+description: "Learn to verify your domain and set up DNS records for email, Microsoft Teams, and other services at GoDaddy for Microsoft."

+ :::image type="content" source="../../media/dns-godaddy/godaddy-domains-add-MX-records.png" alt-text="Drop down menu showing MX record selected.":::

+## Advanced option: Microsoft Teams

+### Add the two required CNAME records for Microsoft Teams

+ :::image type="content" source="../../media/dns-godaddy/godaddy-manage-dns.png" alt-text="Select Manage DNS from the drop-down list.":::

+If Namecheap is your DNS hosting provider, follow the steps in this article to verify your domain and set up DNS records for email, Microsoft Teams, and so on.

+## Advanced option: Microsoft Teams

+Only select this option if your organization uses Microsoft Teams. Teams needs 4 records: 2 SRV records for user-to-user communication, and 2 CNAME records to sign-in and connect users to the service.

+|**Admin submission result completed**|Generates an alert when an [Admin Submission](../security/office-365-security/submissions-admin.md) completes the rescan of the submitted entity. An alert will be triggered every time a rescan result is rendered from an Admin Submission. <br/><br/> These alerts are meant to remind you to [review the results of previous submissions](https://compliance.microsoft.com/reportsubmission), submit user reported messages to get the latest policy check and rescan verdicts, and help you determine if the filtering policies in your organization are having the intended impact.|Informational|No|E1/F1, E3/F3, or E5|

+|**Admin triggered manual investigation of email**|Generates an alert when an admin triggers the manual investigation of an email from Threat Explorer. For more information, see [Example: A security administrator triggers an investigation from Threat Explorer](../security/office-365-security/air-about-office.md#example-a-security-administrator-triggers-an-investigation-from-threat-explorer). <br/><br/> This alert notifies your organization that the investigation was started. The alert provides information about who triggered it and includes a link to the investigation.|Informational|Yes|E5/G5 or Microsoft Defender for Office 365 P2 add-on subscription|

+|**Admin triggered user compromise investigation**|Generates an alert when an admin triggers the manual user compromise investigation of either an email sender or recipient from Threat Explorer. For more information, see [Example: A security administrator triggers an investigation from Threat Explorer](../security/office-365-security/air-about-office.md#example-a-security-administrator-triggers-an-investigation-from-threat-explorer), which shows the related manual triggering of an investigation on an email. <br/><br/> This alert notifies your organization that the user compromise investigation was started. The alert provides information about who triggered it and includes a link to the investigation.|Medium|Yes|E5/G5 or Microsoft Defender for Office 365 P2 add-on subscription|

+|**eDiscovery search started or exported**|Generates an alert when someone uses the Content search tool in the Microsoft Purview portal. An alert is triggered when the following content search activities are performed: <ul><li>A content search is started.</li><li>The results of a content search are exported.</li><li>A content search report is exported.</li></ul> <br/> Alerts are also triggered when the previous content search activities are performed in association with an eDiscovery case. For more information about content search activities, see [Search for eDiscovery activities in the audit log](ediscovery-search-for-activities-in-the-audit-log.md#ediscovery-activities).|Informational|No|E1/F1/G1, E3/F3/G3, or E5/G5|

+|**Graders disagreement with Tenant Allow/Block List entry**|Generates an alert when Microsoft determines that the admin submission corresponding to an allow entry in the Tenant Allow/Block List is found to be malicious. This event is triggered as soon as the submission has been analyzed by Microsoft. <br/><br/> The allow entry will continue to exist for its stipulated duration. For more information on events that trigger this alert, see [Manage the Tenant Allow/Block list](../security/office-365-security/tenant-allow-block-list-about.md).|Informational|No|E1/F1/G1, E3/F3/G3, or E5/G5|

+|**Remediation action taken by admin on emails or URL or sender**|**Note**: This alert policy has been replaced by the **Administrative action submitted by an Administrator** alert policy. This alert policy will eventually go away, so we recommend disabling this alert policy and using **Administrative action submitted by an Administrator** instead. <br/><br/> This alert is triggered when an admin takes remediation action on the selected entity|Informational|Yes|E5/G5 or Defender for Office 365 P2 add-on subscription|

+|**Removed an entry in Tenant Allow/Block List**|Generates an alert when an allow entry in the Tenant Allow/Block List is learned from by filtering system and removed. This event is triggered when the allow entry for the affected domain or email address, file, or URL (_entity_) is removed. <br/><br/> You no longer need the affected allow entry. Email messages that contain the affected entities will be delivered to the Inbox if nothing else in the message is determined to be bad. URLs and files will be allowed at time of click. <br/><br/> For more information on events that trigger this alert, see [Manage the Tenant Allow/Block list](../security/office-365-security/tenant-allow-block-list-about.md).|Informational|No|E1/F1/G1, E3/F3/G3, or E5/G5|

+|**Tenant Allow/Block List entry is about to expire**|Generates an alert when an allow entry or block entry in the Tenant Allow/Block List entry is about to be removed. This event is triggered 7 days before the expiration date, which is based on when the entry was created or last updated. <br/><br/> For both allow entries and block entries, you can extend the expiration date. For more information on events that trigger this alert, see [Manage the Tenant Allow/Block list](../security/office-365-security/tenant-allow-block-list-about.md).|Informational|No|E1/F1/G1, E3/F3/G3, or E5/G5|

+|SecurityComplianceCenterEventType|Indicates that the activity was a compliance portal event. All compliance portal activities will have a value of **0** for this property.|Microsoft Purview compliance portal|

+|UserKey| Contains a valid Azure Active Directory Object ID in GUID format or hex format. For scenarios where the primary actor isn't a user, the *UserKey* is an empty string. See [UserType and UserKey scenarios](#usertype-and-userkey-scenarios) for details on various *UserKey* scenarios.|All|

+|UserType|The type of user that performed the operation. See the [UserType and UserKey scenarios](#usertype-and-userkey-scenarios) for details on various *UserType* scenarios. |All|

+## UserType and UserKey scenarios

+The following table provides details for *UserType* and *UserKey* scenarios:

+|**Value**|**UserType member name**|**Description**|**UserKey**|

+|:--|:--|:--|:-|

+| 0 | Regular | A regular user without admin permissions. | AAD Object ID in GUID format |

+| 2 | ADmin | An administrator in your Microsoft 365 organization.¹ | AAD Object ID in GUID format |

+| 3 | DCAdmin | A Microsoft datacenter administrator or datacenter system account. | AAD Object ID in GUID format |

+| 4 | System | An audit event triggered by server-side logic. For example, Windows services or background processes. | Empty string |

+| 5 | Application | An audit event triggered by an AAD application. | AAD Application Name or Application ID (when available). Otherwise, an empty string. |

+| 6 | ServicePrincipal | A service principal. | Empty string |

+| 7 | CustomPolicy | A customer created or managed policy. | Empty string |

+| 8 | SystemPolicy | A Microsoft-managed or system policy. | Empty string |

+| 9 | PartnerTechnician | A partner tenant's user working on behalf of the customer tenant (in [GDAP](/partner-center/gdap-introduction) scenarios). | Empty string |

+| 10 | Guest | A guest or anonymous user. | Empty string |

+>¹ For Azure Active Directory-related events, the value for an administrator isn't used in an audit record. Audit records for activities performed by administrators will indicate that a regular user (for example, **UserType: 0**) performed the activity. The **UserID** property will identify the person (regular user or administrator) who performed the activity.

+- tier2

+

+ > [!NOTE]

+ > The list of senders is filtered before the content is analyzed so there might be senders that don't match the content conditions. In other words, there might be extra senders in the report.

+**Can I see detected languages in [file metadata](ediscovery-view-documents-in-review-set.md#metadata-view)?**

+| **ht** | Indicates the hold type. Values are *0* for LitigationHold, *1* for InPlaceHold, *2* for ComplianceTagHold, *3* for DelayReleaseHold, *4* for OrganizationRetention, *5* for CompliancePolicy, *6* for SubstrateAppPolicy, and *7* for SharepointPolicy. |

+description: "Choose how you view content in eDiscovery (Premium) review sets, such as source, plain text, annotate, and metadata."

+eDiscovery (Premium) review sets display content using several viewers each with different purposes. These viewers are used by selecting the viewer on any document within a review set. The available document viewers are:

+- Source

+- Plain text

+- Annotate

+- Metadata

+## Source view

+The source viewer displays the richest view of a document. It supports hundreds of file types and is meant to display the truest to native experience possible. For Microsoft Office files, the viewer uses the web version of Office apps to display content such as document comments, Microsoft Teams chats, Excel formulas, hidden rows/columns, and PowerPoint notes.

+

+The Text viewer provides a view of the extracted text of a file. It ignores any embedded images and formatting but is useful if you're trying to understand the content quickly. Text view also includes these features:

+- Search hit highlighting that highlights terms within the document and in the scrollbar

+

+- **Select annotations**: Select annotations on a document to delete

+- **Select text**: Select text on the document to delete

+- **Area redactions**: Draw a box on the document to hide sensitive content

+- **Pencil**: Free-hand draw in selectable colors on a document in order to bring attention to certain portions of a document

+- **Toggle annotation transparency**: Make annotations semi-transparent in order to view the content behind the annotation

+- **Previous page**: Navigates to previous page

+- **Next page**: Navigates to the next page

+- **Go to page**: Enter a specific page number to navigate to

+- **Zoom**: Set the zoom level for annotate view

+- **Rotate**: Rotate the document clockwise

+

+## Metadata view

+This panel can be toggled on/off to display various metadata associated with the document. Although the search results grid can be customized to display specific metadata, there are instances where scrolling horizontally can be difficult while reviewing data. The File metadata panel allows a user to toggle on a view within the viewer.

+

+## Viewer and management tools

+For selected content, there are additional view and management tools to help you work with documents.

+

+You can select the following actions for selected content:

+- **View or update notes**: Opens the **Notes** pane where you can view or add notes to the selected document. You can display the notes for the document in a column in the dashboard list by customizing your displayed columns.

+- **Show in a new window**: Displays the selected document in a new browser window/tab.

+- **Download PDF**: Downloads the selected document as a .pdf file.

+- **Move up**: Selects the previous review set item and displays the item in the viewer.

+- **Move down**: Selects the next review set item and displays the item in the viewer.

+- **Maximize/Minimize**: Maximizes the viewer pane to full screen and minimizes the viewer pane.

+- **Close**: Closes the selected item from the viewers

+To store content that needs to be retained, SharePoint and OneDrive create a Preservation Hold library if one doesn't exist for the site. The Preservation Hold library isn't designed to be used interactively but instead, automatically stores files when this is needed for compliance reasons. It's not supported to edit, delete, or move these automatically retained files yourself. Instead, use compliance tools, such as those supported by [eDiscovery](ediscovery.md) to access these files.

+The Preservation Hold library works in the following way:

+Each user's OneDrive can be provisioned in or [moved by an administrator](move-onedrive-between-geo-locations.md) to a satellite location in accordance with the user's PDL. Personal files are then kept in that geo location, though they can be shared with users in other geo locations. Note that administrative options found under the OneDrive tab of an active user within the Microsoft 365 admin center are currently not supported for multi-geo tenants.

+## Week of March 13, 2023

+| Published On |Topic title | Change |

+|||--|

+| 3/13/2023 | [Manage your Microsoft Defender for Endpoint subscription settings across client devices](/microsoft-365/security/defender-endpoint/defender-endpoint-subscription-settings?view=o365-worldwide) | added |

+| 3/13/2023 | [Create and deploy a data loss prevention policy](/microsoft-365/compliance/dlp-create-deploy-policy?view=o365-worldwide) | modified |

+| 3/13/2023 | [Data Loss Prevention policy reference](/microsoft-365/compliance/dlp-policy-reference?view=o365-worldwide) | modified |

+| 3/13/2023 | [Use sensitivity labels to protect calendar items, Teams meetings, and chat](/microsoft-365/compliance/sensitivity-labels-meetings?view=o365-worldwide) | modified |

+| 3/13/2023 | [Minimum versions for sensitivity labels in Microsoft 365 Apps](/microsoft-365/compliance/sensitivity-labels-versions?view=o365-worldwide) | modified |

+| 3/13/2023 | [Microsoft 365 Multi-Tenant Organization People Search](/microsoft-365/enterprise/multi-tenant-people-search?view=o365-worldwide) | modified |

+| 3/13/2023 | [Compare Microsoft endpoint security plans](/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2?view=o365-worldwide) | modified |

+| 3/13/2023 | [Microsoft Defender Antivirus security intelligence and product updates](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-worldwide) | modified |

+| 3/13/2023 | [DeviceInfo table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-deviceinfo-table?view=o365-worldwide) | modified |

+| 3/13/2023 | [Integrate your SIEM tools with Microsoft 365 Defender](/microsoft-365/security/defender/configure-siem-defender?view=o365-worldwide) | modified |

+| 3/13/2023 | [Create custom roles with Microsoft 365 Defender role-based access control (RBAC)](/microsoft-365/security/defender/create-custom-rbac-roles?view=o365-worldwide) | modified |

+| 3/13/2023 | [Create and manage custom detection rules in Microsoft 365 Defender](/microsoft-365/security/defender/custom-detection-rules?view=o365-worldwide) | modified |

+| 3/13/2023 | [Edit or delete roles Microsoft 365 Defender role-based access control (RBAC)](/microsoft-365/security/defender/edit-delete-rbac-roles?view=o365-worldwide) | modified |

+| 3/13/2023 | [Step 4. Evaluate Microsoft Defender for Endpoint overview, including reviewing the architecture](/microsoft-365/security/defender/eval-defender-endpoint-overview?view=o365-worldwide) | modified |

+| 3/13/2023 | [Review architecture requirements and the technical framework for Microsoft Defender for Identity](/microsoft-365/security/defender/eval-defender-identity-architecture?view=o365-worldwide) | modified |

+| 3/13/2023 | [Enable the evaluation environment for Microsoft Defender for Identity](/microsoft-365/security/defender/eval-defender-identity-enable-eval?view=o365-worldwide) | modified |

+| 3/13/2023 | [Run an attack simulation in a Microsoft 365 Defender pilot environment](/microsoft-365/security/defender/eval-defender-investigate-respond-simulate-attack?view=o365-worldwide) | modified |

+| 3/13/2023 | [Review architecture requirements and the structure for Microsoft Defender for Cloud Apps](/microsoft-365/security/defender/eval-defender-mcas-architecture?view=o365-worldwide) | modified |

+| 3/13/2023 | [Step 5. Evaluate Microsoft Defender for Cloud Apps overview](/microsoft-365/security/defender/eval-defender-mcas-overview?view=o365-worldwide) | modified |

+| 3/13/2023 | [Microsoft 365 Defender portal](/microsoft-365/security/defender/microsoft-365-defender-portal?view=o365-worldwide) | modified |

+| 3/13/2023 | [Redirecting accounts from Microsoft Defender for Endpoint to Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-security-mde-redirection?view=o365-worldwide) | modified |

+| 3/13/2023 | [Redirecting accounts from Microsoft Defender for Identity to Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-security-mdi-redirection?view=o365-worldwide) | modified |

+| 3/13/2023 | [Assess your security posture through Microsoft Secure Score](/microsoft-365/security/defender/microsoft-secure-score-improvement-actions?view=o365-worldwide) | modified |

+| 3/13/2023 | [Microsoft Secure Score](/microsoft-365/security/defender/microsoft-secure-score?view=o365-worldwide) | modified |

+| 3/13/2023 | [How to subscribe to Microsoft Defender Experts for Hunting](/microsoft-365/security/defender/onboarding-defender-experts-for-hunting?view=o365-worldwide) | modified |

+| 3/13/2023 | [Detecting human-operated ransomware attacks with Microsoft 365 Defender](/microsoft-365/security/defender/playbook-detecting-ransomware-m365-defender?view=o365-worldwide) | modified |

+| 3/13/2023 | [Set up your Microsoft 365 Defender trial lab or pilot environment](/microsoft-365/security/defender/setup-m365deval?view=o365-worldwide) | modified |

+| 3/13/2023 | [Anti-phishing policies](/microsoft-365/security/office-365-security/anti-phishing-policies-about?view=o365-worldwide) | modified |

+| 3/13/2023 | [Configure anti-phishing policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/anti-phishing-policies-mdo-configure?view=o365-worldwide) | modified |

+| 3/13/2023 | [Common Zero Trust identity and device access policies - Microsoft 365 for enterprise](/microsoft-365/security/office-365-security/identity-access-policies?view=o365-worldwide) | modified |

+| 3/13/2023 | [Microsoft Defender for Office 365 data retention](/microsoft-365/security/office-365-security/mdo-data-retention?view=o365-worldwide) | modified |

+| 3/13/2023 | [Preset security policies](/microsoft-365/security/office-365-security/preset-security-policies?view=o365-worldwide) | modified |

+| 3/13/2023 | [SIEM integration with Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/siem-integration-with-office-365-ti?view=o365-worldwide) | modified |

+| 3/13/2023 | [Remove yourself from the blocked senders list and address 5.7.511 Access denied errors](/microsoft-365/security/office-365-security/use-the-delist-portal-to-remove-yourself-from-the-office-365-blocked-senders-lis?view=o365-worldwide) | modified |

+| 3/13/2023 | [Configure teams with protection for highly sensitive data](/microsoft-365/solutions/configure-teams-highly-sensitive-protection?view=o365-worldwide) | modified |

+| 3/13/2023 | [Configure teams with protection for sensitive data](/microsoft-365/solutions/configure-teams-sensitive-protection?view=o365-worldwide) | modified |

+| 3/13/2023 | [Configure Teams with three tiers of file sharing security](/microsoft-365/solutions/configure-teams-three-tiers-protection?view=o365-worldwide) | modified |

+| 3/13/2023 | [Microsoft 365 productivity illustrations](/microsoft-365/solutions/productivity-illustrations?view=o365-worldwide) | modified |

+| 3/13/2023 | Configure a team with security isolation by using a unique sensitivity label | removed |

+| 3/13/2023 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide) | modified |

+| 3/14/2023 | [Increase threat protection for Microsoft 365 for business](/microsoft-365/admin/security-and-compliance/increase-threat-protection?view=o365-worldwide) | modified |

+| 3/14/2023 | [How to secure your business data with Microsoft 365 for business](/microsoft-365/business-premium/secure-your-business-data?view=o365-worldwide) | added |

+| 3/14/2023 | [Create and deploy a data loss prevention policy](/microsoft-365/compliance/dlp-create-deploy-policy?view=o365-worldwide) | modified |

+| 3/14/2023 | [Data Loss Prevention policy reference](/microsoft-365/compliance/dlp-policy-reference?view=o365-worldwide) | modified |

+| 3/14/2023 | [Keyword queries and search conditions for eDiscovery](/microsoft-365/compliance/ediscovery-keyword-queries-and-search-conditions?view=o365-worldwide) | modified |

+| 3/14/2023 | [DeviceInfo table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-deviceinfo-table?view=o365-worldwide) | modified |

+| 3/14/2023 | [Integrate your SIEM tools with Microsoft 365 Defender](/microsoft-365/security/defender/configure-siem-defender?view=o365-worldwide) | modified |

+| 3/14/2023 | [Create custom roles with Microsoft 365 Defender role-based access control (RBAC)](/microsoft-365/security/defender/create-custom-rbac-roles?view=o365-worldwide) | modified |

+| 3/14/2023 | [Create and manage custom detection rules in Microsoft 365 Defender](/microsoft-365/security/defender/custom-detection-rules?view=o365-worldwide) | modified |

+| 3/14/2023 | [Edit or delete roles Microsoft 365 Defender role-based access control (RBAC)](/microsoft-365/security/defender/edit-delete-rbac-roles?view=o365-worldwide) | modified |

+| 3/14/2023 | [Step 4. Evaluate Microsoft Defender for Endpoint overview, including reviewing the architecture](/microsoft-365/security/defender/eval-defender-endpoint-overview?view=o365-worldwide) | modified |

+| 3/14/2023 | [Review architecture requirements and the technical framework for Microsoft Defender for Identity](/microsoft-365/security/defender/eval-defender-identity-architecture?view=o365-worldwide) | modified |

+| 3/14/2023 | [Enable the evaluation environment for Microsoft Defender for Identity](/microsoft-365/security/defender/eval-defender-identity-enable-eval?view=o365-worldwide) | modified |

+| 3/14/2023 | [Run an attack simulation in a Microsoft 365 Defender pilot environment](/microsoft-365/security/defender/eval-defender-investigate-respond-simulate-attack?view=o365-worldwide) | modified |

+| 3/14/2023 | [Review architecture requirements and the structure for Microsoft Defender for Cloud Apps](/microsoft-365/security/defender/eval-defender-mcas-architecture?view=o365-worldwide) | modified |

+| 3/14/2023 | [Step 5. Evaluate Microsoft Defender for Cloud Apps overview](/microsoft-365/security/defender/eval-defender-mcas-overview?view=o365-worldwide) | modified |

+| 3/14/2023 | [Microsoft 365 Defender portal](/microsoft-365/security/defender/microsoft-365-defender-portal?view=o365-worldwide) | modified |

+| 3/14/2023 | [Redirecting accounts from Microsoft Defender for Endpoint to Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-security-mde-redirection?view=o365-worldwide) | modified |

+| 3/14/2023 | [Redirecting accounts from Microsoft Defender for Identity to Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-security-mdi-redirection?view=o365-worldwide) | modified |

+| 3/14/2023 | [Assess your security posture through Microsoft Secure Score](/microsoft-365/security/defender/microsoft-secure-score-improvement-actions?view=o365-worldwide) | modified |

+| 3/14/2023 | [Microsoft Secure Score](/microsoft-365/security/defender/microsoft-secure-score?view=o365-worldwide) | modified |

+| 3/14/2023 | [How to subscribe to Microsoft Defender Experts for Hunting](/microsoft-365/security/defender/onboarding-defender-experts-for-hunting?view=o365-worldwide) | modified |

+| 3/14/2023 | [Detecting human-operated ransomware attacks with Microsoft 365 Defender](/microsoft-365/security/defender/playbook-detecting-ransomware-m365-defender?view=o365-worldwide) | modified |

+| 3/14/2023 | [Set up your Microsoft 365 Defender trial lab or pilot environment](/microsoft-365/security/defender/setup-m365deval?view=o365-worldwide) | modified |

+| 3/14/2023 | [Microsoft Defender for Office 365 data retention](/microsoft-365/security/office-365-security/mdo-data-retention?view=o365-worldwide) | modified |

+| 3/14/2023 | [Remove yourself from the blocked senders list and address 5.7.511 Access denied errors](/microsoft-365/security/office-365-security/use-the-delist-portal-to-remove-yourself-from-the-office-365-blocked-senders-lis?view=o365-worldwide) | modified |

+| 3/14/2023 | [Configure teams with protection for highly sensitive data](/microsoft-365/solutions/configure-teams-highly-sensitive-protection?view=o365-worldwide) | modified |

+| 3/14/2023 | [Configure teams with protection for sensitive data](/microsoft-365/solutions/configure-teams-sensitive-protection?view=o365-worldwide) | modified |

+| 3/14/2023 | [Configure Teams with three tiers of file sharing security](/microsoft-365/solutions/configure-teams-three-tiers-protection?view=o365-worldwide) | modified |

+| 3/14/2023 | [Microsoft 365 productivity illustrations](/microsoft-365/solutions/productivity-illustrations?view=o365-worldwide) | modified |

+| 3/14/2023 | [Set up secure file and document sharing and collaboration with Teams in Microsoft 365](/microsoft-365/solutions/setup-secure-collaboration-with-teams?view=o365-worldwide) | modified |

+| 3/14/2023 | [Map fields of a modern template to library columns in Microsoft Syntex](/microsoft-365/syntex/content-assembly-map-fields) | added |

+| 3/14/2023 | [Connect your DNS records at GoDaddy to Microsoft 365](/microsoft-365/admin/dns/create-dns-records-at-godaddy?view=o365-worldwide) | modified |

+| 3/14/2023 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide) | modified |

+| 3/14/2023 | [Microsoft 365 Multi-Tenant Organization People Search](/microsoft-365/enterprise/multi-tenant-people-search?view=o365-worldwide) | modified |

+| 3/14/2023 | [Use Office 365 Content Delivery Network (CDN) with SharePoint Online](/microsoft-365/enterprise/use-microsoft-365-cdn-with-spo?view=o365-worldwide) | modified |

+| 3/14/2023 | [Use the command line to manage Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/command-line-arguments-microsoft-defender-antivirus?view=o365-worldwide) | modified |

+| 3/14/2023 | [What's new in Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-whatsnew?view=o365-worldwide) | modified |

+| 3/14/2023 | [Monitor and report on Microsoft Defender Antivirus protection](/microsoft-365/security/defender-endpoint/report-monitor-microsoft-defender-antivirus?view=o365-worldwide) | modified |

+| 3/14/2023 | [Permissions in the Microsoft Purview compliance portal](/microsoft-365/compliance/microsoft-365-compliance-center-permissions?view=o365-worldwide) | modified |

+| 3/14/2023 | [Customize controlled folder access](/microsoft-365/security/defender-endpoint/customize-controlled-folders?view=o365-worldwide) | modified |

+| 3/14/2023 | [Migrate the Azure Information Protection (AIP) add-in to Microsoft Purview Information Protection built-in labeling for Office apps](/microsoft-365/compliance/sensitivity-labels-aip?view=o365-worldwide) | modified |

+| 3/14/2023 | [Minimum versions for sensitivity labels in Microsoft 365 Apps](/microsoft-365/compliance/sensitivity-labels-versions?view=o365-worldwide) | modified |

+| 3/15/2023 | [Microsoft Purview Insider Risk Management and Communication Compliance privacy guide](/microsoft-365/compliance/insider-risk-solution-privacy?view=o365-worldwide) | added |

+| 3/15/2023 | [Microsoft Defender Antivirus security intelligence and product updates](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-updates?view=o365-worldwide) | renamed |

+| 3/15/2023 | [Redirecting accounts from Microsoft Defender for Cloud Apps to Microsoft 365 Defender (Preview)](/microsoft-365/security/defender/microsoft-365-security-mda-redirection?view=o365-worldwide) | added |

+| 3/15/2023 | How to secure your business data with Microsoft 365 for business | removed |

+| 3/15/2023 | [What's new in the Microsoft 365 admin center?](/microsoft-365/admin/whats-new-in-preview?view=o365-worldwide) | modified |

+| 3/15/2023 | [Set up GDAP for your customers](/microsoft-365/lighthouse/m365-lighthouse-setup-gdap?view=o365-worldwide) | modified |

+| 3/15/2023 | [Microsoft Defender for Business frequently asked questions](/microsoft-365/security/defender-business/mdb-faq?view=o365-worldwide) | modified |

+| 3/15/2023 | [Device health Microsoft Defender Antivirus health report](/microsoft-365/security/defender-endpoint/device-health-microsoft-defender-antivirus-health?view=o365-worldwide) | modified |

+| 3/15/2023 | [Microsoft Defender Antivirus updates - Previous versions for technical upgrade support](/microsoft-365/security/defender-endpoint/msda-updates-previous-versions-technical-upgrade-support?view=o365-worldwide) | modified |

+| 3/15/2023 | [Compare Microsoft Defender Vulnerability Management plans and capabilities](/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management-capabilities?view=o365-worldwide) | modified |

+| 3/15/2023 | [Enable the Report Message or the Report Phishing add-ins](/microsoft-365/security/office-365-security/submissions-users-report-message-add-in-configure?view=o365-worldwide) | modified |

+| 3/15/2023 | [Top 12 tasks for security teams to support working from home](/microsoft-365/security/top-security-tasks-for-remote-work?view=o365-worldwide) | modified |

+| 3/16/2023 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide) | modified |

+| 3/15/2023 | [Select the domain to use for email from Microsoft 365 products](/microsoft-365/admin/email/select-domain-to-use-for-email-from-microsoft-365-products?view=o365-worldwide) | added |

+| 3/15/2023 | [Permissions in the Microsoft Purview compliance portal](/microsoft-365/compliance/microsoft-365-compliance-center-permissions?view=o365-worldwide) | modified |

+| 3/15/2023 | [Frequently asked questions on tamper protection](/microsoft-365/security/defender-endpoint/faqs-tamper-protection?view=o365-worldwide) | modified |

+| 3/15/2023 | [Protect security settings with tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-worldwide) | modified |

+| 3/15/2023 | [Train your custom model in Microsoft Syntex](/microsoft-365/syntex/train-model) | modified |

+| 3/17/2023 | [Train an unstructured document processing model in Microsoft Syntex](/microsoft-365/syntex/create-a-classifier) | modified |

+| 3/16/2023 | [Microsoft 365 alert policies](/microsoft-365/compliance/alert-policies?view=o365-worldwide) | modified |

+| 3/16/2023 | [Detailed properties in the audit log](/microsoft-365/compliance/audit-log-detailed-properties?view=o365-worldwide) | modified |

+| 3/16/2023 | [Search the audit log to troubleshoot common scenarios](/microsoft-365/compliance/audit-troubleshooting-scenarios?view=o365-worldwide) | modified |

+| 3/16/2023 | [Free trial of Microsoft Purview compliance solutions](/microsoft-365/compliance/compliance-easy-trials?view=o365-worldwide) | modified |

+| 3/17/2023 | [Get started with insider risk management settings](/microsoft-365/compliance/insider-risk-management-settings?view=o365-worldwide) | modified |

+| 3/17/2023 | [Microsoft 365 alert policies](/microsoft-365/compliance/alert-policies?view=o365-worldwide) | modified |

+| 3/17/2023 | [Manage quarantined messages and files as an admin](/microsoft-365/security/office-365-security/quarantine-admin-manage-messages-files?view=o365-worldwide) | modified |

+6. On the **Review deployment task** page, edit the default configuration as needed.

+ 1. If applicable, select whether to deploy the configuration as **Enable** or **Report Only** mode.

+8. On the **Review tenant configuration** page, review intersecting configurations. Intersecting configurations are common properties with settings that are also included in the deployment task.

+ The **Review tenant configurations** page is provided for eligible tasks and lists any intersecting configurations detected within the tenant. From this page, you may edit the existing configurations or deploy a new configuration through Lighthouse to fulfill the task's requirements.

+ If existing configurations are detected, they'll be displayed with a link to the applicable configuration in the **Detected configuration in the deployment plan** comparison table.

+ The detected configurations table at the bottom of the page allows you to compare the detected configurations from the tenant to your deployment plan, inclusive of any selections made on the **Review deployment task** page. This table can be filtered by configuration or setting status and searched by user.

+ If there are no detected configurations, you'll be directed to the **Confirm configuration** page.

+ 5. In Lighthouse, select **Refresh** to refresh the results of the detected configuration.

+ When editing existing configurations, **Extra** settings have no impact on the deployment status of the task. You may retain, edit, or discard **Extra** settings at your discretion.

+ Once Lighthouse determines there are no settings that are **Not compliant** or **Missing** from all existing configurations, Lighthouse will update the task status to **Compliant**. You will be prompted to exit the wizard.

+11. On the **Confirm configuration** page, confirm the configuration and select **Confirm**.

+12. On the **Complete** confirmation page, select **Close**.

+Deploying a new configuration through Lighthouse will ensure that the security configuration is enforced but doesn't modify any existing configurations. This may result in settings with duplicate or conflicting values for users, which may prevent the status of the task from being updated to **Compliant**. To make the task compliant, you'll need to edit or delete the settings that aren't compliant with the deployment task.

+|Is the tenant licensed for the required services associated with the task?|<ul><li>Tasks that aren't licensed won't be eligible for deployment.</li><li>Tasks that aren't licensed may be **Dismissed**.</li><li>Once Lighthouse detects that the tenant is licensed for the required services associated with the task, the status will be updated automatically.</li></ul>|

+|Is the task related to other tasks?|<ul><li>Tasks related to other tasks must be completed in sequential order.</li><li>Subsequent tasks will be eligible for deployment once the pre-requisite tasks are **Compliant**.</li></ul>|

+|Was the task dismissed?|<ul><li>Dismissed tasks aren't eligible for deployment.</li><li>Dismissed tasks can be **Reinstated**.</li><li>Once a task is **Reinstated**, the status will be updated automatically.</li></ul>|

+|Compliant|<ul><li>All settings included in the subtask are **Compliant**.</li><li>There are no settings that are **Not compliant**.</li><li>There are no settings that are **Missing** from all existing configurations. A task can be **Compliant** if a setting is **Compliant** in one or more existing configurations without being **Not compliant** in another.</li><li>There may be **Extra** settings detected within existing configurations.</li></ul>|

+|Not compliant|<ul><li>One or more settings included in the subtask are **Not compliant**.</li><li>One or more settings are **Missing** from all existing configurations.</li><li>There may be **Extra** settings detected within existing configurations.</li><p>**NOTE:** Doesn't apply to subtasks that are **Not licensed**. </p></ul>|

+|Compliant|The value detected in the existing configuration deployed to the customer tenant is equivalent to the value in the deployment plan for all targeted users.|

+|Not compliant|The value detected in the existing configuration deployed to the customer tenant isn't equivalent to the value in the deployment plan for one or more targeted users.|

+|Compliant|<ul><li>The user is targeted for the subtask.</li><li>The user has been assigned licenses for all services required by the subtask.</li><li>All settings included in the subtask are **Compliant**.</li><li>There are no settings that are **Not compliant**.</li><li>There are no settings that are **Missing** from all existing configurations. A user can be **Compliant** if a setting is **Compliant** in one or more existing configurations without being **Not compliant** in another.</li><li>There may be **Extra** settings detected within existing configurations.</li></ul>|

+|Not compliant|<ul><li>The user is targeted for the subtask.</li><li>The user has been assigned licenses for all services required by the subtask.</li><li>One or more settings included in the subtask are **Not compliant**.</li><li>One or more settings are **Missing** from all existing configurations.</li><li>There may be **Extra** settings detected within existing configurations.</li><p>**NOTE:** Doesn't apply to subtasks that are **Not licensed**.</p></ul>|

+|Excluded|The user has been excluded from the subtask.<p>**NOTE**: When a user is **Excluded** from a subtask, status detection and reporting will be updated accordingly, but existing configurations won't be affected.</p>|

+|Not licensed|The user isn't licensed for the services required to deploy the prescribed configuration.<p>**NOTE:** Doesn't apply to users with **Not targeted** status.</p>|

+|Not targeted|The user isn't the intended target for the subtask. For example, a user that isn't an admin is reported as **Not targeted** for a subtask that is assigned only to admins.|

+ Title: Manage your Microsoft Defender for Endpoint subscription settings across client devices (preview!)

+# Manage Microsoft Defender for Endpoint subscription settings across client devices (preview!)

+We recommend updating your Windows 10 (Enterprise, Pro, and Home editions), Windows Server 2019, Windows Server 2022, Windows Server 2016, and Windows Server 2012 R2 OS installation images with the latest antivirus and antimalware updates. Keeping your OS installation images up to date helps avoid a gap in protection.

+|[Microsoft Defender update for Windows operating system installation images](https://support.microsoft.com/help/4568292/defender-update-for-windows-operating-system-installation-images) | Review antimalware update packages for your OS installation images (WIM and VHD files). Get Microsoft Defender Antivirus updates for Windows 10 (Enterprise, Pro, and Home editions), Windows Server 2019, Windows Server 2022, Windows Server 2016, and Windows Server 2012 R2 installation images. |

+## March 2023

+- Support for [Mixed-licensing scenarios](defender-endpoint-plan-1-2.md#mixed-licensing-scenarios) is now in preview! With these capabilities, you can [Manage Microsoft Defender for Endpoint subscription settings across client devices (preview!)](defender-endpoint-subscription-settings.md).

+- The Microsoft Defender for Identity integration toggle is now removed from the Microsoft Defender for Endpoint Settings > Advanced features page. Because Defender for Identity is now integrated with Microsoft 365 Defender, this toggle is no longer required. You don't need to manually configure integration between services. See [What's new - Microsoft Defender for Identity](/defender-for-identity/whats-new#defender-for-identity-release-2194).

+|A potentially malicious URL click was detected|**High**|This alert is generated when any of the following occurs: <ul><li>A user protected by [Safe Links](safe-links-about.md) in your organization clicks a malicious link</li><li>Verdict changes for URLs are identified by Microsoft Defender for Office 365</li><li>Users override Safe Links warning pages (based on your organization's [Safe Links policy](safe-links-policies-configure.md).</li></ul> <br/> For more information on events that trigger this alert, see [Set up Safe Links policies](safe-links-policies-configure.md).|

+|Set up AIR features|One of the following roles: <ul><li>Global Administrator</li><li>Security Administrator</li></ul> <br/> These roles can be assigned in [Azure Active Directory](/azure/active-directory/roles/permissions-reference) or in the [Microsoft 365 Defender portal](mdo-portal-permissions.md).|

+|**Partially Investigated**|The automated investigation found issues, but there are no specific remediation actions to resolve those issues. <p> The **Partially Investigated** status can occur when some type of user activity was identified but no cleanup actions are available. Examples include any of the following user activities: <ul><li>A [data loss prevention](../../compliance/dlp-learn-about-dlp.md) event</li><li>An email sending anomaly</li><li>Sent malware</li><li>Sent phish</li></ul> <br/> **Note**: This **Partially Investigated** status used to be labeled as **Threats Found**. <p> The investigation found no malicious URLs, files, or email messages to remediate, and no mailbox activity to fix, such as turning off forwarding rules or delegation. <p> **TIP**: If you suspect something was missed (such as a false negative), you can investigate and take action using [Threat Explorer](threat-explorer-about.md)|

+|**Terminated By System**|The investigation stopped. An investigation can stop for several reasons: <ul><li>The investigation's pending actions expired. Pending actions time out after awaiting approval for one week</li><li>There are too many actions. For example, if there are too many users clicking on malicious URLs, it can exceed the investigation's ability to run all the analyzers, so the investigation halts</li></ul> <br/> **TIP**: If an investigation halts before actions were taken, try using [Threat Explorer](threat-explorer-about.md) to find and address threats.|

+|**Backscatter** <p> *MarkAsSpamNdrBackscatter*|*Backscatter* is useless non-delivery reports (also known as NDRs or bounce messages) caused by forged senders in email messages. For more information, see [Backscatter messages and EOP](anti-spam-backscatter-about.md). <p> You don't need to configure this setting in the following environments, because legitimate NDRs are delivered, and backscatter is marked as spam: <ul><li>Microsoft 365 organizations with Exchange Online mailboxes.</li><li>On-premises email organizations where you route *outbound* email through EOP.</li></ul> <br/> In standalone EOP environments that protect inbound email to on-premises mailboxes, turning this setting on or off has the following result: <ul><li> **On**: Legitimate NDRs are delivered, and backscatter is marked as spam.</li><li>**Off**: Legitimate NDRs and backscatter go through normal spam filtering. Most legitimate NDRs will be delivered to the original message sender. Some, but not all, backscatter is marked as spam. By definition, backscatter can only be delivered to the spoofed sender, not to the original sender.</li></ul> <br/> Test mode is not available for this setting.|`X-CustomSpam: Backscatter NDR`|

+## March 2023

+- **Built-in protection: Safe Links time of click protection enabled for email**: Microsoft will now by default protect URLs in email messages at time of click as part of this update to Safe Links settings (_EnableSafeLinksForEmail_) within the Built-in protection preset security policy. To learn about the specific Safe Links protections in the Built-in protection policy, see [Safe Links policy settings](recommended-settings-for-eop-and-office365.md#safe-links-policy-settings).

+- **Quarantine notifications enabled in preset security policies**: If your organization has enabled or will enable the Standard or Strict preset security policies, the policies will be automatically updated to use the new DefaultFullAccessWithNotificationPolicy quarantine policy (noifications enabled) wherever the DefaultFullAccessPolicy (notifications disabled) was used. To learn more about quaratine notifications, see [Quarantine notifications](=(quarantine-quarantine-notifications.md). For more information about specific settings in preset security policies, see [Microsoft recommendations for EOP and Defender for Office 365 security settings](recommended-settings-for-eop-and-office365.md).

+- **Azure AD**: Centralized roles that assign permissions for _all_ Microsoft 365 services, including Defender for Office 365. You can view the Azure AD roles and assigned users in the Microsoft 365 Defender portal, but you can't manage them directly there. Instead, you manage Azure AD roles and members at <https://aad.portal.azure.com/#view/Microsoft_AAD_IAM/RolesManagementMenuBlade/~/AllRoles/adminUnitObjectId//resourceScope/%2F>. The most frequent roles used by security teams are:

+ - **[Security Administrator](/azure/active-directory/roles/permissions-reference#security-administrator)**

+ - **[Security Reader](/azure/active-directory/roles/permissions-reference#security-reader)**

+- **Exchange Online** and **Email & collaboration**: Roles and role groups that grant permission specific to Microsoft Defender for Office 365. The following roles are not available in Azure AD, but can be important for security teams:

+ - **Preview** role (Email & collaboration): Assign this role to team members who need to preview or download email messages as part of investigation activities. Allows users to [preview and download](investigate-malicious-email-that-was-delivered.md#preview-role-permissions) email messages in cloud mailboxes using the [email entity page](mdo-email-entity-page.md#email-preview-and-download-for-cloud-mailboxes).

+ - **Search and Purge** role (Email & collaboration): Approve the deletion of malicious messages as recommended by AIR or take manual action on messages in hunting experiences like Threat Explorer.

+ - **Tenant AllowBlockList Manager** (Exchange Online): Manage allow and block entries in the [Tenant Allow/Block List](tenant-allow-block-list-about.md). Blocking URLs, files (using file hash) or senders is a useful response action to take when investigating malicious email that was delivered.

+ By default, this role is assigned only to the **Security Operator role group in Exchange Online**, not in Azure AD. Membership in the **[Security Operator role in Azure AD](/azure/active-directory/roles/permissions-reference#security-operator)** _does not_ allow you to manage entries the Tenant Allow/Block List.

+ Members of the **Security Administrator** or **Organization management** roles in Azure AD or the corresponding role groups in Exchange Online _are_ able to manage entries in the Tenant Allow/Block List.

+|`CAT:`|The category of protection policy, applied to the message: <ul><li>`BULK`: Bulk</li><li>`DIMP`: Domain Impersonation</li><li>`GIMP`: [Mailbox intelligence based impersonation](anti-phishing-policies-about.md#impersonation-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365)</li><li>`HPHSH` or `HPHISH`: High confidence phishing</li><li>`HSPM`: High confidence spam</li><li>`MALW`: Malware</li><li>`PHSH`: Phishing</li><li>`SPM`: Spam</li><li>`SPOOF`: Spoofing</li><li>`UIMP`: User Impersonation</li><li>`AMP`: Anti-malware</li><li>`SAP`: Safe attachments</li><li>`FTBP`: Anti-malware filetype policy</li><li>`OSPM`: Outbound spam</li></ul> <br/> An inbound message may be flagged by multiple forms of protection and multiple detection scans. Policies have different priorities, and the policy with the highest priority is applied first. For more information, see [What policy applies when multiple protection methods and detection scans run on your email](how-policies-and-protections-are-combined.md).|

+|Use the Microsoft Defender Vulnerability Management dashboard <p> View information about recent or current threats|One of the following: <ul><li>**Global Administrator**</li><li>**Security Administrator**</li><li>**Security Reader**</li></ul> <br/> These roles can be assigned in either Azure Active Directory (<https://portal.azure.com>) or the Microsoft 365 admin center (<https://admin.microsoft.com>).|

+|Use [Explorer (and real-time detections)](threat-explorer-about.md) to analyze threats|One of the following: <ul><li>**Global Administrator**</li><li>**Security Administrator**</li><li>**Security Reader**</li></ul> <br/> These roles can be assigned in either Azure Active Directory (<https://portal.azure.com>) or the Microsoft 365 admin center (<https://admin.microsoft.com>).|

+|View Incidents (also referred to as Investigations) <p> Add email messages to an incident|One of the following: <ul><li>**Global Administrator**</li><li>**Security Administrator**</li><li>**Security Reader**</li></ul> <br/> These roles can be assigned in either Azure Active Directory (<https://portal.azure.com>) or the Microsoft 365 admin center (<https://admin.microsoft.com>).|

+|Trigger email actions in an incident <p> Find and delete suspicious email messages|One of the following: <ul><li>**Global Administrator**</li><li>**Security Administrator** plus the **Search and Purge** role</li></ul> <br/> The **Global Administrator** and **Security Administrator** roles can be assigned in either Azure Active Directory (<https://portal.azure.com>) or the Microsoft 365 admin center (<https://admin.microsoft.com>). <p> The **Search and Purge** role must be assigned in the **Email & collaboration roles** in the Microsoft 36 Defender portal (<https://security.microsoft.com>).|

+ |Messages quarantined by anti-spam policies: spam, high confidence spam, phishing, high confidence phishing, or bulk.|15 days: <ul><li>In the default anti-spam policy.</li><li>In anti-spam policies that you create in PowerShell.</li></ul> <br/> 30 days in anti-spam policies that you create in the Microsoft 365 Defender portal.|Yes|You can configure (lower) this value in anti-spam policies. For more information, see the **Retain spam in quarantine for this many days** (_QuarantineRetentionPeriod_) setting in [Configure anti-spam policies](anti-spam-policies-configure.md).|

+ - Click **Delete** only: The message is deleted, but is potentially recoverable.

+ - Click **Delete** only: The messages are deleted, but they're potentially recoverable.

+ - Click **Delete** only: The message is deleted, but is potentially recoverable.

+If the suspected compromised mailbox was used illicitly to send spam email, it's likely that the mailbox has been blocked from sending mail.

+> You can block the suspected compromised account from signing-in until you believe it's safe to re-enable access.

+1. Do the following steps in the Microsoft 365 admin center at <https://admin.microsoft.com>:

+ 1. Go to **Users** \> **Active users**. Or, to go directly to the **Active users** page, use <https://admin.microsoft.com/Adminportal/Home#/users>.

+ 2. On the **Active users** page, find and then select the user account by doing either of the following steps:

+ - Select the user from the list by clicking anywhere in the row other than the check box. In the user details flyout that opens, click  **Block sign-in** at the top of the flyout.

+ - Select the user from the list by clicking the check box in the row. Click  **More actions**, and then select  **Edit sign-in status**.

+ 3. On the **Block sign-in** flyout that opens, select **Block this user from signing in**, click **Save changes** and then click  **Close**.

+2. Do the following steps in the Exchange admin center (EAC) at <https://admin.exchange.microsoft.com>:

+ 1. Go to **Recipients** \> **Mailboxes**. Or, to go directly to the **Mailboxes** page, use <https://admin.exchange.microsoft.com/#/mailboxes>.

+ 2. On the **Mailboxes** page, find and select the user from the list by clicking anywhere in the row other than the check box.

+ 3. In the mailbox details flyout that opens, do the following steps:

+ 1. Verify the **General** tab is selected, and then click **Manage email apps settings** in the **Email apps & mobile devices** section.

+ 2. In the **Manage settings for email apps** flyout that opens, disable all of the available settings by changing the toggles to  **Disabled**:

+ - **Outlook on the web**

+ - **Outlook desktop (MAPI)**

+ - **Exchange Web Services**

+ - **Mobile (Exchange ActiveSync)**

+ - **IMAP**

+ - **POP3**

+ When you're finished, click **Save** and then click  **Close**.

+>

+> In U.S. Government organizations (Microsoft 365 GCC, GCC High, and DoD), reported messages are not sent to Microsoft for analysis. They are sent only to the reporting mailbox that you identify. For more information, see [User reported settings](submissions-user-reported-messages-custom-mailbox.md).

+|**Mail flow rules** (also known as transport rules)|Add a mail flow rule to help protect against ransomware by blocking executable file types and Office file types that contain macros. For more information, see [Use mail flow rules to inspect message attachments in Exchange Online](/exchange/security-and-compliance/mail-flow-rules/inspect-message-attachments). <p> See these additional topics: <ul><li>[Protect against ransomware](../../business-premium/secure-your-business-data.md)</li><li>[Malware and Ransomware Protection in Microsoft 365](/compliance/assurance/assurance-malware-and-ransomware-protection)</li><li>[Recover from a ransomware attack in Office 365](recover-from-ransomware.md)</li></ul> <br/> Create a mail flow rule to prevent auto-forwarding of email to external domains. For more information, see [Mitigating Client External Forwarding Rules with Secure Score](/archive/blogs/office365security/mitigating-client-external-forwarding-rules-with-secure-score). <p> More information: [Mail flow rules (transport rules) in Exchange Online](/exchange/security-and-compliance/mail-flow-rules/mail-flow-rules)|

+|**Modern authentication**|Modern authentication is a prerequisite for using multi-factor authentication (MFA). MFA is recommended for securing access to cloud resources, including email. <p> See these topics: <ul><li>[Enable or disable modern authentication in Exchange Online](/Exchange/clients-and-mobile-in-exchange-online/enable-or-disable-modern-authentication-in-exchange-online)</li><li>[Skype for Business Online: Enable your tenant for modern authentication](https://social.technet.microsoft.com/wiki/contents/articles/34339.skype-for-business-online-enable-your-tenant-for-modern-authentication.aspx)</li></ul> <br/> Modern authentication is enabled by default for Office 2016 clients, SharePoint Online, and OneDrive for Business. <p> More information: [How modern authentication works for Office 2013 and Office 2016 client apps](../../enterprise/modern-auth-for-office-2013-and-2016.md)|

+|**Sharing** (SharePoint Online and OneDrive for Business)|Yes|External sharing is enabled by default. These settings are recommended: <ul><li>Allow sharing to authenticated external users and using anonymous access links (default setting).</li><li>Anonymous access links expire in this many days. Enter a number, if desired, such as 30 days.</li><li>Default link type ΓÇö select Internal (people in the organization only). Users who wish to share using anonymous links must choose this option from the sharing menu.</li></ul> <br/> More information: [External sharing overview](/sharepoint/external-sharing-overview)|

+Spam and malware signatures are updated in the service real-time on a daily basis. However, users can still receive malicious messages for a variety of reasons, including if content is weaponized after being delivered to users. ZAP addresses this issue by continually monitoring updates to the spam and malware signatures in the service. ZAP can find and take automated actions on messages that are already in a user's mailbox up to 48 hours after delivery.

+- Tier1

+- Tier1

+- Tier1

+- Tier1

+- Tier1

+- Tier1

+- Tier1

+- highpri

+- Tier1

+- Tier1

+- Tier1

+- Tier1

+- Tier1

+- Tier1

+- Tier1

+- highpri

+- Tier1

+- Tier1

+- Tier1

+- Tier1

+- Tier1

+- Tier1

+- Tier1

+- Tier1

+ - Tier1

+ Title: Overview of Copilot in Microsoft Syntex

+audience: admin

+search.appverid:

+ - enabler-strategic

+ - m365initiative-syntex

+ms.localizationpriority: medium

+description: Learn how to use Copilot to streamline processes in Microsoft Syntex.

+# Overview of Copilot in Microsoft Syntex

+This article is in development.

+ - Tier1

+ - Tier1