts in Microsoft 365 overview
security Coinminer Malware https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/coinminer-malware.md
+
+ Title: Coin miners
+
+description: Learn about coin miners, how they can infect devices, and what you can do to protect yourself.
+keywords: security, malware, coin miners, protection, cryptocurrencies
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+++
+audience: ITPro
++
+search.appverid: met150
+ms.technology: m365d
+
+# Coin miners
+
+Cybercriminals are always looking for new ways to make money. With the rise of digital currencies, also known as cryptocurrencies, criminals see a unique opportunity to infiltrate an organization and secretly mine for coins by reconfiguring malware.
+
+## How coin miners work
+
+Many infections start with:
+
+- Email messages with attachments that try to install malware.
+
+- Websites hosting exploit kits that attempt to use vulnerabilities in web browsers and other software to install coin miners.
+
+- Websites taking advantage of computer processing power by running scripts while users browse the website.
+
+Mining is the process of running complex mathematical calculations necessary to maintain the blockchain ledger. This process generates coins but requires significant computing resources.
+
+Coin miners aren't inherently malicious. Some individuals and organizations invest in hardware and electric power for legitimate coin mining operations. However, others look for alternative sources of computing power and try to find their way into corporate networks. These coin miners aren't wanted in enterprise environments because they eat up precious computing resources.
+
+Cybercriminals see an opportunity to make money by running malware campaigns that distribute, install, and run trojanized miners at the expense of other peopleΓÇÖs computing resources.
+
+### Examples
+
+DDE exploits, which have been known to distribute ransomware, are now delivering miners.
+
+For example, a sample of the malware detected as Trojan:Win32/Coinminer (SHA-256: 7213cbbb1a634d780f9bb861418eb262f58954e6e5dca09ca50c1e1324451293) is installed by Exploit:O97M/DDEDownloader.PA, a Word document that contains the DDE exploit.
+
+The exploit launches a cmdlet that executes a malicious PowerShell script (Trojan:PowerShell/Maponeir.A). It downloads the trojanized miner, a modified version of the miner XMRig, which then mines Monero cryptocurrency.
+
+## How to protect against coin miners
+
+**Enable potentially unwanted applications (PUA) detection**. Some coin mining tools aren't considered malware but are detected as PUA. Many applications detected as PUA can negatively impact machine performance and employee productivity. In enterprise environments, you can stop adware, torrent downloaders, and coin mining by enabling PUA detection.
+
+Since coin miners are becoming a popular payload in many different kinds of attacks, see general tips on how to [prevent malware infection](prevent-malware-infection.md).
+
+For more information on coin miners, see the blog post [Invisible resource thieves: The increasing threat of cryptocurrency miners](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/13/invisible-resource-thieves-the-increasing-threat-of-cryptocurrency-miners/).
security Coordinated Malware Eradication https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/coordinated-malware-eradication.md
+
+ Title: Coordinated Malware Eradication
+
+description: The Coordinated Malware Eradication program aims to unite security organizations to disrupt the malware ecosystem.
+keywords: security, malware, malware eradication, Microsoft Malware Protection Center, MMPC
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+++
+audience: ITPro
++
+ms.technology: m365d
+
+# Coordinated Malware Eradication
+
+![coordinated-malware-eradication.](../../media/security-intelligence-images/coordinated-malware.png)
+
+Coordinated Malware Eradication (CME) aims to bring organizations in cybersecurity and in other industries together to change the game against malware. While the cybersecurity industry today is effective at disrupting malware families through individual efforts, those disruptions rarely lead to eradication since malware authors quickly adapt their tactics to survive.
+
+CME calls for organizations to pool their tools, information, and actions to drive coordinated campaigns against malware. The goal is to drive efficient and long-lasting results to better protect our communities, customers, and businesses.
+
+## Combining our tools, information, and actions
+
+Diversity of participation across industries and disciplines, extending beyond cybersecurity, makes eradication campaigns even stronger across the malware lifecycle. Security vendors, computer emergency response/readiness teams (CERTs), and Internet service providers (ISPs) can contribute with malware telemetry. Online businesses can identify fraudulent behavior and law enforcement agencies can drive legal action.
+
+Microsoft is planning to contribute telemetry and analysis data to these campaigns. It will also provide cloud-based scalable storage and computing horsepower with the necessary big data analysis tools built-in.
+
+## Coordinated campaigns for lasting results
+
+Organizations participating in the CME effort work together to help eradicate selected malware families by contributing their own telemetry data, expertise, tools, and other resources. These organizations operate under a campaign umbrella with clearly defined end goals and metrics. Any organization or member can start a campaign and invite others to join it. The members can then accept or decline the invitations they receive.
+
+## Join the effort
+
+Any organization that is involved in cybersecurity and antimalware or interested in fighting cybercrime can participate in CME campaigns by enrolling in the [Virus Information Alliance (VIA) program](virus-information-alliance-criteria.md). Everyone agrees to use the available information and tools for their intended purpose (that is, the eradication of malware).
+
+If your organization meets these criteria and is interested in joining, [apply for membership now](https://www.microsoft.com/wdsi/alliances/apply-alliance-membership). For any questions, [contact us for more information](https://www.microsoft.com/wdsi/alliances/collaboration-inquiry).
security Criteria https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/criteria.md
+
+ Title: How Microsoft identifies malware and potentially unwanted applications
+
+description: Learn how Microsoft reviews software for privacy violations and other negative behavior, to determine if it's malware or a potentially unwanted application.
+keywords: security, malware, virus research threats, research malware, device protection, computer infection, virus infection, descriptions, remediation, latest threats, MMdevice, Microsoft Malware Protection Center, PUA, potentially unwanted applications
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+++
+audience: ITPro
++ Last updated : 12/13/2021
+search.appverid: met150
+ms.technology: m365d
++
+# How Microsoft identifies malware and potentially unwanted applications
+
+Microsoft aims to provide a delightful and productive Windows experience by working to ensure you're safe and in control of your devices. Microsoft helps protect you from potential threats by identifying and analyzing software and online content. When you download, install, and run software, we check the reputation of downloaded programs and ensure you're protected against known threats. You are also warned about software that is unknown to us.
+
+You can assist Microsoft by [submitting unknown or suspicious software for analysis](https://www.microsoft.com/wdsi/filesubmission/). This will help ensure that unknown or suspicious software is scanned by our system to start establishing reputation. [Learn more about submitting files for analysis](submission-guide.md)
+
+The next sections provide an overview of the classifications we use for applications and the types of behaviors that lead to that classification.
+
+>[!NOTE]
+> New forms of malware and potentially unwanted applications are being developed and distributed rapidly. The following list may not be comprehensive, and Microsoft reserves the right to adjust, expand, and update these without prior notice or announcement.
+
+## Unknown ΓÇô Unrecognized software
+
+No antivirus or protection technology is perfect. It takes time to identify and block malicious sites and applications, or trust newly released programs and certificates.ΓÇ» With almost 2 billion websites on the internet and software continuously updated and released, it's impossible to have information about every single site and program.
+
+Think of Unknown/Uncommonly downloaded warnings as an early warning system for potentially undetected malware. There's generally a delay from the time new malware is released until it's identified. Not all uncommon programs are malicious, but the risk in the unknown category is much higher for the typical user. Warnings for unknown software aren't blocks. Users can choose to download and run the application normally if they wish to.
+
+Once enough data is gathered, Microsoft's security solutions can make a determination. Either no threats are found, or an application or software is categorized as malware or potentially unwanted software.
+
+## Malware
+
+Malware is the overarching name for applications and other code, like software, that Microsoft classifies more granularly as *malicious software* or *unwanted software*.
+
+### Malicious software
+
+Malicious software is an application or code that compromises user security. Malicious software may steal your personal information, lock your device until you pay a ransom, use your device to send spam, or download other malicious software. In general, malicious software wants to trick, cheat, or defrauds users, placing them in vulnerable states.
+
+Microsoft classifies most malicious software into one of the following categories:
+
+* **Backdoor:** A type of malware that gives malicious hackers remote access to and control of your device.
+
+* **Command and Control:** A type of malware that infects your device and establishes communication with the hackersΓÇÖ command-and-control server to receive instructions. Once communication is established, hackers can send commands that can steal data, shut down and reboot the device, and disrupt web services.
+
+* **Downloader:** A type of malware that downloads other malware onto your device. It must connect to the internet to download files.
+
+* **Dropper:** A type of malware that installs other malware files onto your device. Unlike a downloader, a dropper doesn't have to connect to the internet to drop malicious files. The dropped files are typically embedded in the dropper itself.
+
+* **Exploit:** A piece of code that uses software vulnerabilities to gain access to your device and perform other tasks, such as installing malware. [See more information about exploits](exploits-malware.md).
+
+* **Hacktool:** A type of tool that can be used to gain unauthorized access to your device.
+
+* **Macro virus:** A type of malware that spreads through infected documents, such as Microsoft Word or Excel documents. The virus is run when you open an infected document.
+
+* **Obfuscator:** A type of malware that hides its code and purpose, making it more difficult for security software to detect or remove.
+
+* **Password stealer:** A type of malware that gathers your personal information, such as usernames and passwords. It often works along with a keylogger, which collects and sends information about the keys you press and websites you visit.
+
+* **Ransomware:** A type of malware that encrypts your files or makes other modifications that can prevent you from using your device. It then displays a ransom note that states you must pay money or perform other actions before you can use your device again. [See more information about ransomware](/security/compass/human-operated-ransomware).
+
+* **Rogue security software:** Malware that pretends to be security software but doesn't provide any protection. This type of malware usually displays alerts about nonexistent threats on your device. It also tries to convince you to pay for its services.
+
+* **Trojan:** A type of malware that attempts to appear harmless. Unlike a virus or a worm, a trojan doesn't spread by itself. Instead, it tries to look legitimate to tricks users into downloading and installing it. Once installed, trojans perform various malicious activities such as stealing personal information, downloading other malware, or giving attackers access to your device.
+
+* **Trojan clicker:** A type of trojan that automatically clicks buttons or similar controls on websites or applications. Attackers can use this trojan to click on online advertisements. These clicks can skew online polls or other tracking systems and can even install applications on your device.
+
+* **Worm:** A type of malware that spreads to other devices. Worms can spread through email, instant messaging, file sharing platforms, social networks, network shares, and removable drives. Sophisticated worms take advantage of software vulnerabilities to propagate.
+
+### Unwanted software
+
+Microsoft believes that you should have control over your Windows experience. Software running on Windows should keep you in control of your device through informed choices and accessible controls. Microsoft identifies software behaviors that ensure you stay in control. We classify software that doesn't fully demonstrate these behaviors as "unwanted software".
+
+#### Lack of choice
+
+You must be notified about what is happening on your device, including what software does and whether it's active.
+
+Software that exhibits lack of choice might:
+
+* Fail to provide prominent notice about the behavior of the software and its purpose and intent.
+
+* Fail to clearly indicate when the software is active. It might also attempt to hide or disguise its presence.
+
+* Install, reinstall, or remove software without your permission, interaction, or consent.
+
+* Install other software without a clear indication of its relationship to the primary software.
+
+* Circumvent user consent dialogs from the browser or operating system.
+
+* Falsely claim to be software from Microsoft.
+
+Software must not mislead or coerce you into making decisions about your device. It is considered behavior that limits your choices. In addition to the previous list, software that exhibits lack of choice might:
+
+* Display exaggerated claims about your device's health.
+
+* Make misleading or inaccurate claims about files, registry entries, or other items on your device.
+
+* Display claims in an alarming manner about your device's health and require payment or certain actions in exchange for fixing the purported issues.
+
+Software that stores or transmits your activities or data must:
+
+* Give you notice and get consent to do so. Software shouldn't include an option that configures it to hide activities associated with storing or transmitting your data.
+
+#### Lack of control
+
+You must be able to control software on your device. You must be able to start, stop, or otherwise revoke authorization to software.
+
+Software that exhibits lack of control might:
+
+* Prevent or limit you from viewing or modifying browser features or settings.
+
+* Open browser windows without authorization.
+
+* Redirect web traffic without giving notice and getting consent.
+
+* Modify or manipulate webpage content without your consent.
+
+Software that changes your browsing experience must only use the browser's supported extensibility model for installation, execution, disabling, or removal. Browsers that don't provide supported extensibility models are considered non-extensible and shouldn't be modified.
+
+#### Installation and removal
+
+You must be able to start, stop, or otherwise revoke authorization given to software. Software should obtain your consent before installing, and it must provide a clear and straightforward way for you to install, uninstall, or disable it.
+
+Software that delivers *poor installation experience* might bundle or download other "unwanted software" as classified by Microsoft.
+
+Software that delivers *poor removal experience* might:
+
+* Present confusing or misleading prompts or pop-ups when you try to uninstall it.
+
+* Fail to use standard install/uninstall features, such as Add/Remove Programs.
+
+#### Advertising and advertisements
+
+Software that promotes a product or service outside of the software itself can interfere with your computing experience. You should have clear choice and control when installing software that presents advertisements.
+
+The advertisements that are presented by software must:
+
+* Include an obvious way for users to close the advertisement. The act of closing the advertisement must not open another advertisement.
+
+* Include the name of the software that presented the advertisement.
+
+The software that presents these advertisements must:
+
+* Provide a standard uninstall method for the software using the same name as shown in the advertisement it presents.
+
+Advertisements shown to you must:
+
+* Be distinguishable from website content.
+
+* Not mislead, deceive, or confuse.
+
+* Not contain malicious code.
+
+* Not invoke a file download.
+
+#### Consumer opinion
+
+Microsoft maintains a worldwide network of analysts and intelligence systems where you can [submit software for analysis](https://www.microsoft.com/wdsi/filesubmission). Your participation helps Microsoft identify new malware quickly. After analysis, Microsoft creates Security intelligence for software that meets the described criteria. This Security intelligence identifies the software as malware and are available to all users through Microsoft Defender Antivirus and other Microsoft antimalware solutions.
+
+## Potentially unwanted application (PUA)
+
+Our PUA protection aims to safeguard user productivity and ensure enjoyable Windows experiences. This protection helps deliver more productive, performant, and delightful Windows experiences. For instruction on how to enable PUA protection in Chromium-based Microsoft Edge and Microsoft Defender Antivirus, see [Detect and block potentially unwanted applications](/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus).
+
+*PUAs are not considered malware.*
+
+Microsoft uses specific categories and the category definitions to classify software as a PUA.
+
+* **Advertising software:** Software that displays advertisements or promotions, or prompts you to complete surveys for other products or services in software other than itself. This includes software that inserts advertisements to webpages.
+
+* **Torrent software (Enterprise only):** Software that is used to create or download torrents or other files specifically used with peer-to-peer file-sharing technologies.
+
+* **Cryptomining software (Enterprise only):** Software that uses your device resources to mine cryptocurrencies.
+
+* **Bundling software:** Software that offers to install other software that is not developed by the same entity or not required for the software to run. Also, software that offers to install other software that qualifies as PUA based on the criteria outlined in this document.
+
+* **Marketing software:** Software that monitors and transmits the activities of users to applications or services other than itself for marketing research.
+
+* **Evasion software:** Software that actively tries to evade detection by security products, including software that behaves differently in the presence of security products.
+
+* **Poor industry reputation:** Software that trusted security providers detect with their security products. The security industry is dedicated to protecting customers and improving their experiences. Microsoft and other organizations in the security industry continuously exchange knowledge about files we have analyzed to provide users with the best possible protection.
+
security Cybersecurity Industry Partners https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/cybersecurity-industry-partners.md
+
+ Title: Industry collaboration programs
+
+description: There are various collaborative programs regarding Microsoft industry-wide anti-malware - Virus Information Alliance (VIA), Microsoft Virus Initiative (MVI), and Coordinated Malware Eradication (CME)
+keywords: security, malware, antivirus industry, anti-malware Industry, collaboration programs, alliances, Virus Information Alliance, Microsoft Virus Initiative, Coordinated Malware Eradication, WDSI, MMPC, Microsoft Malware Protection Center, partnerships
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+++
+audience: ITPro
++
+ms.technology: m365d
+
+# Industry collaboration programs
+
+There are various industry-wide collaboration programs with different objectives and requirements, provided by Microsoft. Enrolling in the right program can help you protect your customers, gain more insight into the current threat landscape, or help disrupting the malware ecosystem.
+
+## Virus Information Alliance (VIA)
+
+The VIA program gives members access to information that will help improve protection for Microsoft customers. Malware telemetry and samples can be provided to security teams to help identify gaps in their protection, prioritize new threat coverage, or better respond to threats.
+
+**You must be a member of VIA if you want to apply for membership to the other programs.**
+
+Go to the [VIA program page](virus-information-alliance-criteria.md) for more information.
+
+## Microsoft Virus Initiative (MVI)
+
+MVI is open to organizations who build and own a Real Time Protection (RTP) anti-malware product of their own design, or one developed using a third-party Antivirus SDK.
+
+Members get access to Microsoft client APIs for the Microsoft Defender Security Center, IOAV, AMSI, and Cloud Files, along with health data and other telemetry to help their customers stay protected. Anti-malware products are submitted to Microsoft for performance testing regularly.
+
+Go to the [MVI program page](virus-initiative-criteria.md) for more information.
+
+## Coordinated Malware Eradication (CME)
+
+CME is open to organizations who are involved in cybersecurity and anti-malware or interested in fighting cybercrime.
+
+The program aims to bring organizations in cybersecurity and other industries together to pool tools, information, and actions to drive coordinated campaigns against malware. The ultimate goal is to create efficient and long-lasting results for better protection of our communities, customers, and businesses.
+
+Go to the [CME program page](coordinated-malware-eradication.md) for more information.
security Developer Resources https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/developer-resources.md
+
+ Title: Software developer resources
+
+description: This page provides information for developers such as detection criteria, developer questions, and how to check your software against Security intelligence.
+keywords: wdsi, software, developer, resources, detection, criteria, questions, scan, software, definitions, cloud, protection, security intelligence
+search.product: eADQiWindows 10XVcnh
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.localizationpriority: medium
+ms.pagetype: security
+++
+audience: ITPro
++
+ms.technology: m365d
++
+# Software developer resources
+
+Concerned about the detection of your software?
+If you believe that your application or program has been incorrectly detected by Microsoft security software, submit the relevant files for analysis.
+
+Check out the following resources for information on how to submit and view submissions:
+
+- [Submit files](https://www.microsoft.com/wdsi/filesubmission)
+
+- [View your submissions](https://www.microsoft.com/wdsi/submissionhistory)
+
+## Additional resources
+
+### Detection criteria
+
+To objectively identify malware and unidentified software, Microsoft applies a [set of criteria](criteria.md) for evaluating malicious or potentially harmful code.
+
+### Developer questions
+
+Find more guidance about the file submission and detection dispute process in our [FAQ for software developers](developer-faq.yml).
+
+### Scan your software
+
+Use [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-in-windows-10) to check your software against the latest Security intelligence and cloud protection from Microsoft.
security Exploits Malware https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/exploits-malware.md
+
+ Title: Exploits and exploit kits
+
+description: Learn about how exploits use vulnerabilities in common software to give attackers access to your computer and install other malware.
+keywords: security, malware, exploits, exploit kits, prevention, vulnerabilities, Microsoft, Exploit malware family, exploits, java, flash, adobe, update software, prevent exploits, exploit pack, vulnerability, 0-day, holes, weaknesses, attack, Flash, Adobe, out-of-date software, out of date software, update, update software, reinfection, Java cache, reinfected, won't remove, won't clean, still detects, full scan, MSE, Defender, WDSI, MMPC, Microsoft Malware Protection Center
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+++
+audience: ITPro
++
+search.appverid: met150
+ms.technology: m365d
+
+# Exploits and exploit kits
+
+Exploits take advantage of vulnerabilities in software. A vulnerability is like a hole in your software that malware can use to get onto your device. Malware exploits these vulnerabilities to bypass your computer's security safeguards to infect your device.
+
+## How exploits and exploit kits work
+
+Exploits are often the first part of a larger attack. Hackers scan for outdated systems that contain critical vulnerabilities, which they then exploit by deploying targeted malware. Exploits often include shellcode, which is a small malware payload used to download additional malware from attacker-controlled networks. Shellcode allows hackers to infect devices and infiltrate organizations.
+
+Exploit kits are more comprehensive tools that contain a collection of exploits. These kits scan devices for different kinds of software vulnerabilities and, if any are detected, deploy additional malware to further infect a device. Kits can use exploits targeting a variety of software, including Adobe Flash Player, Adobe Reader, Internet Explorer, Oracle Java, and Sun Java.
+
+The most common method used by attackers to distribute exploits and exploit kits is through webpages, but exploits can also arrive in emails. Some websites unknowingly and unwillingly host malicious code and exploits in their ads.
+
+The infographic below shows how an exploit kit might attempt to exploit a device after you visit a compromised webpage.
+
+![example of how exploit kits work.](../../media/security-intelligence-images/exploit-kit.png)
+
+*Figure 1. Example of how to exploit kits work*
+
+Several notable threats, including Wannacry, exploit the Server Message Block (SMB) vulnerability CVE-2017-0144 to launch malware.
+
+Examples of exploit kits:
+
+- Angler / [Axpergle](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=JS/Axpergle)
+
+- [Neutrino](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=JS/NeutrinoEK)
+
+- [Nuclear](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=JS/Neclu)
+
+To learn more about exploits, read this blog post on [taking apart a double zero-day sample discovered in joint hunt with ESET.](https://cloudblogs.microsoft.com/microsoftsecure/2018/07/02/taking-apart-a-double-zero-day-sample-discovered-in-joint-hunt-with-eset/)
+
+## How we name exploits
+
+We categorize exploits in our Malware encyclopedia by the "platform" they target. For example, Exploit:Java/CVE-2013-1489.A is an exploit that targets a vulnerability in Java.
+
+A project called "Common Vulnerabilities and Exposures (CVE)" is used by many security software vendors. The project gives each vulnerability a unique number, for example, CVE-2016-0778.
+The portion "2016" refers to the year the vulnerability was discovered. The "0778" is a unique ID for this specific vulnerability.
+
+You can read more on the [CVE website](https://cve.mitre.org/).
+
+## How to protect against exploits
+
+The best prevention for exploits is to keep your organization's [software up to date](https://portal.msrc.microsoft.com/). Software vendors provide updates for many known vulnerabilities, so make sure these updates are applied to all devices.
+
+For more general tips, see [prevent malware infection](prevent-malware-infection.md).
security Fileless Threats https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/fileless-threats.md
+
+ Title: Fileless threats
+
+description: Learn about the categories of fileless threats and malware that live off the land
+keywords: fileless, fileless malware, living off the land, lolbins, amsi, behavior monitoring, memory scanning, boot sector protection, security, malware, Windows Defender ATP, antivirus, AV, Microsoft Defender ATP, next-generation protection
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+++
+audience: ITPro
++
+search.appverid: met150
+ms.technology: m365d
++
+# Fileless threats
+
+What exactly are fileless threats? The term "fileless" suggests that a threat doesn't come in a file, such as a backdoor that lives only in the memory of a machine. However, there's no one definition for fileless malware. The term is used broadly, and sometimes to describe malware families that do rely on files to operate.
+
+Attacks involve [several stages](https://attack.mitre.org/wiki/ATT&CK_Matrix) for functionalities like execution, persistence, or information theft. Some parts of the attack chain may be fileless, while others may involve the file system in some form.
+
+For clarity, fileless threats are grouped into different categories.
+
+![Comprehensive diagram of fileless malware.](../../media/security-intelligence-images/fileless-malware.png)<br>
+*Figure 1. Comprehensive diagram of fileless malware*
+
+Fileless threats can be classified by their entry point, which indicates how fileless malware can arrive on a machine. They can arrive via an exploit, through compromised hardware, or via regular execution of applications and scripts.
+
+Next, list the form of entry point. For example, exploits can be based on files or network data, PCI peripherals are a type of hardware vector, and scripts and executables are subcategories of the execution vector.
+
+Finally, classify the host of the infection. For example, a Flash application may contain a variety of threats such as an exploit, a simple executable, and malicious firmware from a hardware device.
+
+Classifying helps you divide and categorize the various kinds of fileless threats. Some are more dangerous but also more difficult to implement, while others are more commonly used despite (or precisely because of) not being very advanced.
+
+From this categorization, you can glean three main types of fileless threats based on how much fingerprint they may leave on infected machines.
+
+## Type I: No file activity performed
+
+A fully fileless malware can be considered one that never requires writing a file on the disk. How would such malware infect a machine in the first place? One example is where a target machine receives malicious network packets that exploit the EternalBlue vulnerability. The vulnerability allows the installation of the DoublePulsar backdoor, which ends up residing only in the kernel memory. In this case, there's no file or any data written on a file.
+
+A compromised device may also have malicious code hiding in device firmware (such as a BIOS), a USB peripheral (like the BadUSB attack), or in the firmware of a network card. All these examples don't require a file on the disk to run, and can theoretically live only in memory. The malicious code would survive reboots, disk reformats, and OS reinstalls.
+
+Infections of this type can be particularly difficult to detect because most antivirus products donΓÇÖt have the capability to inspect firmware. In cases where a product does have the ability to inspect and detect malicious firmware, there are still significant challenges associated with remediation of threats at this level. This type of fileless malware requires high levels of sophistication and often depends on particular hardware or software configuration. ItΓÇÖs not an attack vector that can be exploited easily and reliably. While dangerous, threats of this type are uncommon and not practical for most attacks.
+
+## Type II: Indirect file activity
+
+There are other ways that malware can achieve fileless presence on a machine without requiring significant engineering effort. Fileless malware of this type doesn't directly write files on the file system, but they can end up using files indirectly. For example, with the [Poshspy backdoor](https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html) attackers installed a malicious PowerShell command within the WMI repository and configured a WMI filter to run the command periodically.
+
+ItΓÇÖs possible to carry out such installation via command line without requiring a backdoor to already be on the file. The malware can be installed and theoretically run without ever touching the file system. However, the WMI repository is stored on a physical file in a central storage area managed by the CIM Object Manager, and usually contains legitimate data. Even though the infection chain does technically use a physical file, itΓÇÖs considered a fileless attack because the WMI repository is a multi-purpose data container that can't be detected and removed.
+
+## Type III: Files required to operate
+
+Some malware can have a sort of fileless persistence, but not without using files to operate. An example for this scenario is Kovter, which creates a shell open verb handler in the registry for a random file extension. Opening a file with such extension will lead to the execution of a script through the legitimate tool mshta.exe.
+
+![Image of Kovter's registry key.](../../media/security-intelligence-images/kovter-reg-key.png)<br>
+*Figure 2. KovterΓÇÖs registry key*
+
+When the open verb is invoked, the associated command from the registry is launched, which results in the execution of a small script. This script reads data from a further registry key and executes it, in turn leading to the loading of the final payload. However, to trigger the open verb in the first place, Kovter has to drop a file with the same extension targeted by the verb (in the example above, the extension is .bbf5590fd). It also has to set an autorun key configured to open such file when the machine starts.
+
+Kovter is considered a fileless threat because the file system is of no practical use. The files with random extensions contain junk data that isn't usable in verifying the presence of the threat. The files that store the registry are containers that can't be detected and deleted if malicious content is present.
+
+## Categorizing fileless threats by infection host
+
+Having described the broad categories, we can now dig into the details and provide a breakdown of the infection hosts. This comprehensive classification covers the panorama of what is usually referred to as fileless malware. It drives our efforts to research and develop new protection features that neutralize classes of attacks and ensure malware doesn't get the upper hand in the arms race.
+
+### Exploits
+
+**File-based** (Type III: executable, Flash, Java, documents): An initial file may exploit the operating system, the browser, the Java engine, the Flash engine, etc. to execute a shellcode and deliver a payload in memory. While the payload is fileless, the initial entry vector is a file.
+
+**Network-based** (Type I): A network communication that takes advantage of a vulnerability in the target machine can achieve code execution in the context of an application or the kernel. An example is WannaCry, which exploits a previously fixed vulnerability in the SMB protocol to deliver a backdoor within the kernel memory.
+
+### Hardware
+
+**Device-based** (Type I: network card, hard disk): Devices like hard disks and network cards require chipsets and dedicated software to function. Software residing and running in the chipset of a device is called firmware. Although a complex task, the firmware can be infected by malware, as the [Equation espionage group has been caught doing](https://www.kaspersky.com/blog/equation-hdd-malware/7623/).
+
+**CPU-based** (Type I): Modern CPUs are complex and may include subsystems running firmware for management purposes. Such firmware may be vulnerable to hijacking and allow the execution of malicious code that would operate from within the CPU. In December 2017, two researchers reported a vulnerability that can allow attackers to execute code inside the [Management Engine (ME)](https://en.wikipedia.org/wiki/Intel_Management_Engine) present in any modern CPU from Intel. Meanwhile, the attacker group PLATINUM has been observed to have the capability to use Intel's [Active Management Technology (AMT)](https://en.wikipedia.org/wiki/Intel_Active_Management_Technology) to perform [invisible network communications](https://cloudblogs.microsoft.com/microsoftsecure/2017/06/07/platinum-continues-to-evolve-find-ways-to-maintain-invisibility/), bypassing the installed operating system. ME and AMT are essentially autonomous micro-computers that live inside the CPU and that operate at a very low level. Because these technologiesΓÇÖ purpose is to provide remote manageability, they have direct access to hardware, are independent of the operating system, and can run even if the computer is turned off.
+
+Besides being vulnerable at the firmware level, CPUs could be manufactured with backdoors inserted directly in the hardware circuitry. This attack has been [researched and proved possible](https://www.emsec.rub.de/media/crypto/veroeffentlichungen/2015/03/19/beckerStealthyExtended.pdf) in the past. It has been reported that certain models of x86 processors contain a secondary embedded RISC-like CPU core that can [effectively provide a backdoor](https://www.theregister.co.uk/2018/08/10/via_c3_x86_processor_backdoor/) through which regular applications can gain privileged execution.
+
+**USB-based** (Type I): USB devices of all kinds can be reprogrammed with malicious firmware capable of interacting with the operating system in nefarious ways. For example, the [BadUSB technique](https://arstechnica.com/information-technology/2014/07/this-thumbdrive-hacks-computers-badusb-exploit-makes-devices-turn-evil/) allows a reprogrammed USB stick to act as a keyboard that sends commands to machines via keystrokes, or as a network card that can redirect traffic at will.
+
+**BIOS-based** (Type I): A BIOS is a firmware running inside a chipset. It executes when a machine is powered on, initializes the hardware, and then transfers control to the boot sector. The BIOS is an important component that operates at a low level and executes before the boot sector. ItΓÇÖs possible to reprogram the BIOS firmware with malicious code, as has happened in the past with the [Mebromi rootkit](https://www.webroot.com/blog/2011/09/13/mebromi-the-first-bios-rootkit-in-the-wild/).
+
+**Hypervisor-based** (Type I): Modern CPUs provide hardware hypervisor support, allowing the operating system to create robust virtual machines. A virtual machine runs in a confined, simulated environment, and is in theory unaware of the emulation. A malware taking over a machine may implement a small hypervisor to hide itself outside of the realm of the running operating system. Malware of this kind has been theorized in the past, and eventually real hypervisor rootkits [have been observed](http://seclists.org/fulldisclosure/2017/Jun/29), although few are known to date.
+
+### Execution and injection
+
+**File-based** (Type III: executables, DLLs, LNK files, scheduled tasks): This is the standard execution vector. A simple executable can be launched as a first-stage malware to run an additional payload in memory, or injected into other legitimate running processes.
+
+**Macro-based** (Type III: Office documents): The [VBA language](/office/vba/Library-Reference/Concepts/getting-started-with-vba-in-office) is a flexible and powerful tool designed to automate editing tasks and add dynamic functionality to documents. As such, it can be abused by attackers to carry out malicious operations like decoding, running, or injecting an executable payload, or even implementing an entire ransomware, like in [the case of qkG](https://blog.trendmicro.com/trendlabs-security-intelligence/qkg-filecoder-self-replicating-document-encrypting-ransomware/). Macros are executed within the context of an Office process (e.g., Winword.exe) and implemented in a scripting language. There's no binary executable that an antivirus can inspect. While Office apps require explicit consent from the user to execute macros from a document, attackers use social engineering techniques to trick users into allowing macros to execute.
+
+**Script-based** (Type II: file, service, registry, WMI repo, shell): The JavaScript, VBScript, and PowerShell scripting languages are available by default on Windows platforms. Scripts have the same advantages as macros, they are textual files (not binary executables) and run within the context of the interpreter (like wscript.exe, powershell.exe), which is a clean and legitimate component. Scripts are versatile and can be run from a file (by double-clicking them) or executed directly on the command line of an interpreter. Running on the command line allows malware to encode malicious scripts as autostart services inside [autorun registry keys](https://www.gdatasoftware.com/blog/2014/07/23947-poweliks-the-persistent-malware-without-a-file) as [WMI event subscriptions](https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html) from the WMI repo. Furthermore, an attacker who has gained access to an infected machine may input the script on the command prompt.
+
+**Disk-based** (Type II: Boot Record): The Boot Record is the first sector of a disk or volume, and contains executable code required to start the boot process of the operating system. Threats like [Petya](https://cloudblogs.microsoft.com/microsoftsecure/2017/06/27/new-ransomware-old-techniques-petya-adds-worm-capabilities/?source=mmpc) are capable of infecting the Boot Record by overwriting it with malicious code. When the machine is booted, the malware immediately gains control. The Boot Record resides outside the file system, but itΓÇÖs accessible by the operating system. Modern antivirus products have the capability to scan and restore it.
+
+## Defeating fileless malware
+
+At Microsoft, we actively monitor the security landscape to identify new threat trends and develop solutions to mitigate classes of threats. We instrument durable protections that are effective against a wide range of threats. Through AntiMalware Scan Interface (AMSI), behavior monitoring, memory scanning, and boot sector protection, [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint) can inspect fileless threats even with heavy obfuscation. Machine learning technologies in the cloud allow us to scale these protections against new and emerging threats.
+
+To learn more, read: [Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV](https://cloudblogs.microsoft.com/microsoftsecure/2018/09/27/out-of-sight-but-not-invisible-defeating-fileless-malware-with-behavior-monitoring-amsi-and-next-gen-av/)
+
+## Additional resources and information
+
+Learn how to [deploy threat protection capabilities across Microsoft 365 E5](/microsoft-365/solutions/deploy-threat-protection).
security Macro Malware https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/macro-malware.md
+
+ Title: Macro malware
+
+description: Learn about macro viruses and malware, which are embedded in documents and are used to drop malicious payloads and distribute other threats.
+keywords: security, malware, macro, protection, WDSI, MMPC, Microsoft Malware Protection Center, macro virus, macro malware, documents, viruses in Office, viruses in Word
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+++
+audience: ITPro
++
+search.appverid: met150
+ms.technology: m365d
+
+# Macro malware
+
+Macros are a powerful way to automate common tasks in Microsoft Office and can make people more productive. However, macro malware uses this functionality to infect your device.
+
+## How macro malware works
+
+Macro malware hides in Microsoft Office files and is delivered as email attachments or inside ZIP files. These files use names that are intended to entice or scare people into opening them. They often look like invoices, receipts, legal documents, and more.
+
+Macro malware was fairly common several years ago because macros ran automatically whenever a document was opened. In recent versions of Microsoft Office, macros are disabled by default. Now, malware authors need to convince users to turn on macros so that their malware can run. They try to scare users by showing fake warnings when a malicious document is opened.
+
+We've seen macro malware download threats from the following families:
+
+* [Ransom:MSIL/Swappa](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Ransom:MSIL/Swappa.A)
+* [Ransom:Win32/Teerac](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Ransom:Win32/Teerac&threatId=-2147277789)
+* [TrojanDownloader:Win32/Chanitor](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Win32/Chanitor.A)
+* [TrojanSpy:Win32/Ursnif](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanSpy:Win32/Ursnif)
+* [Win32/Fynloski](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32/Fynloski)
+* [Worm:Win32/Gamarue](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32/Gamarue)
+
+## How to protect against macro malware
+
+* Make sure macros are disabled in your Microsoft Office applications. In enterprises, IT admins set the default setting for macros:
+ * [Enable or disable macros](https://support.office.com/article/Enable-or-disable-macros-in-Office-documents-7b4fdd2e-174f-47e2-9611-9efe4f860b12) in Office documents
+
+* DonΓÇÖt open suspicious emails or suspicious attachments.
+
+* Delete any emails from unknown people or with suspicious content. Spam emails are the main way macro malware spreads.
+
+* Enterprises can prevent macro malware from running executable content using [ASR rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction)
+
+For more tips on protecting yourself from suspicious emails, see [phishing](phishing.md).
+
+For more general tips, see [prevent malware infection](prevent-malware-infection.md).
security Malware Naming https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/malware-naming.md
+
+ Title: Malware names
+
+description: Understand the malware naming convention used by Microsoft Defender Antivirus and other Microsoft antimalware.
+keywords: security, malware, names, Microsoft, MMPC, Microsoft Malware Protection Center, WDSI, malware name, malware prefix, malware type, virus name
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+++
+audience: ITPro
++
+search.appverid: met150
+ms.technology: m365d
+
+# Malware names
+
+We name the malware and unwanted software that we detect according to the Computer Antivirus Research Organization (CARO) malware naming scheme. The scheme uses the following format:
+
+![How Microsoft determines names malware](../../media/security-intelligence-images/naming-malware.png)
+
+When our analysts research a particular threat, they'll determine what each of the components of the name will be.
+
+## Type
+
+Describes what the malware does on your computer. Worms, viruses, trojans, backdoors, and ransomware are some of the most common types of malware.
+
+* Adware
+* Backdoor
+* Behavior
+* BrowserModifier
+* Constructor
+* DDoS
+* Exploit
+* HackTool
+* Joke
+* Misleading
+* MonitoringTool
+* Program
+* Personal Web Server (PWS)
+* Ransom
+* RemoteAccess
+* Rogue
+* SettingsModifier
+* SoftwareBundler
+* Spammer
+* Spoofer
+* Spyware
+* Tool
+* Trojan
+* TrojanClicker
+* TrojanDownloader
+* TrojanNotifier
+* TrojanProxy
+* TrojanSpy
+* VirTool
+* Virus
+* Worm
+
+## Platforms
+
+Platforms guide the malware to its compatible operating system (such as Windows, masOS X, and Android). The platform's guidance is also used for programming languages and file formats.
+
+### Operating systems
+
+* AndroidOS: Android operating system
+* DOS: MS-DOS platform
+* EPOC: Psion devices
+* FreeBSD: FreeBSD platform
+* iPhoneOS: iPhone operating system
+* Linux: Linux platform
+* macOS: MAC 9.x platform or earlier
+* macOS_X: MacOS X or later
+* OS2: OS2 platform
+* Palm: Palm operating system
+* Solaris: System V-based Unix platforms
+* SunOS: Unix platforms 4.1.3 or lower
+* SymbOS: Symbian operating system
+* Unix: general Unix platforms
+* Win16: Win16 (3.1) platform
+* Win2K: Windows 2000 platform
+* Win32: Windows 32-bit platform
+* Win64: Windows 64-bit platform
+* Win95: Windows 95, 98 and ME platforms
+* Win98: Windows 98 platform only
+* WinCE: Windows CE platform
+* WinNT: WinNT
+
+### Scripting languages
+
+* ABAP: Advanced Business Application Programming scripts
+* ALisp: ALisp scripts
+* AmiPro: AmiPro script
+* ANSI: American National Standards Institute scripts
+* AppleScript: compiled Apple scripts
+* ASP: Active Server Pages scripts
+* AutoIt: AutoIT scripts
+* BAS: Basic scripts
+* BAT: Basic scripts
+* CorelScript: Corelscript scripts
+* HTA: HTML Application scripts
+* HTML: HTML Application scripts
+* INF: Install scripts
+* IRC: mIRC/pIRC scripts
+* Java: Java binaries (classes)
+* JS: JavaScript scripts
+* LOGO: LOGO scripts
+* MPB: MapBasic scripts
+* MSH: Monad shell scripts
+* MSIL: .NET intermediate language scripts
+* Perl: Perl scripts
+* PHP: Hypertext Preprocessor scripts
+* Python: Python scripts
+* SAP: SAP platform scripts
+* SH: Shell scripts
+* VBA: Visual Basic for Applications scripts
+* VBS: Visual Basic scripts
+* WinBAT: Winbatch scripts
+* WinHlp: Windows Help scripts
+* WinREG: Windows registry scripts
+
+### Macros
+
+* A97M: Access 97, 2000, XP, 2003, 2007, and 2010 macros
+* HE: macro scripting
+* O97M: Office 97, 2000, XP, 2003, 2007, and 2010 macros - those that affect Word, Excel, and PowerPoint
+* PP97M: PowerPoint 97, 2000, XP, 2003, 2007, and 2010 macros
+* V5M: Visio5 macros
+* W1M: Word1Macro
+* W2M: Word2Macro
+* W97M: Word 97, 2000, XP, 2003, 2007, and 2010 macros
+* WM: Word 95 macros
+* X97M: Excel 97, 2000, XP, 2003, 2007, and 2010 macros
+* XF: Excel formulas
+* XM: Excel 95 macros
+
+### Other file types
+
+* ASX: XML metafile of Windows Media .asf files
+* HC: HyperCard Apple scripts
+* MIME: MIME packets
+* Netware: Novell Netware files
+* QT: Quicktime files
+* SB: StarBasic (StarOffice XML) files
+* SWF: Shockwave Flash files
+* TSQL: MS SQL server files
+* XML: XML files
+
+## Family
+
+Grouping of malware based on common characteristics, including attribution to the same authors. Security software providers sometimes use different names for the same malware family.
+
+## Variant letter
+
+Used sequentially for every distinct version of a malware family. For example, the detection for the variant ".AF" would have been created after the detection for the variant ".AE".
+
+## Suffixes
+
+Provides extra detail about the malware, including how it's used as part of a multicomponent threat. In the preceding example, "!lnk" indicates that the threat component is a shortcut file used by Trojan:Win32/Reveton.T.
+
+* .dam: damaged malware
+* .dll: Dynamic Link Library component of a malware
+* .dr: dropper component of a malware
+* .gen: malware that is detected using a generic signature
+* .kit: virus constructor
+* .ldr: loader component of a malware
+* .pak: compressed malware
+* .plugin: plug-in component
+* .remnants: remnants of a virus
+* .worm: worm component of that malware
+* !bit: an internal category used to refer to some threats
+* !cl: an internal category used to refer to some threats
+* !dha: an internal category used to refer to some threats
+* !pfn: an internal category used to refer to some threats
+* !plock: an internal category used to refer to some threats
+* !rfn: an internal category used to refer to some threats
+* !rootkit: rootkit component of that malware
+* @m: worm mailers
+* @mm: mass mailer worm
security Microsoft Bug Bounty Program https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/microsoft-bug-bounty-program.md
+
+ Title: About the Microsoft Bug Bounty Program
+description: If you are a security researcher, you can get a reward for reporting a vulnerability in a Microsoft product, service, or device.
+audience: ITPro
+++++
+ms.localizationpriority: medium
+
+ms.technology: m365d
++
+# About the Microsoft Bug Bounty Program
+
+Are you a security researcher? Did you find a vulnerability in a Microsoft product, service, or device? If so, we want to hear from you!
+
+If your vulnerability report affects a product or service that is within scope of one of our bounty programs below, you could receive a bounty award according to the program descriptions.
+
+Visit the [Microsoft Bug Bounty Program site](https://www.microsoft.com/en-us/msrc/bounty?rtc=1) for all the details!
security Phishing Trends https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/phishing-trends.md
+
+ Title: Phishing trends and techniques
+
+description: Learn about how to spot phishing techniques
+keywords: security, malware, phishing, information, scam, social engineering, bait, lure, protection, trends, targeted attack, spear phishing, whaling
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+++
+audience: ITPro
++
+search.appverid: met150
+ms.technology: m365d
++
+# Phishing trends and techniques
+
+Phishing attacks are scams that often use social engineering bait or lure content. Legitimate-looking communication, usually email, that links to a phishing site is one of the most common methods used in phishing attacks. The phishing site typically mimics sign in pages that require users to input credentials and account information. The phishing site then captures the sensitive information as soon as the user provides it, giving attackers access to the information.
+
+Below are some of the most common phishing techniques attackers will employ to try to steal information or gain access to your devices.
+
+## Invoice phishing
+
+In this scam, the attacker attempts to lure you with an email stating that you have an outstanding invoice from a known vendor or company. They then provide a link for you to access and pay your invoice. When you access the site, the attacker is poised to steal your personal information and funds.
+
+## Payment/delivery scam
+
+You're asked to provide a credit card or other personal information so that your payment information can be updated with a commonly known vendor or supplier. The update is requested so that you can take delivery of your ordered goods. Generally, you may be familiar with the company and have likely done business with them in the past. However, you aren't aware of any items you have recently purchased from them.
+
+## Tax-themed phishing scams
+
+A common IRS phishing scam is receiving an urgent email letter indicating that you owe money to the IRS. Often the email threatens legal action if you don't access the site in a timely manner and pay your taxes. When you access the site, the attackers can steal your personal credit card or bank information and drain your accounts.
+
+## Downloads
+
+An attacker sends a fraudulent email requesting you to open or download a document attachment, such as a PDF. The attachment often contains a message asking you to sign in to another site, such as email or file sharing websites, to open the document. When you access these phishing sites using your sign-in credentials, the attacker now has access to your information and can gain additional personal information about you.
+
+## Phishing emails that deliver other threats
+
+Phishing emails are often effective, so attackers sometimes use them to distribute [ransomware](/security/compass/human-operated-ransomware) through links or attachments in emails. When run, the ransomware encrypts files and displays a ransom note, which asks you to pay a sum of money to access to your files.
+
+We have also seen phishing emails that have links to [tech support scam](support-scams.md) websites. These websites use various scare tactics to trick you into calling hotlines and paying for unnecessary "technical support services" that supposedly fix contrived device, platform, or software problems.
+
+## Spear phishing
+
+Spear phishing is a targeted phishing attack that involves highly customized lure content. Attackers will typically do reconnaissance work by surveying social media and other information sources about their intended target.
+
+Spear phishing may involve tricking you into logging into fake sites and divulging credentials. I may also lure you into opening documents by clicking on links that automatically install malware. With this malware in place, attackers can remotely manipulate the infected computer.
+
+The implanted malware serves as the point of entry for a more sophisticated attack, known as an advanced persistent threat (APT). APTs are designed to establish control and steal data over extended periods. Attackers may try to deploy more covert hacking tools, move laterally to other computers, compromise or create privileged accounts, and regularly exfiltrate information from compromised networks.
+
+## Whaling
+
+Whaling is a form of phishing directed at high-level or senior executives within specific companies to gain access to their credentials and/or bank information. The content of the email may be written as a legal subpoena, customer complaint, or other executive issue. This type of attack can also lead to an APT attack within an organization.
+
+## Business email compromise
+
+Business email compromise (BEC) is a sophisticated scam that targets businesses who frequently work with foreign suppliers or do money wire transfers. One of the most common schemes used by BEC attackers involves gaining access to a companyΓÇÖs network through a spear phishing attack. The attacker creates a domain similar to the company they're targeting, or spoofs their email to scam users into releasing personal account information for money transfers.
+
+## More information about phishing attacks
+
+For information on the latest phishing attacks, techniques, and trends, you can read these entries on the [Microsoft Security blog](https://www.microsoft.com/security/blog/product/windows/):
+
+- [Phishers unleash simple but effective social engineering techniques using PDF attachments](https://cloudblogs.microsoft.com/microsoftsecure/2017/01/26/phishers-unleash-simple-but-effective-social-engineering-techniques-using-pdf-attachments/?source=mmpc)
+- [Tax themed phishing and malware attacks proliferate during the tax filing season](https://cloudblogs.microsoft.com/microsoftsecure/2017/03/20/tax-themed-phishing-and-malware-attacks-proliferate-during-the-tax-filing-season/?source=mmpc)
+- [Phishing like emails lead to tech support scam](https://cloudblogs.microsoft.com/microsoftsecure/2017/08/07/links-in-phishing-like-emails-lead-to-tech-support-scam/?source=mmpc)
security Phishing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/phishing.md
+
+ Title: How to protect against phishing attacks
+
+description: Learn about how phishing work, deliver malware do your devices, and what you can do to protect yourself
+keywords: security, malware, phishing, information, scam, social engineering, bait, lure, protection, trends, targeted attack
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+++
+audience: ITPro
++
+search.appverid: met150
+ms.technology: m365d
++
+# How to protect against phishing attacks
+
+Phishing attacks attempt to steal sensitive information through emails, websites, text messages, or other forms of electronic communication. They try to look like official communication from legitimate companies or individuals.
+
+Cybercriminals often attempt to steal usernames, passwords, credit card details, bank account information, or other credentials. They use stolen information for malicious purposes, such as hacking, identity theft, or stealing money directly from bank accounts and credit cards. The information can also be sold in cybercriminal underground markets.
+
+Social engineering attacks are designed to take advantage of a user's possible lapse in decision-making. Be aware and never provide sensitive or personal information through email or unknown websites, or over the phone. Remember, phishing emails are designed to appear legitimate.
+
+## Learn the signs of a phishing scam
+
+The best protection is awareness and education. DonΓÇÖt open attachments or links in unsolicited emails, even if the emails came from a recognized source. If the email is unexpected, be wary about opening the attachment and verify the URL.
+
+Enterprises should educate and train their employees to be wary of any communication that requests personal or financial information. They should also instruct employees to report the threat to the companyΓÇÖs security operations team immediately.
+
+Here are several telltale signs of a phishing scam:
+
+* The links or URLs provided in emails are **not pointing to the correct location** or are pointing to a third-party site not affiliated with the sender of the email. For example, in the image below the URL provided doesn't match the URL that you'll be taken to.
+
+ ![example of hovering over a url.](../../media/security-intelligence-images/url-hover.png)
+
+* There's a **request for personal information** such as social security numbers or bank or financial information. Official communications won't generally request personal information from you in the form of an email.
+
+* **Items in the email address will be changed** so that it is similar enough to a legitimate email address, but has added numbers or changed letters.
+
+* The message is **unexpected and unsolicited**. If you suddenly receive an email from an entity or a person you rarely deal with, consider this email suspect.
+
+* The message or the attachment asks you to **enable macros, adjust security settings, or install applications**. Normal emails won't ask you to do this.
+
+* The message contains **errors**. Legitimate corporate messages are less likely to have typographic or grammatical errors or contain wrong information.
+
+* The **sender address doesn't match the signature** on the message itself. For example, an email is purported to be from Mary of Contoso Corp, but the sender address is john<span></span>@example.com.
+
+* There are **multiple recipients** in the ΓÇ£ToΓÇ¥ field and they appear to be random addresses. Corporate messages are normally sent directly to individual recipients.
+
+* The greeting on the message itself **doesn't personally address you**. Apart from messages that mistakenly address a different person, greetings that misuse your name or pull your name directly from your email address tend to be malicious.
+
+* The website looks familiar but there are **inconsistencies or things that aren't quite right**. Warning signs include outdated logos, typos, or ask users to give additional information that is not asked by legitimate sign-in websites.
+
+* The page that opens is **not a live page**, but rather an image that is designed to look like the site you are familiar with. A pop-up may appear that requests credentials.
+
+If in doubt, contact the business by known channels to verify if any suspicious emails are in fact legitimate.
+
+## Software solutions for organizations
+
+* [Microsoft Edge](/microsoft-edge/deploy/index) and [Windows Defender Application Guard](/windows/security/microsoft-defender-application-guard/md-app-guard-overview.md) offer protection from the increasing threat of targeted attacks using Microsoft's industry-leading Hyper-V virtualization technology. If a browsed website is deemed untrusted, the Hyper-V container will isolate that device from the rest of your network thereby preventing access to your enterprise data.
+
+* [Microsoft Exchange Online Protection (EOP)](https://products.office.com/exchange/exchange-email-security-spam-protection) offers enterprise-class reliability and protection against spam and malware, while maintaining access to email during and after emergencies. Using various layers of filtering, EOP can provide different controls for spam filtering, such as bulk mail controls and international spam, that will further enhance your protection services.
+
+* Use [Microsoft Defender for Office 365](https://products.office.com/exchange/online-email-threat-protection?ocid=cx-blog-mmpc) to help protect your email, files, and online storage against malware. It offers holistic protection in Microsoft Teams, Word, Excel, PowerPoint, Visio, SharePoint Online, and OneDrive for Business. By protecting against unsafe attachments and expanding protection against malicious links, it complements the security features of Exchange Online Protection to provide better zero-day protection.
+
+## What to do if you've been a victim of a phishing scam
+
+If you feel you've been a victim of a phishing attack:
+
+1. Contact your IT admin if you are on a work computer
+2. Immediately change all passwords associated with the accounts
+3. Report any fraudulent activity to your bank and credit card company
+
+### Reporting spam
+
+- **Outlook.com**: If you receive a suspicious email message that asks for personal information, select the check box next to the message in your Outlook inbox. Select the arrow next to **Junk**, and then select **Phishing**.
+
+- **Microsoft Office Outlook**: While in the suspicious message, select **Report message** from the ribbon, and then select **Phishing**.
+
+- **Microsoft 365**: Use the [Submissions portal in Microsoft 365 Defender](/microsoft-365/security/office-365-security/report-junk-email-messages-to-microsoft) to submit the junk or phishing sample to Microsoft for analysis. For more information, see [Report messages and files to Microsoft](/microsoft-365/security/office-365-security/report-junk-email-messages-to-microsoft).
+
+- **Anti-Phishing Working Group**: phishing-report@us-cert.gov. The group uses reports generated from emails sent to fight phishing scams and hackers. ISPs, security vendors, financial institutions, and law enforcement agencies are involved.
+
+### If youΓÇÖre on a suspicious website
+
+- **Microsoft Edge**: While you’re on a suspicious site, select the **More (…) icon** > **Help and feedback** > **Report Unsafe site**. Follow the instructions on the webpage that displays to report the website.
+
+- **Internet Explorer**: While youΓÇÖre on a suspicious site, select the gear icon, point to **Safety**, and then select **Report Unsafe Website**. Follow the instructions on the webpage that displays to report the website.
+
+## More information about phishing attacks
+
+- [Protect yourself from phishing](https://support.microsoft.com/help/4033787/windows-protect-yourself-from-phishing)
+- [Phishing trends](phishing-trends.md)
security Portal Submission Troubleshooting https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/portal-submission-troubleshooting.md
+
+ Title: Troubleshoot MSI portal errors caused by admin block
+description: Troubleshoot MSI portal errors
+
+keywords: security, sample submission help, malware file, virus file, trojan file, submit, send to Microsoft, submit a sample, virus, trojan, worm, undetected, doesnΓÇÖt detect, email microsoft, email malware, I think this is malware, I think it's a virus, where can I send a virus, is this a virus, MSE, doesnΓÇÖt detect, no signature, no detection, suspect file, MMPC, Microsoft Malware Protection Center, researchers, analyst, WDSI, security intelligence
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+++
+audience: ITPro
++
+search.appverid: met150
+ms.technology: m365d
++
+# Troubleshooting malware submission errors caused by administrator block
+In some instances, an administrator block might cause submission issues when you try to submit a potentially infected file to the [Microsoft Security intelligence website](https://www.microsoft.com/wdsi) for analysis. The following process shows how to resolve this problem.
+
+## Review your settings
+Open your Azure [Enterprise application settings](https://portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/UserSettings/menuId/). Under **Enterprise Applications** > **Users can consent to apps accessing company data on their behalf**, check whether Yes or No is selected.
+
+- If **No** is selected, an Azure AD administrator for the customer tenant will need to provide consent for the organization. Depending on the configuration with Azure AD, users might be able to submit a request right from the same dialog box. If there’s no option to ask for admin consent, users need to request for these permissions to be added to their Azure AD admin. Go to the following section for more information.
+
+- If **Yes** is selected, ensure the Windows Defender Security Intelligence app setting **Enabled for users to sign in?** is set to **Yes** [in Azure](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ManagedAppMenuBlade/Properties/appId/f0cf43e5-8a9b-451c-b2d5-7285c785684d/objectId/4a918a14-4069-4108-9b7d-76486212d75d). If **No** is selected, you'll need to request an Azure AD admin enable it.
+ΓÇ»
+## Implement Required Enterprise Application permissions
+This process requires a global or application admin in the tenant.
+ 1. Open [Enterprise Application settings](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ManagedAppMenuBlade/Permissions/appId/f0cf43e5-8a9b-451c-b2d5-7285c785684d/objectId/4a918a14-4069-4108-9b7d-76486212d75d).
+ 2. Select **Grant admin consent for organization**.
+ 3. If you're able to do so, review the API permissions required for this application, as the following image shows. Provide consent for the tenant.
+
+ ![grant consent image.](../../media/security-intelligence-images/msi-grant-admin-consent.jpg)
+
+ 4. If the administrator receives an error while attempting to provide consent manually, try either [Option 1](#option-1-approve-enterprise-application-permissions-by-user-request) or [Option 2](#option-2-provide-admin-consent-by-authenticating-the-application-as-an-admin) as possible workarounds.
+ΓÇ»
+## Option 1 Approve enterprise application permissions by user request
+> [!Note]
+> This is currently a preview feature.
+
+Azure Active Directory admins will need to allow for users to request admin consent to apps. Verify the setting is configured to **Yes** in [Enterprise applications](https://portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/UserSettings/menuId/).
+
+![Enterprise applications user settings.](../../media/security-intelligence-images/msi-enterprise-app-user-setting.jpg)
+
+More information is available in [Configure Admin consent workflow](/azure/active-directory/manage-apps/configure-admin-consent-workflow).
+
+Once this setting is verified, users can go through the enterprise customer sign-in at [Microsoft security intelligence](https://www.microsoft.com/wdsi/filesubmission), and submit a request for admin consent, including justification.
+
+![Contoso sign in flow.](../../media/security-intelligence-images/msi-contoso-approval-required.png)
+
+Admin will be able to review and approve the application permissions [Azure admin consent requests](https://portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/AccessRequests/menuId/).
+
+After providing consent, all users in the tenant will be able to use the application.
+ΓÇ»
+## Option 2 Provide admin consent by authenticating the application as an admin
+This process requires that global admins go through the Enterprise customer sign-in flow at [Microsoft security intelligence](https://www.microsoft.com/wdsi/filesubmission).
+
+![Consent sign in flow.](../../media/security-intelligence-images/msi-microsoft-permission-required.jpg)
+
+Then, admins review the permissions and make sure to select **Consent on behalf of your organization**, and then select **Accept**.
+
+All users in the tenant will now be able to use this application.
+
+## Option 3: Delete and readd app permissions
+If neither of these options resolve the issue, try the following steps (as an admin):
+
+1. Remove previous configurations for the application. Go to [Enterprise applications](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ManagedAppMenuBlade/Properties/appId/f0cf43e5-8a9b-451c-b2d5-7285c785684d/objectId/982e94b2-fea9-4d1f-9fca-318cda92f90b)
+and select **delete**.
+
+ ![Delete app permissions.](../../media/security-intelligence-images/msi-properties.png)
+
+2. Capture TenantID from [Properties](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Properties).
+
+3. Replace {tenant-id} with the specific tenant that needs to grant consent to this application in the URL below. Copy this URL into browser. The rest of the parameters are already completed.
+``https://login.microsoftonline.com/{tenant-id}/v2.0/adminconsent?client_id=f0cf43e5-8a9b-451c-b2d5-7285c785684d&state=12345&redirect_uri=https%3a%2f%2fwww.microsoft.com%2fwdsi%2ffilesubmission&scope=openid+profile+email+offline_access``
+
+ ![Permissions needed.](../../media/security-intelligence-images/msi-microsoft-permission-requested-your-organization.png)
+
+4. Review the permissions required by the application, and then select **Accept**.
+
+5. Confirm the permissions are applied in the [Azure portal](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ManagedAppMenuBlade/Permissions/appId/f0cf43e5-8a9b-451c-b2d5-7285c785684d/objectId/ce60a464-5fca-4819-8423-bcb46796b051).
+
+ ![Review that permissions are applied.](../../media/security-intelligence-images/msi-permissions.jpg)
+
+6. Sign in to [Microsoft security intelligence](https://www.microsoft.com/wdsi/filesubmission) as an enterprise user with a non-admin account to see if you have access.
+
+ If the warning is not resolved after following these troubleshooting steps, call Microsoft support.
security Prevent Malware Infection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/prevent-malware-infection.md
+
+ Title: Prevent malware infection
+
+description: Learn steps you can take to help prevent a malware or potentially unwanted software from infecting your computer.
+keywords: security, malware, prevention, infection, tips, Microsoft, MMPC, Microsoft Malware Protection Center, virus, trojan, worm, stop, prevent, full scan, infection, avoid malware, avoid trojan, avoid virus, infection, how, detection, security software, antivirus, updates, how malware works, how virus works, firewall, turn on, user privileges, limit, prevention, WDSI, MMPC, Microsoft Malware Protection Center
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+++
+audience: ITPro
++
+search.appverid: met150
+ms.technology: m365d
+
+# Prevent malware infection
+
+Malware authors are always looking for new ways to infect computers. Follow the tips below to stay protected and minimize threats to your data and accounts.
+
+## Keep software up to date
+
+[Exploits](exploits-malware.md) typically use vulnerabilities in popular software such as web browsers, Java, Adobe Flash Player, and Microsoft Office to infect devices. Software updates patch vulnerabilities so they aren't available to exploits anymore.
+
+To keep Microsoft software up to date, ensure that [automatic Microsoft Updates](https://support.microsoft.com/help/12373/windows-update-faq) are enabled. Also, upgrade to the latest version of Windows to benefit from a host of built-in security enhancements.
+
+## Be wary of links and attachments
+
+Email and other messaging tools are a few of the most common ways your device can get infected. Attachments or links in messages can open malware directly or can stealthily trigger a download. Some emails give instructions to allow macros or other executable content designed to make it easier for malware to infect your devices.
+
+* Use an email service that provides protection against malicious attachments, links, and abusive senders. [Microsoft Office 365](/microsoft-365/security/office-365-security/anti-spam-and-anti-malware-protection) has built-in antimalware, link protection, and spam filtering.
+
+For more information, see [phishing](phishing.md).
+
+## Watch out for malicious or compromised websites
+
+When you visit malicious or compromised sites, your device can get infected with malware automatically or you can get tricked into downloading and installing malware. See [exploits and exploit kits](exploits-malware.md) as an example of how some of these sites can automatically install malware to visiting computers.
+
+To identify potentially harmful websites, keep the following in mind:
+
+* The initial part (domain) of a website address should represent the company that owns the site you are visiting. Check the domain for misspellings. For example, malicious sites commonly use domain names that swap the letter O with a zero (0) or the letters L and I with a one (1). If example<span></span>.com is spelled examp1e<span></span>.com, the site you are visiting is suspect.
+
+* Sites that aggressively open popups and display misleading buttons often trick users into accepting content through constant popups or mislabeled buttons.
+
+To block malicious websites, use a modern web browser like [Microsoft Edge](https://www.microsoft.com/windows/microsoft-edge?ocid=cx-wdsi-articles) that identifies phishing and malware websites and checks downloads for malware.
+
+If you encounter an unsafe site, click **More […] > Send feedback** on Microsoft Edge. You can also [report unsafe sites directly to Microsoft](https://www.microsoft.com/wdsi/support/report-unsafe-site).
+
+### Pirated material on compromised websites
+
+Using pirated content is not only illegal, it can also expose your device to malware. Sites that offer pirated software and media are also often used to distribute malware when the site is visited. Sometimes pirated software is bundled with malware and other unwanted software when downloaded, including intrusive browser plugins and adware.
+
+Users do not openly discuss visits to these sites, so any untoward experience are more likely to stay unreported.
+
+To stay safe, download movies, music, and apps from official publisher websites or stores. Consider running a streamlined OS such as [Windows 10 Pro SKU S Mode](https://www.microsoft.com/windows/s-mode), which ensures that only vetted apps from the Windows Store are installed.
+
+## Don't attach unfamiliar removable drives
+
+Some types of malware spread by copying themselves to USB flash drives or other removable drives. There are malicious individuals that intentionally prepare and distribute infected drives by leaving them in public places for unsuspecting individuals.
+
+Only use removable drives that you are familiar with or that come from a trusted source. If a drive has been used in publicly accessible devices, like computers in a café or a library, make sure you have antimalware running on your computer before you use the drive. Avoid opening unfamiliar files you find on suspect drives, including Office and PDF documents and executable files.
+
+## Use a non-administrator account
+
+At the time they are launched, whether inadvertently by a user or automatically, most malware run under the same privileges as the active user. This means that by limiting account privileges, you can prevent malware from making consequential changes any devices.
+
+By default, Windows uses [User Account Control (UAC)](/windows/security/identity-protection/user-account-control/user-account-control-overview.md) to provide automatic, granular control of privilegesΓÇöit temporarily restricts privileges and prompts the active user every time an application attempts to make potentially consequential changes to the system. Although UAC helps limit the privileges of admin users, users can override this restriction when prompted. As a result, it is quite easy for an admin user to inadvertently allow malware to run.
+
+To help ensure that everyday activities do not result in malware infection and other potentially catastrophic changes, it is recommended that you use a non-administrator account for regular use. By using a non-administrator account, you can prevent installation of unauthorized apps and prevent inadvertent changes to system settings. Avoid browsing the web or checking email using an account with administrator privileges.
+
+Whenever necessary, log in as an administrator to install apps or make configuration changes that require admin privileges.
+
+[Read about creating user accounts and giving administrator privileges](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10)
+
+## Other safety tips
+
+To further ensure that data is protected from malware and other threats:
+
+* Backup files. Follow the 3-2-1 rule: make **3 copies**, store in at least **2 locations**, with at least **1 offline copy**. Use [OneDrive](https://onedrive.live.com/about) for reliable cloud-based copies that allow access to files from multiple devices and helps recover damaged or lost files, including files locked by ransomware.
+
+* Be wary when connecting to public hotspots, particularly those that do not require authentication.
+
+* Use [strong passwords](https://support.microsoft.com/help/12410/microsoft-account-help-protect-account) and enable multi-factor authentication.
+
+* Do not use untrusted devices to log on to email, social media, and corporate accounts.
+
+* Avoid downloading or running older apps. Some of these apps might have vulnerabilities. Also, older file formats for Office 2003 (.doc, .pps, and .xls) allow macros or run. This could be a security risk.
+
+## Software solutions
+
+Microsoft provides comprehensive security capabilities that help protect against threats. We recommend:
+
+* [Automatic Microsoft updates](https://support.microsoft.com/help/12373/windows-update-faq) keeps software up to date to get the latest protections.
+
+* [Controlled folder access](/microsoft-365/security/defender-endpoint/enable-controlled-folders) stops ransomware in its tracks by preventing unauthorized access to your important files. Controlled folder access locks down folders, allowing only authorized apps to access files. Unauthorized apps, including ransomware and other malicious executable files, DLLs, and scripts are denied access.
+
+* [Microsoft Edge](/microsoft-edge/deploy/index) browser protects against threats such as ransomware by preventing exploit kits from running. By using [Windows Defender SmartScreen](/microsoft-edge/deploy/index), Microsoft Edge blocks access to malicious websites.
+
+* [Microsoft Exchange Online Protection (EOP)](https://products.office.com/exchange/exchange-email-security-spam-protection) offers enterprise-class reliability and protection against spam and malware, while maintaining access to email during and after emergencies.
+
+* [Microsoft Safety Scanner](safety-scanner-download.md) helps remove malicious software from computers. NOTE: This tool does not replace your antimalware product.
+
+* [Microsoft 365](/microsoft-365/enterprise/) includes Office 365, Windows 10, and Enterprise Mobility + Security. These resources power productivity while providing intelligent security across users, devices, and data.
+
+* [Microsoft Defender for Office 365](/office365/servicedescriptions/office-365-advanced-threat-protection-service-description) includes machine learning capabilities that block dangerous emails, including millions of emails carrying ransomware downloaders.
+
+* [OneDrive for Business](https://support.office.com/article/restore-a-previous-version-of-a-file-in-onedrive-159cad6d-d76e-4981-88ef-de6e96c93893?ui=en-US&rs=en-US&ad=US) can back up files, which you would then use to restore files in the event of an infection.
+
+* [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint) provides comprehensive endpoint protection, detection, and response capabilities to help prevent ransomware. In the event of a breach, Microsoft Defender for Endpoint alerts security operations teams about suspicious activities and automatically attempts to resolve the problem. This includes alerts for suspicious PowerShell commands, connecting to a TOR website, launching self-replicated copies, and deletion of volume shadow copies. Try Microsoft Defender for Endpoint free of charge.
+
+* [Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-identity-verification.md) replaces passwords with strong two-factor authentication on your devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN. It lets user authenticate to an Active Directory or Azure Active Directory account.
+
+### Earlier than Windows 10 (not recommended)
+
+* [Microsoft Security Essentials](https://www.microsoft.com/download/details.aspx?id=5201) provides real-time protection for your home or small business device that guards against viruses, spyware, and other malicious software.
+
+## What to do with a malware infection
+
+Microsoft Defender for Endpoint antivirus capabilities help reduce the chances of infection and will automatically remove threats that it detects.
+
+In case threat removal is unsuccessful, read about [troubleshooting malware detection and removal problems](https://support.microsoft.com/help/4466982/windows-10-troubleshoot-problems-with-detecting-and-removing-malware).
security Rootkits Malware https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/rootkits-malware.md
+
+ Title: Rootkits
+
+description: Rootkits may be used by malware authors to hide malicious code on your computer and make malware or potentially unwanted software harder to remove.
+keywords: security, malware, rootkit, hide, protection, hiding, WDSI, MMPC, Microsoft Malware Protection Center, rootkits, Sirefef, Rustock, Sinowal, Cutwail, malware, virus
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+++
+audience: ITPro
++
+search.appverid: met150
+ms.technology: m365d
+
+# Rootkits
+
+Malware authors use rootkits to hide malware on your device, allowing malware to persist as long as possible. A successful rootkit can potentially remain in place for years if it's undetected. During this time, it will steal information and resources.
+
+## How rootkits work
+
+Rootkits intercept and change standard operating system processes. After a rootkit infects a device, you canΓÇÖt trust any information that device reports about itself.
+
+If you were to ask a device to list all of the programs that are running, the rootkit might stealthily remove any programs it doesnΓÇÖt want you to know about. Rootkits are all about hiding things. They want to hide both themselves and their malicious activity on a device.
+
+Many modern malware families use rootkits to try to avoid detection and removal, including:
+
+* [Alureon](https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Win32%2fAlureon)
+
+* [Cutwail](https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Win32%2fCutwail)
+
+* [Datrahere](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win64/Detrahere) (Zacinlo)
+
+* [Rustock](https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32%2fRustock)
+
+* [Sinowal](https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Win32%2fSinowal)
+
+* [Sirefef](https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Win32%2fSirefef)
+
+## How to protect against rootkits
+
+Like any other type of malware, the best way to avoid rootkits is to prevent it from being installed in the first place.
+
+* Apply the latest updates to operating systems and apps.
+
+* Educate your employees so they can be wary of suspicious websites and emails.
+
+* Back up important files regularly. Use the 3-2-1 rule. Keep three backups of your data, on two different storage types, and at least one backup offsite.
+
+For more general tips, see [prevent malware infection](prevent-malware-infection.md).
+
+### What if I think I have a rootkit on my device?
+
+Microsoft security software includes a number of technologies designed specifically to remove rootkits. If you think you have a rootkit that your antimalware software isnΓÇÖt detecting, you may need an extra tool that lets you boot to a known trusted environment.
+
+[Microsoft Defender Offline](https://support.microsoft.com/help/17466/microsoft-defender-offline-help-protect-my-pc) can be launched from the Windows Security app and has the latest antimalware updates from Microsoft. ItΓÇÖs designed to be used on devices that aren't working correctly because of a possible malware infection.
+
+[System Guard](https://cloudblogs.microsoft.com/microsoftsecure/2017/10/23/hardening-the-system-and-maintaining-integrity-with-windows-defender-system-guard/) in Windows 10 protects against rootkits and threats that impact system integrity.
+
+### What if I canΓÇÖt remove a rootkit?
+
+If the problem persists, we strongly recommend reinstalling the operating system and security software. Then restore your data from a backup.
security Safety Scanner Download https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/safety-scanner-download.md
+
+ Title: Microsoft Safety Scanner Download
+
+description: Get the Microsoft Safety Scanner tool to find and remove malware from Windows computers.
+keywords: security, malware
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+++
+audience: ITPro
++
+search.appverid: met150
+ms.technology: m365d
+
+# Microsoft Safety Scanner Download
+
+Microsoft Safety Scanner is a scan tool designed to find and remove malware from Windows computers. Simply download it and run a scan to find malware and try to reverse changes made by identified threats.
+
+- **[Download Microsoft Safety Scanner (32-bit)](https://go.microsoft.com/fwlink/?LinkId=212733)**
+
+- **[Download Microsoft Safety Scanner (64-bit)](https://go.microsoft.com/fwlink/?LinkId=212732)**
+
+> [!NOTE]
+> Starting November 2019, Safety Scanner will be SHA-2 signed exclusively. Your devices must be updated to support SHA-2 in order to run Safety Scanner. To learn more, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](https://support.microsoft.com/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus).
+
+## Important information
+
+- The security intelligence update version of the Microsoft Safety Scanner matches the version described [in this web page](https://www.microsoft.com/wdsi/definitions).
+
+- Safety Scanner only scans when manually triggered and is available for use 10 days after being downloaded. We recommend that you always download the latest version of this tool before each scan.
+
+- Safety scanner is a portable executable and does not appear in the Windows Start menu or as an icon on the desktop. Note where you saved this download.
+
+- This tool does not replace your antimalware product. For real-time protection with automatic updates, use [Microsoft Defender Antivirus on Windows 11, Windows 10, and Windows 8](https://www.microsoft.com/windows/comprehensive-security) or [Microsoft Security Essentials on Windows 7](https://support.microsoft.com/help/14210/security-essentials-download). These antimalware products also provide powerful malware removal capabilities. If you are having difficulties removing malware with these products, you can refer to our help on [removing difficult threats](https://www.microsoft.com/wdsi/help/troubleshooting-infection).
+
+## System requirements
+
+Safety Scanner helps remove malicious software from computers running Windows 11, Windows 10, Windows 10 Tech Preview, Windows 8.1, Windows 8, Windows 7, Windows Server 2019, Windows Server 2016, Windows Server Tech Preview, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008. For details, refer to the [Microsoft Lifecycle Policy](/lifecycle/).
+
+## How to run a scan
+
+1. Download this tool and open it.
+2. Select the type of scan that you want to run and start the scan.
+3. Review the scan results displayed on screen. For detailed detection results, view the log at **%SYSTEMROOT%\debug\msert.log**.
+
+To remove this tool, delete the executable file (msert.exe by default).
+
+For more information about the Safety Scanner, see the support article on [how to troubleshoot problems using Safety Scanner](https://support.microsoft.com/kb/2520970).
+
+## Related resources
+
+- [Troubleshooting Safety Scanner](https://support.microsoft.com/help/2520970/how-to-troubleshoot-an-error-when-you-run-the-microsoft-safety-scanner)
+- [Microsoft Defender Antivirus](https://www.microsoft.com/windows/comprehensive-security)
+- [Microsoft Security Essentials](https://support.microsoft.com/help/14210/security-essentials-download)
+- [Removing difficult threats](https://support.microsoft.com/help/4466982/windows-10-troubleshoot-problems-with-detecting-and-removing-malware)
+- [Submit file for malware analysis](https://www.microsoft.com/wdsi/filesubmission)
+- [Microsoft antimalware and threat protection solutions](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint)
security Submission Guide https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/submission-guide.md
+
+ Title: Submit files for analysis by Microsoft
+description: Learn how to submit files to Microsoft for malware analysis, how to track your submissions, and dispute detections.
+
+keywords: security, sample submission help, malware file, virus file, trojan file, submit, send to Microsoft, submit a sample, virus, trojan, worm, undetected, doesnΓÇÖt detect, email microsoft, email malware, I think this is malware, I think it's a virus, where can I send a virus, is this a virus, MSE, doesnΓÇÖt detect, no signature, no detection, suspect file, MMPC, Microsoft Malware Protection Center, researchers, analyst, WDSI, security intelligence
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+++
+audience: ITPro
++
+search.appverid: met150
+ms.technology: m365d
++
+# Submit files for analysis
+
+If you have a file that you suspect might be malware or is being incorrectly detected, you can submit it to us for analysis. This page has answers to some common questions about submitting a file for analysis.
+
+## How do I send a malware file to Microsoft?
+
+You can send us files that you think might be malware or files that have been incorrectly detected through the [sample submission portal](https://www.microsoft.com/en-us/wdsi/filesubmission).
+
+We receive a large number of samples from many sources. Our analysis is prioritized by the number of file detections and the type of submission. You can help us complete a quick analysis by providing detailed information about the product you were using and what you were doing when you found the file.
+
+After you sign in, you will be able to track your submissions.
+
+## Can I send a sample by email?
+
+No, we only accept submissions through our [sample submission portal](https://www.microsoft.com/en-us/wdsi/filesubmission).
+
+## Can I submit a sample without signing in?
+
+No. If you're an enterprise customer, you need to sign in so that we can prioritize your submission appropriately. If you are currently experiencing a virus outbreak or security-related incident, you should contact your designated Microsoft support professional or go to [Microsoft Support](https://support.microsoft.com/) for immediate assistance.
+
+## What is the Software Assurance ID (SAID)?
+
+The [Software Assurance ID (SAID)](https://www.microsoft.com/licensing/licensing-programs/software-assurance-default.aspx) is for enterprise customers to track support entitlements. The submission portal accepts and retains SAID information and allows customers with valid SAIDs to make higher priority submissions.
+
+### How do I dispute the detection of my program?
+
+[Submit the file](https://www.microsoft.com/en-us/wdsi/filesubmission) in question as a software developer. Wait until your submission has a final determination.
+
+If youΓÇÖre not satisfied with our determination of the submission, use the developer contact form provided with the submission results to reach Microsoft. We will use the information you provide to investigate further if necessary.
+
+We encourage all software vendors and developers to read about [how Microsoft identifies malware and unwanted software](criteria.md).
+
+## How do I track or view past sample submissions?
+
+You can track your submissions through the [submission history page](https://www.microsoft.com/en-us/wdsi/submissionhistory).
+
+## What does the submission status mean?
+
+Each submission is shown to be in one of the following status types:
+
+* SubmittedΓÇöthe file has been received
+
+* In progressΓÇöan analyst has started checking the file
+
+* ClosedΓÇöa final determination has been given by an analyst
+
+You can see the status of any files you submit to us on the [submission history page](https://www.microsoft.com/en-us/wdsi/submissionhistory).
+
+## How does Microsoft prioritize submissions
+
+Processing submissions take dedicated analyst resource. Because we regularly receive a large number of submissions, we handle them based on a priority. The following factors affect how we prioritize submissions:
+
+* Prevalent files with the potential to impact large numbers of computers are prioritized.
+
+* Authenticated customers, especially enterprise customers with valid [Software Assurance IDs (SAIDs)](https://www.microsoft.com/licensing/licensing-programs/software-assurance-default.aspx), are given priority.
+
+* Submissions flagged as high priority by SAID holders are given immediate attention.
+
+Your submission is immediately scanned by our systems to give you the latest determination even before an analyst starts handling your case. Note that the same file may have already been processed by an analyst. To check for updates to the determination, select rescan on the submission details page.
security Supply Chain Malware https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/supply-chain-malware.md
+
+ Title: Supply chain attacks
+
+description: Learn about how supply chain attacks work, deliver malware do your devices, and what you can do to protect yourself
+keywords: security, malware, protection, supply chain, hide, distribute, trust, compromised
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+++
+audience: ITPro
++
+search.appverid: met150
+ms.technology: m365d
++
+# Supply chain attacks
+
+Supply chain attacks are an emerging kind of threat that target software developers and suppliers. The goal is to access source codes, build processes, or update mechanisms by infecting legitimate apps to distribute malware.
+
+## How supply chain attacks work
+
+> [!video https://www.youtube.com/embed/uXm2XNSavwo]
+
+Attackers hunt for unsecure network protocols, unprotected server infrastructures, and unsafe coding practices. They break in, change source codes, and hide malware in build and update processes.
+
+Because software is built and released by trusted vendors, these apps and updates are signed and certified. In software supply chain attacks, vendors are likely unaware that their apps or updates are infected with malicious code when theyΓÇÖre released to the public. The malicious code then runs with the same trust and permissions as the app.
+
+The number of potential victims is significant, given the popularity of some apps. A case occurred where a free file compression app was poisoned and deployed to customers in a country where it was the top utility app.
+
+### Types of supply chain attacks
+
+* Compromised software building tools or updated infrastructure
+
+* Stolen code-sign certificates or signed malicious apps using the identity of dev company
+
+* Compromised specialized code shipped into hardware or firmware components
+
+* Pre-installed malware on devices (cameras, USB, phones, etc.)
+
+To learn more about supply chain attacks, read this blog post called [attack inception: compromised supply chain within a supply chain poses new risks](https://cloudblogs.microsoft.com/microsoftsecure/2018/07/26/attack-inception-compromised-supply-chain-within-a-supply-chain-poses-new-risks/).
+
+## How to protect against supply chain attacks
+
+* Deploy strong code integrity policies to allow only authorized apps to run.
+
+* Use endpoint detection and response solutions that can automatically detect and remediate suspicious activities.
+
+### For software vendors and developers
+
+* Maintain a highly secure build and update infrastructure.
+ * Immediately apply security patches for OS and software.
+ * Implement mandatory integrity controls to ensure only trusted tools run.
+ * Require multi-factor authentication for admins.
+
+* Build secure software updaters as part of the software development lifecycle.
+ * Require SSL for update channels and implement certificate pinning.
+ * Sign everything, including configuration files, scripts, XML files, and packages.
+ * Check for digital signatures, and donΓÇÖt let the software updater accept generic input and commands.
+
+* Develop an incident response process for supply chain attacks.
+ * Disclose supply chain incidents and notify customers with accurate and timely information
+
+For more general tips on protecting your systems and devices, see [prevent malware infection](prevent-malware-infection.md).
security Support Scams https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/support-scams.md
+
+ Title: Tech Support Scams
+
+description: Microsoft security software can protect you from tech support scams that claims to scan for malware or viruses and then shows you fake detections and warnings.
+keywords: security, malware, tech support, scam, protection, trick, spoof, fake, error messages, report, rogue security software, fake, antivirus, fake software, rogue, threats, fee, removal fee, upgrade, pay for removal, install full version, trial, lots of threats, scanner, scan, clean, computer, security, program, XP home security, fake microsoft, activate, activate scan, activate antivirus, warnings, pop-ups, security warnings, security pop-ups tech support scams, fake Microsoft error notification, fake virus alert, fake product expiration, fake Windows activation, scam web pages, scam phone numbers, telephone numbers, MMPC, WDSI, Microsoft Malware Protection Center, tech support scam numbers
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+++
+audience: ITPro
++
+search.appverid: met150
+ms.technology: m365d
+
+# Tech support scams
+
+Tech support scams are an industry-wide issue where scammers use scare tactics to trick users into paying for unnecessary technical support services that supposedly fix contrived device, platform, or software problems.
+
+## How tech support scams work
+
+Scammers may call you directly on your phone and pretend to be representatives of a software company. They might even spoof the caller ID so that it displays a legitimate support phone number from a trusted company. They can then ask you to install applications that give them remote access to your device. Using remote access, these experienced scammers can misrepresent normal system output as signs of problems.
+
+Scammers might also initiate contact by displaying fake error messages on websites you visit, displaying support numbers and enticing you to call. They can also put your browser on full screen and display pop-up messages that won't go away, essentially locking your browser. These fake error messages aim to trick you into calling an indicated technical support hotline. Note that Microsoft error and warning messages never include phone numbers.
+
+When you engage with the scammers, they can offer fake solutions for your ΓÇ£problemsΓÇ¥ and ask for payment in the form of a one-time fee or subscription to a purported support service.
+
+**For more information, view [known tech support scam numbers and popular web scams](https://support.microsoft.com/help/4013405/windows-protect-from-tech-support-scams).**
+
+## How to protect against tech support scams
+
+Share and implement the general tips on how to [prevent malware infection](prevent-malware-infection.md).
+
+It is also important to keep the following in mind:
+
+* Microsoft does not send unsolicited email messages or make unsolicited phone calls to request personal or financial information, or to fix your computer.
+
+* Any communication with Microsoft has to be initiated by you.
+
+* DonΓÇÖt call the number in the pop-ups. MicrosoftΓÇÖs error and warning messages never include a phone number.
+
+* Download software only from official vendor websites or the Microsoft Store. Be wary of downloading software from third-party sites, as some of them might have been modified without the authorΓÇÖs knowledge to bundle support scam malware and other threats.
+
+* Use [Microsoft Edge](https://www.microsoft.com/windows/microsoft-edge) when browsing the internet. It blocks known support scam sites using Windows Defender SmartScreen (which is also used by Internet Explorer). Furthermore, Microsoft Edge can stop pop-up dialogue loops used by these sites.
+
+* Enable [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-in-windows-10) in Windows 10. It detects and removes known support scam malware.
+
+## What to do if information has been given to a tech support person
+
+* Uninstall applications that scammers asked to be install. If access has been granted, consider resetting the device
+
+* Run a full scan with Microsoft Defender Antivirus to remove any malware. Apply all security updates as soon as they are available.
+
+* Change passwords.
+
+* Call your credit card provider to reverse the charges, if you have already paid.
+
+* Monitor anomalous logon activity. Use Windows Defender Firewall to block traffic to services that you would not normally access.
+
+### Reporting tech support scams
+
+Help Microsoft stop scammers, whether they claim to be from Microsoft or from another tech company, by reporting tech support scams:
+
+<b>www.microsoft.com/reportascam</b>
+
+You can also report any **unsafe website** that you suspect is a phishing website or contains malicious content directly to Microsoft by filling out a [Report an unsafe site form](https://www.microsoft.com/wdsi/support/report-unsafe-site) or using built in web browser functionality.
security Trojans Malware https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/trojans-malware.md
+
+ Title: Trojan malware
+
+description: Trojans are a type of threat that can infect your device. This page tells you what they are and how to remove them.
+keywords: security, malware, protection, trojan, download, file, infection, trojans, virus, protection, cleanup, removal, antimalware, antivirus, WDSI, MMPC, Microsoft Malware Protection Center, malware types
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+++
+audience: ITPro
++
+search.appverid: met150
+ms.technology: m365d
++
+# Trojans
+
+Trojans are a common type of malware which, unlike viruses, canΓÇÖt spread on their own. This means they either have to be downloaded manually or another malware needs to download and install them.
+
+Trojans often use the same file names as real and legitimate apps. It is easy to accidentally download a trojan thinking that it is a legitimate app.
+
+## How trojans work
+
+Trojans can come in many different varieties, but generally they do the following:
+
+- Download and install other malware, such as viruses or [worms](worms-malware.md).
+
+- Use the infected device for click fraud.
+
+- Record keystrokes and websites visited.
+
+- Send information about the infected device to a malicious hacker including passwords, login details for websites, and browsing history.
+
+- Give a malicious hacker control over the infected device.
+
+## How to protect against trojans
+
+Use the following free Microsoft software to detect and remove it:
+
+- [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-in-windows-10) for Windows 10 and Windows 8.1, or [Microsoft Security Essentials](https://www.microsoft.com/download/details.aspx?id=5201) for previous versions of Windows.
+
+- [Microsoft Safety Scanner](safety-scanner-download.md)
+
+For more general tips, see [prevent malware infection](prevent-malware-infection.md).
security Understanding Malware https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/understanding-malware.md
+
+ Title: Understanding malware & other threats
+
+description: Learn about the most prevalent viruses, malware, and other threats. Understand how they infect systems, how they behave, and how to prevent and remove them.
+keywords: security, malware, virus, malware, threat, analysis, research, encyclopedia, dictionary, glossary, ransomware, support scams, unwanted software, computer infection, virus infection, descriptions, remediation, latest threats, mmpc, microsoft malware protection center, wdsi
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+++
+audience: ITPro
++
+search.appverid: met150
+ms.technology: m365d
+
+# Understanding malware & other threats
+
+Malware is a term used to describe malicious applications and code that can cause damage and disrupt normal use of devices. Malware can allow unauthorized access, use system resources, steal passwords, lock you out of your computer and ask for ransom, and more.
+
+Cybercriminals that distribute malware are often motivated by money and will use infected computers to launch attacks, obtain banking credentials, collect information that can be sold, sell access to computing resources, or extort payment from victims.
+
+As criminals become more sophisticated with their attacks, Microsoft is here to help. Windows 10 is the most secure version of Windows yet and includes many features to help protect you whether you're at home, at work, or on the go. With [Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp), businesses can stay protected with next-generation protection and other security capabilities.
+
+For good general tips, check out the [prevent malware infection](prevent-malware-infection.md) topic.
+
+There are many types of malware, including:
+
+- [Coin miners](coinminer-malware.md)
+- [Exploits and exploit kits](exploits-malware.md)
+- [Macro malware](macro-malware.md)
+- [Phishing](phishing.md)
+- [Ransomware](/security/compass/human-operated-ransomware)
+- [Rootkits](rootkits-malware.md)
+- [Supply chain attacks](supply-chain-malware.md)
+- [Tech support scams](support-scams.md)
+- [Trojans](trojans-malware.md)
+- [Unwanted software](unwanted-software.md)
+- [Worms](worms-malware.md)
+
+## Additional resources and information
+
+- Keep up with the latest malware news and research. Check out our [Microsoft security blogs](https://www.microsoft.com/security/blog/product/windows/) and follow us on [Twitter](https://twitter.com/wdsecurity) for the latest news, discoveries, and protections.
+
+- Learn more about [Windows security](../../index.yml).
+
+- Learn how to [deploy threat protection capabilities across Microsoft 365 E5](/microsoft-365/solutions/deploy-threat-protection).
+
security Unwanted Software https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/unwanted-software.md
+
+ Title: Unwanted software
+
+description: Learn about how unwanted software changes your default settings without your consent and what you can do to protect yourself.
+keywords: security, malware, protection, unwanted, software, alter, infect, unwanted software, software bundlers, browser modifiers, privacy, security, computing experience, prevent infection, solution, WDSI, MMPC, Microsoft Malware Protection Center, virus research threats, research malware, pc protection, computer infection, virus infection, descriptions, remediation, latest threats
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+++
+audience: ITPro
++
+search.appverid: met150
+ms.technology: m365d
+
+# Unwanted software
+
+Unwanted software are programs that alter the Windows experience without your consent or control. This can take the form of modified browsing experience, lack of control over downloads and installation, misleading messages, or unauthorized changes to Windows settings.
+
+## How unwanted software works
+
+Unwanted software can be introduced when a user searches for and downloads applications from the internet. Some applications are software bundlers, which means that they are packed with other applications. As a result, other programs can be inadvertently installed when the original application is downloaded.
+
+Here are some indications of unwanted software:
+
+- There are programs that you did not install and that may be difficult to uninstall
+
+- Browser features or settings have changed, and you canΓÇÖt view or modify them
+
+- There are excessive messages about your device's health or about files and programs
+
+- There are ads that cannot be easily closed
+
+Some indicators are harder to recognize because they are less disruptive, but are still unwanted. For example, unwanted software can modify web pages to display specific ads, monitor browsing activities, or remove control of the browser.
+
+Microsoft uses an extensive [evaluation criteria](criteria.md) to identify unwanted software.
+
+## How to protect against unwanted software
+
+To prevent unwanted software infection, download software only from official websites, or from the Microsoft Store. Be wary of downloading software from third-party sites.
+
+Use [Microsoft Edge](/microsoft-edge/deploy/index) when browsing the internet. Microsoft Edge includes additional protections that effectively block browser modifiers that can change your browser settings. Microsoft Edge also blocks known websites hosting unwanted software using [Windows Defender SmartScreen](/microsoft-edge/deploy/index) (also used by Internet Explorer).
+
+Enable [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-in-windows-10) in Windows 10. It provides real-time protection against threats and detects and removes known unwanted software.
+
+Download [Microsoft Security Essentials](https://www.microsoft.com/download/details.aspx?id=5201) for real-time protection in Windows 7 or Windows Vista.
+
+For more general tips, see [prevent malware infection](prevent-malware-infection.md).
+
+### What should I do if my device is infected?
+
+If you suspect that you have unwanted software, you can [submit files for analysis](https://www.microsoft.com/wdsi/filesubmission).
+
+Some unwanted software adds uninstallation entries, which means that you can **remove them using Settings**.
+1. Select the Start button
+2. Go to **Settings > Apps > Apps & features**.
+3. Select the app you want to uninstall, then click **Uninstall**.
+
+If you only recently noticed symptoms of unwanted software infection, consider sorting the apps by install date, and then uninstall the most recent apps that you did not install.
+
+You may also need to **remove browser add-ons** in your browsers, such as Internet Explorer, Firefox, or Chrome.
+
+In case threat removal is unsuccessful, read about [troubleshooting malware detection and removal problems](https://support.microsoft.com/help/4466982/windows-10-troubleshoot-problems-with-detecting-and-removing-malware).
security Virus Information Alliance Criteria https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/virus-information-alliance-criteria.md
+
+ Title: Virus Information Alliance
+
+description: The Microsoft Virus Information Alliance (VIA) is a collaborative antimalware program for organizations fighting cybercrime.
+keywords: security, malware, Microsoft, MMPC, Microsoft Malware Protection Center, partners, sharing, samples, vendor exchange, CSS, alliance, WDSI
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+++
+audience: ITPro
++
+ms.technology: m365d
+
+# Virus Information Alliance
+
+The Virus Information Alliance (VIA) is a public anti-malware collaboration program for security software providers, security service providers, anti-malware testing organizations, and other organizations involved in fighting cyber crime.
+
+Members of the VIA program collaborate by exchanging technical information on malicious software with Microsoft. The goal is to improve protection for Microsoft customers.
+
+## Better protection for customers against malware
+
+The VIA program gives members access to information that will help them improve protection. For example, the program provides malware telemetry and samples to security teams so they can identify gaps and prioritize new threat coverage.
+
+Malware prevalence data is provided to anti-malware testers to assist them in selecting sample sets. The data also helps set scoring criteria that represent the real-world threat landscape. Service organizations, such as a CERT, can leverage our data to help assess the impact of policy changes or to help shut down malicious activity.
+
+Microsoft is committed to continuous improvement to help reduce the impact of malware on customers. By sharing malware-related information, Microsoft enables members of this community to work towards better protection for customers.
+
+## Becoming a member of VIA
+
+Microsoft has well-defined, objective, measurable, and tailored membership criteria for prospective members of the Virus Information Alliance (VIA).
+
+The criteria is designed to ensure that Microsoft can work with the following groups to protect a broad range of customers:
+
+- Security software providers
+- Security service providers
+- Anti-malware testing organizations
+- Other organizations involved in the fight against cybercrime
+
+Members will receive information to facilitate effective malware detection, deterrence, and eradication. This information includes technical information on malware and metadata on malicious activity. Information shared through VIA is governed by the VIA membership agreement and a Microsoft non-disclosure agreement, where applicable.
+
+VIA has an open enrollment for potential members.
+
+### Initial selection criteria
+
+To be eligible for VIA your organization must:
+
+1. Be willing to sign a non-disclosure agreement with Microsoft.
+
+2. Fit into one of the following categories:
+
+ - Your organization develops anti-malware technology that can run on Windows and your organizationΓÇÖs product is commercially available.
+ - Your organization provides security services to Microsoft customers or for Microsoft products.
+ - Your organization publishes anti-malware testing reports regularly.
+ - Your organization has a research or response team dedicated to fighting malware to protect your organization, your customers, or the general public.
+
+3. Be willing to sign and adhere to the VIA membership agreement.
+
+If your organization meets these criteria and is interested in joining, [apply for membership now](https://www.microsoft.com/wdsi/alliances/apply-alliance-membership). For questions, [contact us for more information](https://www.microsoft.com/wdsi/alliances/collaboration-inquiry).
security Virus Initiative Criteria https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/virus-initiative-criteria.md
+
+ Title: Microsoft Virus Initiative
+
+description: The Microsoft Virus Initiative (MVI) helps organizations that make antivirus or antimalware products integrate with Windows and share telemetry with Microsoft.
+keywords: security, malware, MVI, Microsoft Malware Protection Center, MMPC, alliances, WDSI
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+++
+audience: ITPro
++
+ms.technology: m365d
++
+# Microsoft Virus Initiative
+
+The Microsoft Virus Initiative (MVI) helps organizations develop better-together security solutions that are performant, reliable, and aligned with Microsoft technology and strategy.
+
+## Become a member
+
+You can request membership if you're a representative for an organization that develops and produces antimalware or antivirus technology.
+
+To qualify for the MVI program, your organization must meet all the following requirements:
+
+1) Your security solution either replaces or compliments Microsoft Defender Antivirus.
+
+2) Your organization is responsible for both developing and distributing app updates to end-customers that address compatibility with Windows.
+
+3) Your organization must be active in the antimalware industry and have a positive reputation, as evidenced by participation in industry conferences or being reviewed in an industry-standard report such as AV-Comparatives, OPSWAT, or Gartner.
+
+4) Your organization must sign a non-disclosure agreement (NDA) with Microsoft.
+
+5) Your organization must sign a program license agreement. Maintaining this license agreement requires that you adhere to all program requirements for antimalware apps. These requirements define the behavior of antimalware apps necessary to ensure proper interaction with Windows.
+
+6) You must submit your app to Microsoft for periodic performance testing and feature review.
+
+7) Your solution must be certified through independent testing by at least one industry-standard organization, and yearly certification must be maintained.
+
+Test Provider | Lab Test Type | Minimum Level / Score
+- ||-
+AV-Comparatives | Real-World Protection Test </br> https://www.av-comparatives.org/testmethod/real-world-protection-tests/ |ΓÇ£ApprovedΓÇ¥ rating from AV Comparatives
+AV-Test | Must pass tests for Windows. Certifications for Mac and Linux aren't accepted </br> https://www.av-test.org/en/about-the-institute/certification/ | Achieve "AV-TEST Certified" (for home users) or "AV-TEST ApprovedΓÇ¥ (for corporate users)
+ICSA Labs | Endpoint Anti-Malware Detection </br> https://www.icsalabs.com/technology-program/anti-virus/criteria |PASS/Certified
+SKD Labs | Certification Requirements Product: Anti-virus or Antimalware </br> http://www.skdlabs.com/html/english/ </br> http://www.skdlabs.com/cert/ |SKD Labs Star Check Certification Requirements Pass >= 98.5% with On Demand, On Access and Total Detection tests
+VB 100 | VB100 Certification Test V1.1 </br> https://www.virusbulletin.com/testing/vb100/vb100-methodology/vb100-methodology-ver1-1/ | VB100 Certification
+West Coast Labs | Checkmark Certified </br> http://www.checkmarkcertified.com/sme/ | ΓÇ£AΓÇ¥ Rating on Product Security Performance
+
+## Apply now
+
+If your organization meets these criteria and is interested in joining, [apply for membership now](https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbRxusDUkejalGp0OAgRTWC7BUQVRYUEVMNlFZUjFaUDY2T1U1UDVVU1NKVi4u).
security Worms Malware https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/worms-malware.md
+
+ Title: Worms
+
+description: Learn about how worms replicate and spread to other computers or networks. Read about the most popular worms and steps you can take to stop them.
+keywords: security, malware, protection, worm, vulnerabilities, infect, steal, Jenxcus, Gamarue, Bondat, WannaCrypt, WDSI, MMPC, Microsoft Malware Protection Center, worms, malware types, threat propagation, mass-mailing, IP scanning
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+++
+audience: ITPro
++
+search.appverid: met150
+ms.technology: m365d
++
+# Worms
+
+A worm is a type of malware that can copy itself and often spreads through a network by exploiting security vulnerabilities. It can spread through email attachments, text messages, file-sharing programs, social networking sites, network shares, removable drives, and software vulnerabilities.
+
+## How worms work
+
+Worms represent a large category of malware. Different worms use different methods to infect devices. Depending on the variant, they can steal sensitive information, change security settings, send information to malicious hackers, stop users from accessing files, and other malicious activities.
+
+Jenxcus (also known as Dunihi), Gamarue (also known as Androm), and Bondat have consistently remained at the top of the list of malware that infects users running Microsoft software. Although these worms share some commonalities, it's interesting to note that they also have distinct characteristics.
+
+* **Jenxcus** has capabilities of not only infecting removable drives but can also act as a backdoor that connects back to its server. This threat typically gets into a device from a drive-by download attack, meaning it's installed when users just visit a compromised web page.
+
+* **Gamarue** typically arrives through spam campaigns, exploits, downloaders, social networking sites, and removable drives. When Gamarue infects a device, it becomes a distribution channel for other malware. WeΓÇÖve seen it distribute other malware such as info stealers, spammers, clickers, downloaders, and rogues.
+
+* **Bondat** typically arrives through fictitious Nullsoft Scriptable Install System (NSIS), Java installers, and removable drives. When Bondat infects a system, it gathers information about the machine such as device name, Globally Unique Identifier (GUID), and OS build. It then sends that information to a remote server.
+
+Both Bondat and Gamarue have clever ways of obscuring themselves to evade detection. By hiding what they're doing, they try to avoid detection by security software.
+
+* [**WannaCrypt**](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=Ransom:Win32/WannaCrypt) also deserves a mention here. Unlike older worms that often spread just because they could, modern worms often spread to drop a payload (like ransomware).
+
+This image shows how a worm can quickly spread through a shared USB drive.
+
+![Worm example.](../../media/security-intelligence-images/worm-usb-flight.png)
+
+### *Figure worm spreading from a shared USB drive*
+
+## How to protect against worms
+
+Enable [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-in-windows-10) in Windows 10. It provides real-time protection against threats and detects and removes known unwanted software.
+
+Download [Microsoft Security Essentials](https://www.microsoft.com/download/details.aspx?id=5201) for real-time protection in Windows 7 or Windows Vista.
+
+In case threat removal is unsuccessful, read about [troubleshooting malware detection and removal problems](https://www.microsoft.com/wdsi/help/troubleshooting-infection).
+
+For more general tips, see [prevent malware infection](/microsoft-365/security/defender-endpoint/prevent-malware-infection).
security Anti Spam Message Headers https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-spam-message-headers.md
The individual fields and values are described in the following table.
> [!NOTE] > The **X-Forefront-Antispam-Report** header contains many different fields and values. Fields that aren't described in the table are used exclusively by the Microsoft anti-spam team for diagnostic purposes.
-****
- |Field|Description| ||| |`ARC`|The `ARC` protocol has the following fields: <ul><li>`AAR`: Records the content of the **Authentication-results** header from DMARC.</li><li>`AMS`: Includes cryptographic signatures of the message.</li><li>`AS`: Includes cryptographic signatures of the message headers. This field contains a tag of a chain validation called `"cv="`, which includes the outcome of the chain validation as **none**, **pass**, or **fail**.</li></ul>|
The individual fields and values are described in the following table.
The following table describes useful fields in the **X-Microsoft-Antispam** message header. Other fields in this header are used exclusively by the Microsoft anti-spam team for diagnostic purposes.
-****
- |Field|Description| ||| |`BCL`|The bulk complaint level (BCL) of the message. A higher BCL indicates a bulk mail message is more likely to generate complaints (and is therefore more likely to be spam). For more information, see [Bulk complaint level (BCL)](bulk-complaint-level-values.md).|
The following list describes the text that's added to the **Authentication-Resul
The following table describes the fields and possible values for each email authentication check.
-****
- |Field|Description| ||| |`action`|Indicates the action taken by the spam filter based on the results of the DMARC check. For example: <ul><li>**oreject** or **o.reject**: Stands for override reject. In this case Microsoft 365 uses this action when it receives a message that fails the DMARC check from a domain whose DMARC TXT record has a policy of p=reject. Instead of deleting or rejecting the message, Microsoft 365 marks the message as spam. For more information on why Microsoft 365 is configured this way, see [How Microsoft 365 handles inbound email that fails DMARC](use-dmarc-to-validate-email.md#how-microsoft-365-handles-inbound-email-that-fails-dmarc).</li><li>**pct.quarantine**: Indicates that a percentage less than 100% of messages that do not pass DMARC will be delivered anyway. This means that the message failed DMARC and the policy was set to quarantine, but the pct field was not set to 100% and the system randomly determined not to apply the DMARC action, as per the specified domain's policy.</li><li>**pct.reject**: Indicates that a percentage less than 100% of messages that do not pass DMARC will be delivered anyway. This means that the message failed DMARC and the policy was set to reject, but the pct field was not set to 100% and the system randomly determined not to apply the DMARC action, as per the specified domain's policy.</li><li>**permerror**: A permanent error occurred during DMARC evaluation, such as encountering an incorrectly formed DMARC TXT record in DNS. Attempting to resend this message isn't likely to end with a different result. Instead, you may need to contact the domain's owner in order to resolve the issue.</li><li>**temperror**: A temporary error occurred during DMARC evaluation. You may be able to request that the sender resend the message later in order to process the email properly.</li></ul>|
security Attack Simulation Training Payloads https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/attack-simulation-training-payloads.md
On the **Add indicators** page, click **Add indicator**. On the flyout that appe
- **Indicator name** and **Indicator location**: These values are interrelated. Where you can place the indicator depends on the indicator itself. The available values are described in the following table:
- <br>
-
- ****
- |Indicator name|Indicator location| ||| |**Attachment type**|Message body|
On the **Add indicators** page, click **Add indicator**. On the flyout that appe
|**Unprofessional looking design or formatting**|Message body| |**URL hyperlinking**|Message body| |**You're special**|Message body|
- |
This list is curated to contain the most common clues that appear in phishing messages.
security Attack Simulation Training Simulation Automations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/attack-simulation-training-simulation-automations.md
On the **Landing page** page, you configure the web page that user are taken to
- **Select landing page preference**: The available values depend on your previous selections on the [Select payloads](#select-payloads) page as described in the following table:
- <br>
-
- ****
- |Selection on Select payloads page|Available values for Select landing page preference| ||| |Manually select|Use Microsoft default landing page <p> Create your own landing page <p> Use a custom URL <p> **Note**: The **Use a custom URL** value is not available if you previously selected **Malware attachment** or **Link to malware** on the [Select social engineering techniques](#select-one-or-more-social-engineering-techniques) page.| |Randomize|Use Microsoft default landing page|
- |
The available **Select landing page preference** values and their associated settings are described in the following list:
security Bulk Complaint Level Values https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/bulk-complaint-level-values.md
Bulk mailers vary in their sending patterns, content creation, and recipient acq
The BCL thresholds are described in the following table.
-****
- |BCL|Description| |::|| |0|The message isn't from a bulk sender.|
security Campaigns https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/campaigns.md
The diagram contains the following information:
- **Sender domains** - **Filter verdicts**: Verdict values are related to the available phishing and spam filtering verdicts as described in [Anti-spam message headers](anti-spam-message-headers.md). The available values are described in the following table:
- <br>
-
- ****
- |Value|Spam filter verdict|Description| |||| |**Allowed**|`SFV:SKN` <p> `SFV:SKI`|The message was marked as not spam and/or skipped filtering before being evaluated by spam filtering. For example, the message was marked as not spam by a mail flow rule (also known as a transport rule). <p> The message skipped spam filtering for other reasons. For example, the sender and recipient appear to be in the same organization.|
The diagram contains the following information:
|**User Allow**<sup>\*</sup>|`SFV:SFE`|The message skipped spam filtering because the sender was in a user's Safe Senders list.| |**User Block**<sup>\*\*</sup>|`SFV:BLK`|The message was blocked by spam filtering because the sender was in a user's Blocked Senders list.| |**ZAP**|n/a|[Zero-hour auto purge (ZAP)](zero-hour-auto-purge.md) moved the delivered message to the Junk Email folder or quarantine. You configure the action in [anti-spam policies](configure-your-spam-filter-policies.md).|
- |
<sup>\*</sup> Review your anti-spam policies, because the allowed message would have likely been blocked by the service.
security Configure Your Spam Filter Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-your-spam-filter-policies.md
Creating a custom anti-spam policy in the Microsoft 365 Defender portal creates
- A check mark ( ![Check mark.](../../media/checkmark.png)) indicates the action is available (not all actions are available for all verdicts). - An asterisk ( <sup>\*</sup> ) after the check mark indicates the default action for the spam filtering verdict.
- <br>
-
- ****
- |Action|Spam|High<br>confidence<br>spam|Phishing|High<br>confidence<br>phishing|Bulk| ||::|::|::|::|::| |**Move message to Junk Email folder**: The message is delivered to the mailbox and moved to the Junk Email folder.<sup>1</sup>|![Check mark.](../../media/checkmark.png)<sup>\*</sup>|![Check mark.](../../media/checkmark.png)<sup>\*</sup>|![Check mark.](../../media/checkmark.png)|![Check mark](../../media/checkmark.png)|![Check mark](../../media/checkmark.png)<sup>\*</sup>|
Creating a custom anti-spam policy in the Microsoft 365 Defender portal creates
|**Delete message**: Silently deletes the entire message, including all attachments.|![Check mark.](../../media/checkmark.png)|![Check mark](../../media/checkmark.png)|![Check mark](../../media/checkmark.png)||![Check mark](../../media/checkmark.png)| |**Quarantine message**: Sends the message to quarantine instead of the intended recipients. <p> You specify how long the message should be held in quarantine later in the **Quarantine** box. <p> You specify the [quarantine policy](quarantine-policies.md) that applies to quarantined messages for the spam filter verdict in the **Select a policy** box that appears. For more information, see [Quarantine policies](quarantine-policies.md).<sup>3</sup>|![Check mark.](../../media/checkmark.png)|![Check mark](../../media/checkmark.png)|![Check mark](../../media/checkmark.png)<sup>\*</sup>|![Check mark](../../media/checkmark.png)<sup>\*</sup>|![Check mark](../../media/checkmark.png)| |**No action**|||||![Check mark](../../media/checkmark.png)|
- |
> <sup>1</sup> EOP now uses its own mail flow delivery agent to route messages to the Junk Email folder instead of using the junk email rule. The _Enabled_ parameter on the **Set-MailboxJunkEmailConfiguration** cmdlet no longer has any effect on mail flow. For more information, see [Configure junk email settings on Exchange Online mailboxes](configure-junk-email-settings-on-exo-mailboxes.md). >
security Create Block Sender Lists In Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/create-block-sender-lists-in-office-365.md
Last updated audience: ITPro -+ ms.localizationpriority: medium search.appverid: - MET150s
security Create Safe Sender Lists In Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/create-safe-sender-lists-in-office-365.md
Last updated audience: ITPro -+ ms.localizationpriority: medium search.appverid: - MET150s
security Defender For Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/defender-for-office-365.md
To learn by doing, [click this link](protect-against-threats.md).
The following table summarizes what's included in each plan.
-****
- |Defender for Office 365 Plan 1|Defender for Office 365 Plan 2| ||| |Configuration, protection, and detection capabilities: <ul><li>[Safe Attachments](safe-attachments.md)</li><li>[Safe Links](safe-links.md)</li><li>[Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](mdo-for-spo-odb-and-teams.md)</li><li>[Anti-phishing protection in Defender for Office 365](set-up-anti-phishing-policies.md#exclusive-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365)</li><li>[Real-time detections](threat-explorer.md)</li></ul>|Defender for Office 365 Plan 1 capabilities <p> plus <p> Automation, investigation, remediation, and education capabilities: <ul><li>[Threat Trackers](threat-trackers.md)</li><li>[Threat Explorer](threat-explorer.md)</li><li>[Automated investigation and response](office-365-air.md)</li><li>[Attack simulation training](attack-simulation-training.md)</li><li>[Proactively hunt for threats with advanced hunting in Microsoft 365 Defender](../defender/advanced-hunting-overview.md)</li><li>[Investigate incidents in Microsoft 365 Defender](../defender/investigate-incidents.md)</li><li>[Investigate alerts in Microsoft 365 Defender](../defender/investigate-alerts.md)</li></ul>| - - Microsoft Defender for Office 365 Plan 2 is included in Office 365 E5, Office 365 A5, and Microsoft 365 E5. - Microsoft Defender for Office 365 Plan 1 is included in Microsoft 365 Business Premium.
security Exchange Online Protection Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/exchange-online-protection-overview.md
Last updated 09/18/2020 audience: ITPro -+ ms.localizationpriority: medium ms.assetid: 1270a65f-ddc3-4430-b500-4d3a481efb1e
For information about requirements, important limits, and feature availability a
- For recommended values for protection policies, see [Recommended settings for EOP and Microsoft Defender for Office 365 security](recommended-settings-for-eop-and-office365.md). - For quick instructions to configure protection policies, see [Protect against threats](protect-against-threats.md).
-<br>
-
-****
|Feature|Comments| ||| |**Protection**||
security External Email Forwarding https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/external-email-forwarding.md
Last updated 11/17/2021 audience: ITPro -+ ms.localizationpriority: medium ms.assetid:
security Grant Access To The Security And Compliance Center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/grant-access-to-the-security-and-compliance-center.md
audience: Admin
f1_keywords: - 'ms.o365.cc.PermissionsHelp'-+ ms.localizationpriority: medium- search.appverid: - MOE150 - MET150
security Help And Support For Eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/help-and-support-for-eop.md
ms.assetid: 64535a0a-1044-413f-8bc2-ed8e8a0bc54c
description: Microsoft provides help for EOP in a variety of places and methods including self-support and assisted-support. ms.technology: mdo ms.prod: m365-security+ # Help and support for EOP
For more information about how Premier Support can help your organization maximi
Microsoft provides local or toll-free telephone numbers for product support around the world. Many of these support centers provide help in your local language during business hours or in English 24 hours a day, every day. If you don't see your location listed below, use the Virtual Agent as described above to find your local support telephone number.
-****
- |Country or region|Pre-purchase and billing questions|Technical Support questions| |||| |Brazil|Toll-free: 08007621146 <br> Local: 1147001999|Same|
security How Policies And Protections Are Combined https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/how-policies-and-protections-are-combined.md
There are two major factors that determine which policy is applied to a message:
- **The priority of the email protection type**: This order is not configurable, and is described in the following table:
- <br>
-
- ****
- |Priority|Email protection|Category|Where to manage| ||||| |1|Malware|CAT:MALW|[Configure anti-malware policies in EOP](configure-anti-malware-policies.md)|
There are two major factors that determine which policy is applied to a message:
|6<sup>\*</sup>|Domain impersonation (protected domains)|DIMP|[Configure anti-phishing policies in Microsoft Defender for Office 365](configure-mdo-anti-phishing-policies.md)| |7|Spam|CAT:SPM|[Configure anti-spam policies in EOP](configure-your-spam-filter-policies.md)| |8|Bulk|CAT:BULK|[Configure anti-spam policies in EOP](configure-your-spam-filter-policies.md)|
- |
<sup>\*</sup> These features are only available in anti-phishing policies in Microsoft Defender for Office 365.
security Investigate Malicious Email That Was Delivered https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/investigate-malicious-email-that-was-delivered.md
Threat Explorer is a powerful report that can serve multiple purposes, such as f
**Overrides**: This filter takes information that appears on the mail's details tab and uses it to expose where organizational, or user policies, for allowing and blocking mails have been *overridden*. The most important thing about this filter is that it helps your organization's security team see how many suspicious emails were delivered due to configuration. This gives them an opportunity to modify allows and blocks as needed. This result set of this filter can be exported to spreadsheet.
- <br>
-
- ****
- |Threat Explorer Overrides|What they mean| ||| |Allowed by Org Policy|Mail was allowed into the mailbox as directed by the organization policy.|
Threat Explorer is a powerful report that can serve multiple purposes, such as f
|File extension blocked by Org Policy|File was blocked from delivery to the mailbox as directed by the organization policy.| |Allowed by User Policy|Mail was allowed into the mailbox as directed by the user policy.| |Blocked by User Policy|Mail was blocked from delivery to the mailbox as directed by the user policy.|
- |
**URL threat**: The URL threat field has been included on the *details* tab of an email to indicate the threat presented by a URL. Threats presented by a URL can include *Malware*, *Phish*, or *Spam*, and a URL with *no threat* will say *None* in the threats section.
security Mail Flow In Eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mail-flow-in-eop.md
description: Admin can learn about the options for configuring mail flow and routing in Exchange Online Protection (EOP). ms.technology: mdo ms.prod: m365-security+ # Mail flow in EOP
security Mail Flow Insights V2 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mail-flow-insights-v2.md
audience: ITPro -+ ms.localizationpriority: medium ms.assetid: beb6acaa-6016-4d54-ba7e-3d6d035e2b46 description: Admins can learn about the insights and reports that are available in the Mail flow dashboard in the Security & Compliance Center.
security Mail Flow Intelligence In Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mail-flow-intelligence-in-office-365.md
ms.assetid: c29f75e5-c16e-409e-a123-430691e38276
description: Admins can learn about the error codes that are associated with message delivery using connectors (also known as mail flow intelligence). ms.technology: mdo ms.prod: m365-security+ # Mail flow intelligence in EOP
security Mcas Saas Access Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mcas-saas-access-policies.md
Title: Recommended Microsoft Defender for Cloud Apps policies for SaaS apps - Mi
description: Describes recommended policies for integration with Microsoft Defender for Cloud Apps. audience: Admin
- M365-identity-device-management - M365-security-compliance- # Recommended Microsoft Defender for Cloud Apps policies for SaaS apps
security Message Trace Scc https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/message-trace-scc.md
audience: ITPro -+ ms.localizationpriority: medium ms.assetid: 3e64f99d-ac33-4aba-91c5-9cb4ca476803
security Mfi Auto Forwarded Messages Report https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mfi-auto-forwarded-messages-report.md
audience: ITPro - ms.localizationpriority: medium ms.assetid: b5543faa-44fa-44c5-8180-fb835e7e452d description: Admins can learn about the Auto-forwarded messages report in the Mail flow dashboard in the Security & Compliance Center. ms.technology: mdo ms.prod: m365-security+ # Auto-forwarded messages insight in the Security & Compliance Center
security Mfi Domain Mail Flow Status Insight https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mfi-domain-mail-flow-status-insight.md
audience: ITPro -+ ms.localizationpriority: medium ms.assetid:
security Mfi Mail Flow Map Report https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mfi-mail-flow-map-report.md
audience: ITPro -+ ms.localizationpriority: medium ms.assetid:
security Mfi Mail Loop Insight https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mfi-mail-loop-insight.md
audience: ITPro -+ ms.localizationpriority: medium ms.assetid: cb801985-3c89-4979-9c18-17829a4cb563
security Mfi New Domains Being Forwarded Email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mfi-new-domains-being-forwarded-email.md
ms.assetid:
description: Admins can learn how to use the New domains being forwarded email insight in the Mail flow dashboard in the Security & Compliance Center to investigate when their users are forwarding messages to external domains that have never been forwarded to. ms.technology: mdo ms.prod: m365-security+ # New domains being forwarded email insight in the Security & Compliance Center
security Mfi New Users Forwarding Email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mfi-new-users-forwarding-email.md
ms.assetid:
description: Admins can learn how to use the New users forwarding email insight in the Security & Compliance Center to investigate when users in their organization are forwarding messages to new domains. ms.technology: mdo ms.prod: m365-security+ # New users forwarding email insight in the Security & Compliance Center
security Mfi Non Accepted Domain Report https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mfi-non-accepted-domain-report.md
audience: ITPro -+ ms.localizationpriority: medium ms.assetid:
security Mfi Non Delivery Report https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mfi-non-delivery-report.md
audience: ITPro -+ ms.localizationpriority: medium ms.assetid:
security Mfi Outbound And Inbound Mail Flow https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mfi-outbound-and-inbound-mail-flow.md
Last updated audience: ITPro -+ ms.localizationpriority: medium ms.assetid: f2738dec-41b0-43c4-b814-84c0a4e45c6d description: Admins can learn about the Outbound and inbound mail flow insight in the Mail flow dashboard in the Security & Compliance Center.
security Mfi Queue Alerts And Queues https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mfi-queue-alerts-and-queues.md
ms.assetid: 37640c80-ce6f-47e2-afd1-bc1d3c50e637
description: Admins can learn how to use the Queues widget in the Mail flow dashboard in the Security & Compliance Center to monitor unsuccessful mail flow to their on-premises or partner organizations over outbound connectors. ms.technology: mdo ms.prod: m365-security+ # Queues insight in the Security & Compliance Center
security Mfi Slow Mail Flow Rules Insight https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mfi-slow-mail-flow-rules-insight.md
Last updated audience: ITPro -+ ms.localizationpriority: medium ms.assetid: 37125cdb-715d-42d0-b669-1a8efa140813
security Mfi Smtp Auth Clients Report https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mfi-smtp-auth-clients-report.md
audience: ITPro -+ ms.localizationpriority: medium ms.assetid:
security Migrate To Defender For Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/migrate-to-defender-for-office-365.md
The process of migrating from a third-party protection service to Defender for O
![The process for migrating to Defender for Office 365.](../../media/phase-diagrams/migration-phases.png)
-<p>
-
-****
- |Phase|Description| ||| |[Prepare for your migration](migrate-to-defender-for-office-365-prepare.md)|<ol><li>[Inventory the settings at your existing protection service](migrate-to-defender-for-office-365-prepare.md#inventory-the-settings-at-your-existing-protection-service)</li><li>[Check your existing protection configuration in Microsoft 365](migrate-to-defender-for-office-365-prepare.md#check-your-existing-protection-configuration-in-microsoft-365)</li><li>[Check your mail routing configuration](migrate-to-defender-for-office-365-prepare.md#check-your-mail-routing-configuration)</li><li>[Move features that modify messages into Microsoft 365](migrate-to-defender-for-office-365-prepare.md#move-features-that-modify-messages-into-microsoft-365)</li><li>[Define spam and bulk user experiences](migrate-to-defender-for-office-365-prepare.md#define-spam-and-bulk-user-experiences)</li><li>[Identify and designate priority accounts](migrate-to-defender-for-office-365-prepare.md#identify-and-designate-priority-accounts)</li></ol>|
security Permissions In The Security And Compliance Center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center.md
audience: Admin
f1_keywords: - 'ms.o365.cc.AdminRoleGroups'-+ ms.localizationpriority: medium- search.appverid: - MOE150 - MET150
security Protection Stack Microsoft Defender For Office365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/protection-stack-microsoft-defender-for-office365.md
ms.localizationpriority: medium
description: Follow the path of an incoming message through the threat filtering stack in Microsoft Defender for Office 365. ms.technology: mdo ms.prod: m365-security+ # Step-by-step threat protection in Microsoft Defender for Office 365
security Quarantine Email Messages https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/quarantine-email-messages.md
ms.prod: m365-security
In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, quarantine is available to hold potentially dangerous or unwanted messages.
-Anti-malware policies automatically quarantine a message if *any* attachment is found to contain malware. For more information, see [Configure anti-malware policies in EOP](configure-anti-malware-policies.md).
+Anti-malware policies automatically quarantine a message if _any_ attachment is found to contain malware. For more information, see [Configure anti-malware policies in EOP](configure-anti-malware-policies.md).
By default, anti-spam polices quarantine phishing and high confidence phishing messages, and deliver spam, high confidence spam, and bulk email messages to the user's Junk Email folder. But, you can also create and customize anti-spam policies to quarantine spam, high confidence spam, and bulk-email messages. For more information, see [Configure anti-spam policies in EOP](configure-your-spam-filter-policies.md).
Both users and admins can work with quarantined messages:
- How long quarantined messages are held in quarantine before they expire varies based on why the message was quarantined. The features that quarantine messages and their corresponding retention periods are described in the following table:
- <br>
-
- ****
- |Quarantine reason|Default retention period|Customizable?|Comments| |||::|| |Messages quarantined by anti-spam policies: spam, high confidence spam, phishing, high confidence phishing, or bulk.|15 days: <ul><li>In the default anti-spam policy.</li><li>In anti-spam policies that you create in PowerShell.</li></ul> <p> 30 days in anti-spam policies that you create in the Microsoft 365 Defender portal.|Yes|You can configure (lower) this value in anti-spam policies. For more information, see the **Retain spam in quarantine for this many days** (_QuarantineRetentionPeriod_) setting in [Configure anti-spam policies](configure-your-spam-filter-policies.md).|
Both users and admins can work with quarantined messages:
|Messages quarantined by Safe Attachments policies in Defender for Office 365 (malware messages).|15 days|No|| |Messages quarantined by mail flow rules: the action is **Deliver the message to the hosted quarantine** (_Quarantine_).|30 days|No|| |Files quarantined by Safe Attachments for SharePoint, OneDrive, and Microsoft Teams (malware files).|15 days|No||
- |
When a message expires from quarantine, you can't recover it.
security Quarantine Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/quarantine-policies.md
The individual quarantine policy permissions that are contained in the preset pe
The default quarantine policies, their associated permission groups, and whether quarantine notifications are enabled are described in the following table:
-<br>
- |Default quarantine policy|Permission group used|Quarantine notifications enabled?| |||| |AdminOnlyAccessPolicy|No access|No|
security Remediate Malicious Email Delivered Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/remediate-malicious-email-delivered-office-365.md
-+ audience: admin f1.keywords: - NOCSH
ms.localizationpriority: medium
search.appverid: MET150 description: Threat remediation
-appliesto:
- - Microsoft 365 Defender
ms.technology: mdo ms.prod: m365-security
security Reporting And Message Trace In Exchange Online Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/reporting-and-message-trace-in-exchange-online-protection.md
Last updated audience: ITPro -+ ms.localizationpriority: medium ms.assetid: f40253f2-50a1-426e-9979-be74ba74cb61
security Safe Attachments https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/safe-attachments.md
This section describes the settings in Safe Attachments policies:
- **Safe Attachments unknown malware response**: This setting controls the action for Safe Attachments malware scanning in email messages. The available options are described in the following table:
- <br>
-
- ****
- |Option|Effect|Use when you want to:| |||| |**Off**|Attachments aren't scanned for malware by Safe Attachments. Messages are still scanned for malware by [anti-malware protection in EOP](anti-malware-protection.md).|Turn scanning off for selected recipients. <p> Prevent unnecessary delays in routing internal mail. <p> **This option is not recommended for most users. You should only use this option to turn off Safe Attachments scanning for recipients who only receive messages from trusted senders. ZAP will not quarantine messages if Safe Attachments is turned off and a malware signal is not received. For details, see [Zero-hour auto purge](zero-hour-auto-purge.md)**|
This section describes the settings in Safe Attachments policies:
|**Block**|Prevents messages with detected malware attachments from being delivered. <p> Messages are quarantined. By default, only admins (not users) can review, release, or delete the messages.<sup>\*</sup> <p> Automatically blocks future instances of the messages and attachments. <p> Delivery of safe messages might be delayed due to Safe Attachments scanning.|Protects your organization from repeated attacks using the same malware attachments. <p> This is the default value, and the recommended value in Standard and Strict [preset security policies](preset-security-policies.md).| |**Replace**|Removes detected malware attachments. <p> Notifies recipients that attachments have been removed. <p> Messages that contain malicious attachments are quarantined. By default, only admins (not users) can review, release, or delete the messages.<sup>\*</sup> <p> Delivery of safe messages might be delayed due to Safe Attachments scanning.|Raise visibility to recipients that attachments were removed because of detected malware.| |**Dynamic Delivery**|Delivers messages immediately, but replaces attachments with placeholders until Safe Attachments scanning is complete. <p> Messages that contain malicious attachments are quarantined. By default, only admins (not users) can review, release, or delete the messages.<sup>\*</sup> <p> For details, see the [Dynamic Delivery in Safe Attachments policies](#dynamic-delivery-in-safe-attachments-policies) section later in this article.|Avoid message delays while protecting recipients from malicious files.|
- |
<sup>\*</sup> Admins can create and assign _quarantine policies_ in Safe Attachments policies that define what users are allowed to do to quarantined messages. For more information, see [Quarantine policies](quarantine-policies.md).
security Security Roadmap https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/security-roadmap.md
In this article:
These roadmap recommendations are staged across three phases in a logical order with the following goals.
-****
- |Time frame|Outcomes| ||| |30 days|Rapid configuration: <ul><li>Basic admin protections.</li><li>Logging and analytics.</li><li>Basic identity protections.</li></ul> <p> Tenant configuration. <p> Prepare stakeholders.|
These roadmap recommendations are staged across three phases in a logical order
These tasks can be accomplished quickly and have low impact to users.
-****
- |Area|Tasks| ||| |Security management|<ul><li>Check Secure Score and take note of your current score (<https://security.microsoft.com/securescore>).</li><li>Turn on audit logging for Office 365. See [Search the audit log](../../compliance/search-the-audit-log-in-security-and-compliance.md).</li><li>[Configure Microsoft 365 for increased security](tenant-wide-setup-for-increased-security.md).</li><li>Regularly review dashboards and reports in the Microsoft 365 Defender portal and Defender for Cloud Apps.</li></ul>|
These tasks can be accomplished quickly and have low impact to users.
These tasks take a bit more time to plan and implement but greatly increase your security posture.
-****
- |Area|Task| ||| |Security management|<ul><li>Check Secure Score for recommended actions for your environment (<https://security.microsoft.com/securescore>).</li><li>Continue to regularly review dashboards and reports in the Microsoft 365 Defender portal, Defender for Cloud Apps, and SIEM tools.</li><li>Look for and implement software updates.</li><li>Conduct attack simulations for spear-phishing, password-spray, and brute-force password attacks using [Attack simulation training](attack-simulation-training.md) (included with [Office 365 Threat Intelligence](office-365-ti.md).</li><li>Look for sharing risk by reviewing the built-in reports in Defender for Cloud Apps (on the Investigate tab).</li><li>Check [Compliance Manager](../../compliance/compliance-manager.md) to review status for regulations that apply to your organization (such as GDPR, NIST 800-171).</li></ul>|
These tasks take a bit more time to plan and implement but greatly increase your
These are important security measures that build on previous work.
-****
- |Area|Task| ||| |Security management|<ul><li>Continue planning next actions by using Secure Score (<https://security.microsoft.com/securescore>).</li><li>Continue to regularly review dashboards and reports in the Microsoft 365 Defender portal, Defender for Cloud Apps, and SIEM tools.</li><li>Continue to look for and implement software updates.</li><li>Integrate eDiscovery into your legal and threat response processes.</li></ul>|
security Sending Mail To Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/sending-mail-to-office-365.md
These articles help external senders improve their reputation and increase their
If you're not a customer, but are trying to send mail to someone in who is, you're in the right place. If you're an administrator and you need help with fighting spam, this isn't the right section for you. Instead, go to [Anti-spam and anti-malware protection in Microsoft 365](anti-spam-and-anti-malware-protection.md).
-****
- |For information about...|See...| ||| |Services provided to administrators of email systems that are sending individual and bulk email to customers.|[Services for non-customers sending mail to Office 365](services-for-non-customers.md)|
security Services For Non Customers https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/services-for-non-customers.md
This overview provides information about benefits we provide to your organizatio
## Sender solutions
-****
- |Service|Benefits| ||| |This online help content|Provides: <ul><li>A starting point for any questions related to delivering communications to EOP users.</li><li>Includes a simple online guide with our policies and requirements.</li><li>An overview of the junk email filters and authentication technologies employed by Microsoft.</li><ul>|
This is a self-service portal you can use to remove yourself from the Microsoft
## Abuse and spam reporting for junk email originating from Exchange Online
-Sometimes Microsoft 365 is used by third parties to send junk email, in violation of our terms of use and policy. If you receive any junk email from Office 365, you can report these messages to Microsoft. For instructions, see [Report messages and files to Microsoft](report-junk-email-messages-to-microsoft.md).
+Sometimes Microsoft 365 is used by third parties to send junk email, in violation of our terms of use and policy. If you receive any junk email from Office 365, you can report these messages to Microsoft. For instructions, see [Report messages and files to Microsoft](report-junk-email-messages-to-microsoft.md).
security Set Up Spf In Office 365 To Help Prevent Spoofing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing.md
The SPF TXT record for Office 365 will be made in external DNS for any custom do
1. Ensure that you're familiar with the SPF syntax in the following table.
- <br>
-
- ****
- |Element|If you're using...|Common for customers?|Add this...| ||||| |1|Any email system (required)|Common. All SPF TXT records start with this value|`v=spf1`|
The SPF TXT record for Office 365 will be made in external DNS for any custom do
|5|Third-party email system|Not common|`include:<domain_name>` <p> \<domain_name\> is the domain of the third-party email system.| |6|On-premises email system. For example, Exchange Online Protection plus another email system|Not common|Use one of these for each additional mail system: <p> `ip4:<IP_address>` <br> `ip6:<IP_address>` <br> `include:<domain_name>` <p> \<IP_address\> and \<domain_name\> are the IP address and domain of the other email system that sends mail on behalf of your domain.| |7|Any email system (required)|Common. All SPF TXT records end with this value|`<enforcement rule>` <p> This can be one of several values. We recommend the value `-all`.|
- |
2. If you haven't already done so, form your SPF TXT record by using the syntax from the table.
security Spam Confidence Levels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/spam-confidence-levels.md
In Microsoft 365 organizations with mailboxes in Exchange Online or standalone E
What the SCL means and the default actions that are taken on messages are described in the following table. For more information about actions you can take on messages based on the spam filtering verdict, see [Configure anti-spam policies in EOP](configure-your-spam-filter-policies.md).
-****
- |SCL|Definition|Default action| |::||| |-1|The message skipped spam filtering. For example, the message is from a safe sender, was sent to a safe recipient, or is from an email source server on the IP Allow List. For more information, see [Create safe sender lists in EOP](create-safe-sender-lists-in-office-365.md).|Deliver the message to the recipients' inbox.|
security Threat Explorer Views https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/threat-explorer-views.md
ms.prod: m365-security
When you first open Explorer (or the real-time detections report), the default view shows email malware detections for the past 7 days. This report can also show Microsoft Defender for Office 365 detections, such as malicious URLs detected by [Safe Links](safe-links.md), and malicious files detected by [Safe Attachments](safe-attachments.md). This report can be modified to show data for the past 30 days (with a Microsoft Defender for Office 365 P2 paid subscription). Trial subscriptions will include data for the past seven days only.
-****
- |Subscription|Utility|Days of Data| |||| |Microsoft Defender for Office 365 P1 trial|Real-time detections|7|
security Trial Playbook Defender For Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/trial-playbook-defender-for-office-365.md
audience: Admin--+ ms.localizationpriority: high search.appverid: - MOE150 - MET150