Updates from: 03/24/2021 04:34:35
Category Microsoft Docs article Related commit history on GitHub Change details
admin About Exchange Online Admin Role https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/about-exchange-online-admin-role.md
Here are some of the key tasks users can do when they are assigned to the Exchan
- [Create a shared mailbox](../email/create-a-shared-mailbox.md) so a group of people can monitor and send email from a common email address. -- [Email anti-spam protection](../../security/office-365-security/anti-spam-protection.md) and malware filters for the organization.
+- [Email anti-spam protection](https://docs.microsoft.com/microsoft-365/security/defender-365-security/anti-spam-protection) and malware filters for the organization.
- Manage Microsoft 365 groups
admin Configure Email Forwarding https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/configure-email-forwarding.md
description: "Set up email forwarding to one or more email accounts using Office
As the admin of an organization, you might have company requirements to set up email forwarding for a user's mailbox. Email forwarding lets you forward email messages sent to a user's mailbox to another user's mailbox inside or outside of your organization. > [!IMPORTANT]
-> You can use outbound spam filter policies to control automatic forwarding to external recipients. For more information, see [Control automatic external email forwarding in Microsoft 365](../../security/office-365-security/external-email-forwarding.md?preserve-view=true&view=o365-worldwide#how-the-outbound-spam-filter-policy-settings-work-with-other-automatic-email-forwarding-controls).
+> You can use outbound spam filter policies to control automatic forwarding to external recipients. For more information, see [Control automatic external email forwarding in Microsoft 365](https://docs.microsoft.com/microsoft-365/security/defender-365-security/external-email-forwarding?view=o365-worldwide&preserve-view=true#how-the-outbound-spam-filter-policy-settings-work-with-other-automatic-email-forwarding-controls).
## Configure email forwarding
admin Create Dns Records At Any Dns Hosting Provider https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider.md
Validate your SPF record by using one of these [SPF validation tools](/office365
SPF is designed to help prevent spoofing, but there are spoofing techniques that SPF cannot protect against. To protect against these, once you've set up SPF, you should also set up DKIM and DMARC for Microsoft 365.
-To get started, see [Use DKIM to validate outbound email sent from your domain in Microsoft 365](../../security/office-365-security/use-dkim-to-validate-outbound-email.md) and [Use DMARC to validate email in Microsoft 365](../../security/office-365-security/use-dmarc-to-validate-email.md).
+To get started, see [Use DKIM to validate outbound email sent from your domain in Microsoft 365](../../security/defender-365-security/use-dkim-to-validate-outbound-email.md) and [Use DMARC to validate email in Microsoft 365](../../security/defender-365-security/use-dmarc-to-validate-email.md).
### Add SRV records for communications services (Teams, Skype for Business)
admin Resolve License Conflicts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/resolve-license-conflicts.md
- Title: "Resolve license conflicts"-- NOCSH-----
-localization_priority: Normal
--- M365-subscription-management-- Adm_O365-- Adm_NonTOC--- BCS160-- MET150-- MOE150-- BEA160
-description: "Learn how to resolve license conflicts with your Microsoft 365 for business subscription."
--
-# Resolve license conflicts
--
-> [!NOTE]
-> The admin center is changing. If your experience doesn't match the details presented here, see
-[About the new Microsoft 365 admin center](../microsoft-365-admin-center-preview.md?preserve-view=true&view=o365-21vianet).
--
-We recommend that you buy the licenses that you need for your subscription before you create new users. That way, a license can be assigned to new users as user accounts are created. If you have already assigned all of your licenses to users, but some of the licenses have expired, or you try to remove a license that is already assigned to a user, you will have license conflicts. For more information, see [Remove licenses from your subscription](../../commerce/licenses/buy-licenses.md).
-
-## How do I view license conflicts?
--
-1. In the admin center, go to the **Billing** > <a href="https://go.microsoft.com/fwlink/p/?linkid=842264" target="_blank">Licenses</a> page.
---
-1. In the admin center, go to the **Billing** > <a href="https://go.microsoft.com/fwlink/p/?linkid=848038" target="_blank">Licenses</a> page.
---
-1. In the admin center, go to the **Billing** > <a href="https://go.microsoft.com/fwlink/p/?linkid=850625" target="_blank">Licenses</a> page.
--
-2. Check the **Status** column for information about the conflict. If there's a conflict, you'll see a warning message, that says one or more users need a valid license.
-
- > [!NOTE]
- > You won't see the **Status** column if there are no conflicts.
-
-## How do I resolve license conflicts?
-
-You can resolve license conflicts by either [buying more licenses](../../commerce/licenses/buy-licenses.md) or by [removing licenses from users who no longer need them](remove-licenses-from-users.md). You can optionally [delete a user account to free a license](../add-users/delete-a-user.md).
-
-## Related articles
-
-[Assign licenses to users](assign-licenses-to-users.md)
-
-[Remove licenses from users](remove-licenses-from-users.md)
admin Cortana Integration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/cortana-integration.md
- M365-subscription-management - Adm_O365 - Adm_NonTOC- search.appverid: - BCS160 - MET150
admin Pilot Microsoft 365 From My Custom Domain https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/pilot-microsoft-365-from-my-custom-domain.md
There are two steps for this:
Make sure you have completed the following in Microsoft 365 or Office 365:
-1. To set up connectors, you need permissions assigned before you can begin. To check what permissions you need, see the Microsoft 365 and Office 365 connectors entry in the [Feature permissions in EOP](../../security/office-365-security/feature-permissions-in-eop.md) topic.
+1. To set up connectors, you need permissions assigned before you can begin. To check what permissions you need, see the Microsoft 365 and Office 365 connectors entry in the [Feature permissions in EOP](https://docs.microsoft.com/microsoft-365/security/defender-365-security/feature-permissions-in-eop) topic.
2. If you want EOP or Exchange Online to relay email from your email servers to the Internet, either:
admin Set Up Dns Records Vsb https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/set-up-dns-records-vsb.md
Validate your SPF record by using one of these [SPF validation tools](/office365
SPF is designed to help prevent spoofing, but there are spoofing techniques that SPF cannot protect against. To protect against these, once you've set up SPF, you should also set up DKIM and DMARC for Microsoft 365.
-To get started, see [Use DKIM to validate outbound email sent from your domain in Microsoft 365](../../security/office-365-security/use-dkim-to-validate-outbound-email.md) and [Use DMARC to validate email in Microsoft 365](../../security/office-365-security/use-dmarc-to-validate-email.md).
+To get started, see [Use DKIM to validate outbound email sent from your domain in Microsoft 365](../../security/defender-365-security/use-dkim-to-validate-outbound-email.md) and [Use DMARC to validate email in Microsoft 365](../../security/defender-365-security/use-dmarc-to-validate-email.md).
Finally, head back to the admin center domain setup wizard to complete your setup.
admin Multi Factor Authentication Microsoft 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/multi-factor-authentication-microsoft-365.md
For more information, see this [overview of Conditional Access](/azure/active-di
### Azure AD Identity Protection
-With Azure AD Identity Protection, you can create an additional Conditional Access policy to [require MFA when sign-in risk is medium or high](../../security/office-365-security/identity-access-policies.md#require-mfa-based-on-sign-in-risk).
+With Azure AD Identity Protection, you can create an additional Conditional Access policy to [require MFA when sign-in risk is medium or high](../../security/defender-365-security/identity-access-policies.md#require-mfa-based-on-sign-in-risk).
You can use Azure AD Identity Protection and risk-based Conditional Access policies with:
admin Secure Your Business Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/secure-your-business-data.md
Microsoft recommends that you complete the tasks listed in the following table t
|9|[Protect against malicious attachments and files with Safe Attachments](secure-your-business-data.md#atp)||![Included](../../media/d238e041-6854-4a78-9141-049224df0795.png)| |10|[Protect against phishing attacks with Safe Links](secure-your-business-data.md#phishingatp)||![Included](../../media/d238e041-6854-4a78-9141-049224df0795.png)|
-Before you begin, check your [Microsoft 365 Secure Score](../../security/mtp/microsoft-secure-score.md) in the Microsoft 365 security center. From a centralized dashboard, you can monitor and improve the security for your Microsoft 365 identities, data, apps, devices, and infrastructure. You are given points for configuring recommended security features, performing security-related tasks (such as viewing reports), or addressing recommendations with a third-party application or software. With additional insights and more visibility into a broader set of Microsoft products and services, you can feel confident reporting about your organization's security health.
+Before you begin, check your [Microsoft 365 Secure Score](https://docs.microsoft.com/microsoft-365/security/defender/microsoft-secure-score) in the Microsoft 365 security center. From a centralized dashboard, you can monitor and improve the security for your Microsoft 365 identities, data, apps, devices, and infrastructure. You are given points for configuring recommended security features, performing security-related tasks (such as viewing reports), or addressing recommendations with a third-party application or software. With additional insights and more visibility into a broader set of Microsoft products and services, you can feel confident reporting about your organization's security health.
![Screenshot of Microsoft Secure Score](../../media/secure-score.png)
Your Microsoft 365 environment includes protection against malware, but you can
6. Select **Save.**
-For more information, see [Anti-malware protection in EOP](../../security/office-365-security/anti-malware-protection.md).
+For more information, see [Anti-malware protection in EOP](https://docs.microsoft.com/microsoft-365/security/defender-365-security/anti-malware-protection).
## 5: Protect against ransomware <a name="ransomware"> </a>
To create an anti-phishing policy in Defender for Office 365, view a [short trai
4. On the Anti-phishing page, select **+ Create**. A wizard launches that steps you through defining your anti-phishing policy.
-5. Specify the name, description, and settings for your policy as recommended in the chart below. See [Learn about anti-phishing policy in Microsoft Defender for Office 365 options](../../security/office-365-security/set-up-anti-phishing-policies.md) for more details.
+5. Specify the name, description, and settings for your policy as recommended in the chart below. See [Learn about anti-phishing policy in Microsoft Defender for Office 365 options](https://docs.microsoft.com/microsoft-365/security/defender-365-security/set-up-anti-phishing-policies) for more details.
6. After you have reviewed your settings, select **Create this policy** or **Save**, as appropriate.
To create an anti-phishing policy in Defender for Office 365, view a [short trai
|Applied to|Select **The recipient domain is**. Under **Any of these**, select **Choose**. Select **+ Add**. Select the check box next to the name of the domain, for example, contoso.com, in the list, and then select **Add**. Select **Done**.| |
-For more information, see [Set up anti-phishing policies in Defender for Office 365](../../security/office-365-security/configure-atp-anti-phishing-policies.md).
+For more information, see [Set up anti-phishing policies in Defender for Office 365](https://docs.microsoft.com/microsoft-365/security/defender-365-security/configure-atp-anti-phishing-policies).
## 9: Protect against malicious attachments and files with Safe Attachments <a name="atp"> </a>
To create an Safe attachment policy, view a [short training video](https://suppo
|Applied to|The recipient domain is . . . select your domain.| |
-For more information, see [Set up anti-phishing policies in Defender for Office 365](../../security/office-365-security/configure-atp-anti-phishing-policies.md).
+For more information, see [Set up anti-phishing policies in Defender for Office 365](https://docs.microsoft.com/microsoft-365/security/defender-365-security/configure-atp-anti-phishing-policies).
## 10: Protect against phishing attacks with Safe Links <a name="phishingatp"> </a>
To create a new policy targeted to all recipients in your domain:
|Applied to|The recipient domain is . . . select your domain.| |
-For more information, see [Safe Links in Microsoft Defender for Office 365](../../security/office-365-security/atp-safe-links.md).
+For more information, see [Safe Links in Microsoft Defender for Office 365](https://docs.microsoft.com/microsoft-365/security/defender-365-security/atp-safe-links).
admin Priority Accounts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/priority-accounts.md
In every Microsoft 365 organization, there are people that are essential, like e
To help your organization protect these accounts, you can now designate specific users as priority accounts and leverage app-specific features that provide them with extra protection. In the future, more apps and features will support priority accounts, and to start with, weΓÇÖve announced two capabilities: **priority account protection** and **premium mail flow monitoring**. -- **Priority account protection** - Microsoft Defender for Office 365 (formerly Office 365 Advanced Threat Protection) supports priority accounts as tags that can be used in filters in alerts, reports, and investigations. For more information, check out [User tags in Microsoft Defender for Office 365](../../security/office-365-security/user-tags.md).
+- **Priority account protection** - Microsoft Defender for Office 365 (formerly Office 365 Advanced Threat Protection) supports priority accounts as tags that can be used in filters in alerts, reports, and investigations. For more information, check out [User tags in Microsoft Defender for Office 365](../../security/defender-365-security/user-tags.md).
- **Premium Mail Flow Monitoring** - Healthy mail flow can be critical to business success, and delivery delays or failures can have a negative impact on the business. You can choose a threshold for failed or delayed emails, receive alerts when that threshold is exceeded, and view a report of email issues for priority accounts. For more information, check out [Email issues for priority accounts report in the modern EAC](/exchange/monitoring/mail-flow-reports/mfr-email-issues-for-priority-accounts-report)
-For security best practices for priority accounts, see [Security recommendations for priority accounts](../../security/office-365-security/security-recommendations-for-priority-accounts.md).
+For security best practices for priority accounts, see [Security recommendations for priority accounts](../../security/defender-365-security/security-recommendations-for-priority-accounts.md).
## Before you begin
business-video Choose Subscription https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/choose-subscription.md
Choosing the right Microsoft 365 subscription is key to getting the most out of
| **Social, video, sites** | Stream, Yammer, Planner, SharePoint Online\*, PowerApps\*, Microsoft Flow\* | Yes | Yes | Yes | | **Business apps** | Scheduling apps - Bookings\*\* | Yes | Yes | Yes | |
- | Business apps - MileIQ\*\* | Yes | Yes | No |
| **Threat Protection** | Office 365 Advanced Threat Protection | No | Yes | No | | Windows Exploit Guard enforcement | No | Yes | No | | **Identity Management** | Self-service password reset for hybrid Azure Active Directory accounts | No | Yes | No |
business-video Overview File Sharing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/overview-file-sharing.md
You need to share files with clients, customers, partners, suppliers, and other
|![Securely share](../media/securely-share-file.png)<br/>[Share a file with someone outside of your company](#share-a-file-with-someone-outside-of-your-company)|![Collaborate with a client](../media/share-and-collab-with-partner.png) <br/>[Share and collaborate with a client or business partner](#share-and-collaborate-with-a-client-or-business-partner) | ![Share inside your org](../media/share-inside-your-org.png) <br/>[Share inside your business](#share-inside-your-business) | |--|--|--|
+Download an infographic to get a quick overview of ways to share your business files.
+
+[PDF](https://go.microsoft.com/fwlink/?linkid=2079435) | [PowerPoint](https://go.microsoft.com/fwlink/?linkid=2079438)
+ ## Share a file with someone outside of your company - Share a file with someone outside of your company (such as a client or a customer) via email if you only need it to go one way.
Need a little help? Learn how to:
- [Send and receive attachments](https://support.microsoft.com/en-us/office/sending-and-receiving-attachments-d32cd5ad-c7c5-49df-814d-4c17a5d3beb0) - [Share files and folders with OneDrive](https://support.microsoft.com/en-us/office/share-files-and-folders-with-microsoft-365-business-72f26d6c-bf9e-432c-8b96-e3c2437f5b65) - [Create a company-wide team](https://support.microsoft.com/en-us/office/create-an-org-wide-team-037bb27a-bcc9-48fe-8d72-44d9482420a3)-- [Add guests to a team](https://support.microsoft.com/en-us/office/add-guests-to-a-team-in-teams-fccb4fa6-f864-4508-bdde-256e7384a14f)-
-Download an infographic to get a quick overview of ways to share your business files.
-
-[PDF](https://go.microsoft.com/fwlink/?linkid=2079435) | [PowerPoint](https://go.microsoft.com/fwlink/?linkid=2079438)
+- [Add guests to a team](https://support.microsoft.com/en-us/office/add-guests-to-a-team-in-teams-fccb4fa6-f864-4508-bdde-256e7384a14f)
business-video Remove Existing Licenses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/remove-existing-licenses.md
+
+ Title: "Remove existing licenses"
+f1.keywords:
+- NOCSH
+++
+audience: Admin
++
+localization_priority: Normal
+
+- M365-subscription-management
+- Adm_O365
+
+- AdminSurgePortfolio
+- adminvideo
+monikerRange: 'o365-worldwide'
+search.appverid:
+- BCS160
+- MET150
+- MOE150
+description: "If necessary, you can reduce the number of licenses for your monthly subscription. "
++
+# Remove existing licenses
+
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4L53r?autoplay=false]
+
+If you have more licenses than you need for your subscription, you can reduce the number of licenses and your monthly costs.
+
+## Try it!
+
+1. In the [admin center](https://admin.microsoft.com), choose **Billing** > **Your products**, and then select your subscription.
+1. Choose **Remove licenses**.
+1. Use the down arrow to reduce the number of licenses.
+1. Select **Save**, and then close the window.
business-video Work From Anywhere https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/work-from-anywhere.md
Away from your desk? No more laptop battery? No problem! Handle your work from a
**Pro tip:** Keep your work-life balance in check by turning off notifications for your work apps on your personal devices.
-Use the four tips below to work wherever you are:
-Download an infographic to get tips for working from anywhere: [PDF](https://go.microsoft.com/fwlink/?linkid=2079451), [PowerPoint](https://go.microsoft.com/fwlink/?linkid=2079455)
+Use the four tips below to work wherever you are.
+
+Download an infographic to get tips for working from anywhere:
+
+[PDF](https://go.microsoft.com/fwlink/?linkid=2079451) | [PowerPoint](https://go.microsoft.com/fwlink/?linkid=2079455)
**Thinking of working from home regularly?**
business Increase Threat Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business/increase-threat-protection.md
This article helps you increase the protection in your Microsoft 365 subscriptio
Before you begin, check your Office 365 Secure Score. Office 365 Secure Score analyzes your organization's security based on your regular activities and security settings, and assigns a score. Begin by taking note of your current score. To increase your score, complete the actions recommended in this article. The goal isn't to achieve the maximum score, but to be aware of opportunities to protect your environment that don't negatively affect productivity for your users.
-For more information, see [Microsoft Secure Score](../security/mtp/microsoft-secure-score.md).
+For more information, see [Microsoft Secure Score](../security/defender/microsoft-secure-score.md).
## Raise the level of protection against malware in mail
Your Office 365 or Microsoft 365 environment includes protection against malware
6. Select **Save.**
-For more information, see [Anti-malware protection in EOP](../security/office-365-security/anti-malware-protection.md).
+For more information, see [Anti-malware protection in EOP](../security/defender-365-security/anti-malware-protection.md).
## Protect against ransomware
To create an anti-phishing policy in Microsoft Defender for Office 365, watch [
4. On the **Anti-phishing** page, select **+ Create**. A wizard launches that steps you through defining your anti-phishing policy.
-5. Specify the name, description, and settings for your policy as recommended in the following table. For more details, see [Learn about anti-phishing policy in Microsoft Defender for Office 365 options](../security/office-365-security/set-up-anti-phishing-policies.md).
+5. Specify the name, description, and settings for your policy as recommended in the following table. For more details, see [Learn about anti-phishing policy in Microsoft Defender for Office 365 options](../security/defender-365-security/set-up-anti-phishing-policies.md).
6. After you've reviewed your settings, choose **Create this policy** or **Save**, as appropriate.
To create an Safe Attachment policy, either watch [this short video](https://sup
|Redirect attachment on detection|Enable redirection (select this box) Enter the admin account or a mailbox setup for quarantine. Apply the above selection if malware scanning for attachments times out or error occurs (select this box).| |Applied to|The recipient domain is . . . select your domain.|
-For more information, see [Set up anti-phishing policies in Microsoft Defender for Office 365](../security/office-365-security/set-up-anti-phishing-policies.md).
+For more information, see [Set up anti-phishing policies in Microsoft Defender for Office 365](../security/defender-365-security/set-up-anti-phishing-policies.md).
## Protect against phishing attacks with Safe Links
To create a new policy targeted to all recipients in your domain:
|Use Safe Attachments to scan downloadable content|Select this box.| |Applied to|The recipient domain is . . . select your domain.|
-For more information, see [Safe Links](../security/office-365-security/atp-safe-links.md).
+For more information, see [Safe Links](../security/defender-365-security/safe-links.md).
## Go to Intune admin center
For more information, see [Safe Links](../security/office-365-security/atp-safe-
3. Once the results appear, select the start next to **Microsoft Intune** to make it a favorite and easy to find later.
-In addition to the admin center, you can use Intune to enroll and manage your organization's devices. For more information, see [Capabilities by enrollment method for Windows devices](/intune/enrollment/enrollment-method-capab) and [Enrollment options for devices managed by Intune](/intune/enrollment-options).
+In addition to the admin center, you can use Intune to enroll and manage your organization's devices. For more information, see [Capabilities by enrollment method for Windows devices](/intune/enrollment/enrollment-method-capab) and [Enrollment options for devices managed by Intune](/intune/enrollment-options).
business Migrate From E3 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business/migrate-from-e3.md
search.appverid:
description: "Learn how to move your business to Microsoft 365 Business Premium from Office 365 E3."
-# Migrating from Office 365 E3 to Microsoft 365 Business Premium
+# Migrating from Office 365 E3 to Microsoft 365 Business Premium
Microsoft 365 Business Premium has everything you need for your small business, combining the best-in-class cloud-based productivity apps with simple device management and security. If you currently have an Office 365 E3 subscription, but don't have more than 300 employees, consider switching to Microsoft 365 Business Premium for added security features.
This table shows the differences between Microsoft 365 Business Premium and Offi
| OneDrive for Business | 1 TB storage limit per user | Unlimited | | Yammer, SharePoint Online, Planner, Stream | ![Included with Microsoft 365 Business Premium](../media/check-mark.png) | ![Included with Office 365 E3](../media/check-mark.png) | | StaffHub | ![Included with Microsoft 365 Business Premium](../media/check-mark.png) | ![Included with Office 365 E3](../media/check-mark.png) |
-| Outlook Customer Manager, MileIQ | ![Included with Microsoft 365 Business Premium](../media/check-mark.png) | |
+| Outlook Customer Manager | ![Included with Microsoft 365 Business Premium](../media/check-mark.png) | |
| **Threat Protection** | | | | Defender for Office 365 Plan 1 | ![Included with Microsoft 365 Business Premium](../media/check-mark.png) | Not included, but can be added on | | **Identity management** | | |
Microsoft 365 Business Premium has a 50 GB storage limit as it uses Exchange Onl
### Threat protection
-After migrating to Microsoft 365 Business Premium, you have Defender for Office 365. See [Microsoft Defender for Office 365](../security/office-365-security/office-365-atp.md) for an overview. To set up, see [set up Safe Links](https://support.microsoft.com/office/61492713-53c2-47da-a6e7-fa97479e97fa), [set up Safe Attachments](https://support.microsoft.com/office/e7e68934-23dc-4b9c-b714-e82e27a8f8a5), and [set up Anti-phishing in Defender for Office 365](https://support.microsoft.com/office/86c425e1-1686-430a-9151-f7176cce4f2c).
+After migrating to Microsoft 365 Business Premium, you have Defender for Office 365. See [Microsoft Defender for Office 365](../security/defender-365-security/defender-for-office-365.md) for an overview. To set up, see [set up Safe Links](https://support.microsoft.com/office/61492713-53c2-47da-a6e7-fa97479e97fa), [set up Safe Attachments](https://support.microsoft.com/office/e7e68934-23dc-4b9c-b714-e82e27a8f8a5), and [set up Anti-phishing in Defender for Office 365](https://support.microsoft.com/office/86c425e1-1686-430a-9151-f7176cce4f2c).
### Sensitivity labels
-To start using sensitivity labels, see [Overview of sensitivity labels](../compliance/sensitivity-labels.md) and [create and manage sensitivity labels](https://support.microsoft.com/office/2fb96b54-7dd2-4f0c-ac8d-170790d4b8b9) video.
+To start using sensitivity labels, see [Overview of sensitivity labels](../compliance/sensitivity-labels.md) and [create and manage sensitivity labels](https://support.microsoft.com/office/2fb96b54-7dd2-4f0c-ac8d-170790d4b8b9) video.
business Migrate From Microsoft 365 Business To Microsoft 365 Enterprise https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business/migrate-from-microsoft-365-business-to-microsoft-365-enterprise.md
This table shows the differences between Microsoft 365 Business Premium and Micr
| Teams | ![Included with Microsoft 365 Business Premium](../media/check-mark.png) | ![Included with Microsoft 365 E3](../media/check-mark.png) | | OneDrive for Business | 1 TB storage limit per user | Unlimited | | Yammer, SharePoint Online, Planner, Stream | ![Included with Microsoft 365 Business Premium](../media/check-mark.png) | ![Included with Microsoft 365 E3](../media/check-mark.png) |
-| MileIQ | ![Included with Microsoft 365 Business Premium](../media/check-mark.png) | |
| **Threat Protection** | | | | Attack surface reduction capabilities | [See this list](#threat-protection) | Enterprise management of hardware-based isolation for Microsoft Edge | | Defender for Office 365 Plan 1 | ![Included with Microsoft 365 Business Premium](../media/check-mark.png) | Not included, but can be added on |
Your users can now enjoy unlimited storage in the Exchange Online mailboxes and
You can begin using Cloud App Discovery, Azure AD Connect Health, and SSO for more than 10 apps.
->[!Note]
->Users migrated to Microsoft 365 E3 can no longer use MileIQ.
->
- <a name="threat-protection"></a> ### Threat protection
business Security Features https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business/security-features.md
You can manage many of the Microsoft 365 Business Premium security features in t
Advanced features in Microsoft 365 Business Premium are available to help you protect your business against cyber-threats and safeguard sensitive information. -- **[Microsoft Defender for Office 365](../security/office-365-security/office-365-atp.md)**
+- **[Microsoft Defender for Office 365](../security/defender-365-security/defender-for-office-365.md)**
Microsoft Defender for Office 365 helps guard your business against sophisticated phishing and ransomware attacks designed to compromise employee or customer information. Features include:
Yes, these features are available in all markets where Microsoft 365 Business Pr
![In the left nav in the Microsoft 365 admin center, choose Admin centers.](../media/fa4484f8-c637-45fd-a7bd-bdb3abfd6c03.png)
-3. Choose **Security &amp; Compliance** to go to Security &amp; compliance center.
+3. Choose **Security &amp; Compliance** to go to Security &amp; compliance center.
business Set Up https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business/set-up.md
To set up services, you have to update some records at your DNS host or domain r
The policies you set up in the wizard are applied automatically to a [Security group](/office365/admin/create-groups/compare-groups#security-groups) called *All Users*. You can also create additional groups to assign policies to in the admin center.
-1. On the **Increase protection from advanced cyber threats**, it is recommended that you accept the defaults to let [Office 365 Advance Threat Protection](../security/office-365-security/office-365-atp.md) scan files and links in Office apps.
+1. On the **Increase protection from advanced cyber threats**, it is recommended that you accept the defaults to let [Office 365 Advance Threat Protection](../security/defender-365-security/defender-for-office-365.md) scan files and links in Office apps.
![Screenshot of Increase protection page.](../media/increasetreatprotection.png)
You can also install Office individually. See [install Office on a PC or Mac](ht
## See also
-[Microsoft 365 for business training videos](https://support.microsoft.com/office/6ab4bbcd-79cf-4000-a0bd-d42ce4d12816)
+[Microsoft 365 for business training videos](https://support.microsoft.com/office/6ab4bbcd-79cf-4000-a0bd-d42ce4d12816)
business Threats Detected Defender Av https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business/threats-detected-defender-av.md
To learn more about different threats, visit the <a href="https://www.microsoft.
[How to turn on and use Microsoft Defender Antivirus from the Windows Security app](/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus) (article)\ [How to turn on Microsoft Defender Antivirus by using Group Policy](/mem/intune/user-help/turn-on-defender-windows#turn-on-windows-defender) (article)\ [How to update your antivirus definitions](/mem/intune/user-help/turn-on-defender-windows#update-your-antivirus-definitions) (article)\
-[How to submit malware and non-malware to Microsoft for analysis](../security/office-365-security/submitting-malware-and-non-malware-to-microsoft-for-analysis.md) (article)
+[How to submit malware and non-malware to Microsoft for analysis](/microsoft-365/security/defender-365-security/submitting-malware-and-non-malware-to-microsoft-for-analysis) (article)
campaigns M365 Campaigns Increase Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/campaigns/m365-campaigns-increase-protection.md
This article helps you increase the protection in your Microsoft 365 subscriptio
Before you begin, check your Microsoft Secure Score. Microsoft Secure Score analyzes your organization's security based on your regular activities and security settings and assigns a score. Begin by taking note of your current score. Taking the actions recommended in this article increases your score. The goal isn't to achieve the max score, but to be aware of opportunities to protect your environment that don't negatively affect productivity for your users.
-For more information, see [Microsoft Secure Score](../security/mtp/microsoft-secure-score.md).
+For more information, see [Microsoft Secure Score](../security/defender/microsoft-secure-score.md).
## Raise the level of protection against malware in mail
Your Office 365 or Microsoft 365 environment includes protection against malware
6. Click **Save.**
-For more information, see [Anti-malware protection in EOP](../security/office-365-security/anti-malware-protection.md).
+For more information, see [Anti-malware protection in EOP](../security/defender-365-security/anti-malware-protection.md).
## Protect against ransomware
To create an anti-phishing policy in Defender for Office 365, watch [this short
4. On the **Anti-phishing** page, select **+ Create**. A wizard launches that steps you through defining your anti-phishing policy.
-5. Specify the name, description, and settings for your policy as recommended in the chart below. For more information, see [Learn about anti-phishing policy in Microsoft Defender for Office 365 options](../security/office-365-security/set-up-anti-phishing-policies.md).
+5. Specify the name, description, and settings for your policy as recommended in the chart below. For more information, see [Learn about anti-phishing policy in Microsoft Defender for Office 365 options](../security/defender-365-security/set-up-anti-phishing-policies.md).
6. After you've reviewed your settings, choose **Create this policy** or **Save**, as appropriate.
To create an anti-phishing policy in Defender for Office 365, watch [this short
|Add trusted senders and domains|Here you can add your own domain, or any other trusted domains.| |Applied to|Select **The recipient domain is**. Under **Any of these**, select **Choose**. Select **+ Add**. Select the check box next to the name of the domain, for example, *contoso.<span><span>com*, in the list, and then select **Add**. Select **Done**.|
-For more information, see [Set up anti-phishing policies in Defender for Office 365](../security/office-365-security/set-up-anti-phishing-policies.md).
+For more information, see [Set up anti-phishing policies in Defender for Office 365](../security/defender-365-security/set-up-anti-phishing-policies.md).
## Protect against malicious attachments, files, and links with Defender for Office 365
To create an Safe Attachment policy, either watch [this short video](https://sup
|Redirect attachment on detection|Enable redirection (select this box) <br/> Enter the admin account or a mailbox setup for quarantine. <br/> Apply the above selection if malware scanning for attachments times out or error occurs (select this box).| |Applied to|The recipient domain is . . . select your domain.|
-For more information, see [Set up anti-phishing policies in Defender for Office 365](../security/office-365-security/set-up-anti-phishing-policies.md).
+For more information, see [Set up anti-phishing policies in Defender for Office 365](../security/defender-365-security/set-up-anti-phishing-policies.md).
### Set up Safe Links in the Security & Compliance Center
To create a new policy targeted to all recipients in your domain:
|Use Safe Attachments to scan downloadable content|Select this box.| |Applied to|The recipient domain is . . . select your domain.|
-For more information, see [Safe Links in Defender for Office 365](../security/office-365-security/atp-safe-links.md).
+For more information, see [Safe Links in Defender for Office 365](../security/defender-365-security/safe-links.md).
## Turn on the Unified Audit Log
You can prevent people in your organization from sharing their calendars, or you
![Screenshot of calendar free/busy sharing with anyone.](../media/sharefreebusy.png)
-If your users are allowed to share their calendars, see [these instructions](https://support.office.com/article/7ecef8ae-139c-40d9-bae2-a23977ee58d5) for how to share from Outlook on the web.
+If your users are allowed to share their calendars, see [these instructions](https://support.office.com/article/7ecef8ae-139c-40d9-bae2-a23977ee58d5) for how to share from Outlook on the web.
commerce Understand Your Invoice https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/understand-your-invoice.md
Title: Understand your bill or invoice f1.keywords:-- NOCSH
+- CSH
commerce Upgrade To Different Plan https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/upgrade-to-different-plan.md
If you don't see any plans on the **Upgrade** tab, it means your plan can't be u
#### You can't upgrade subscriptions now because you have more users than licenses. To upgrade plans automatically, all of your users need to be assigned valid licenses. If you have assigned more licenses than you have
-purchased, you'll see an alert on the <a href="https://go.microsoft.com/fwlink/p/?linkid=842264" target="_blank">Licenses</a> page that says you have a licensing conflict that needs to be resolved. [Learn how to resolve license conflicts](../../admin/manage/resolve-license-conflicts.md). After you have resolved any licensing conflicts, you should see plans listed on the **Upgrade** tab. If not, you can [change plans manually](change-plans-manually.md), or [call support](../../admin/contact-support-for-business-products.md).
+purchased, you'll see an alert on the <a href="https://go.microsoft.com/fwlink/p/?linkid=842264" target="_blank">Licenses</a> page that says you have a licensing conflict that needs to be resolved. [Learn how to resolve license conflicts](../../commerce/licenses/buy-licenses.md). After you have resolved any licensing conflicts, you should see plans listed on the **Upgrade** tab. If not, you can [change plans manually](change-plans-manually.md), or [call support](../../admin/contact-support-for-business-products.md).
#### You can't upgrade subscriptions right now because this subscription isn't fully set up or the service isn't available.
commerce Why Can T I Switch Plans https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/why-can-t-i-switch-plans.md
If you don't see the **Switch plans** button, your plan can't be switched automa
::: moniker range="o365-worldwide"
-To use the **Switch plans** button to switch plans automatically, all of your users need to be assigned valid licenses. If you have assigned more licenses than you have purchased, you'll see an alert on the <a href="https://go.microsoft.com/fwlink/p/?linkid=842264" target="_blank">Licenses</a> page that says you have a licensing conflict that needs to be resolved. [Learn how to resolve license conflicts](../../admin/manage/resolve-license-conflicts.md). After you have resolved any licensing conflicts, you should see the **Switch plans** button. If not, you can [switch plans manually](switch-plans-manually.md), or [call support](../../admin/contact-support-for-business-products.md).
+To use the **Switch plans** button to switch plans automatically, all of your users need to be assigned valid licenses. If you have assigned more licenses than you have purchased, you'll see an alert on the <a href="https://go.microsoft.com/fwlink/p/?linkid=842264" target="_blank">Licenses</a> page that says you have a licensing conflict that needs to be resolved. [Learn how to resolve license conflicts](../../commerce/licenses/buy-licenses.md). After you have resolved any licensing conflicts, you should see the **Switch plans** button. If not, you can [switch plans manually](switch-plans-manually.md), or [call support](../../admin/contact-support-for-business-products.md).
::: moniker-end ::: moniker range="o365-germany"
-To use the **Switch plans** button to switch plans automatically, all of your users need to be assigned valid licenses. If you have assigned more licenses than you have purchased, you'll see an alert on the <a href="https://go.microsoft.com/fwlink/p/?linkid=848038" target="_blank">Licenses</a> page that says you have a licensing conflict that needs to be resolved. [Learn how to resolve license conflicts](../../admin/manage/resolve-license-conflicts.md). After you have resolved any licensing conflicts, you should see the **Switch plans** button. If not, you can [switch plans manually](switch-plans-manually.md), or [call support](../../admin/contact-support-for-business-products.md).
+To use the **Switch plans** button to switch plans automatically, all of your users need to be assigned valid licenses. If you have assigned more licenses than you have purchased, you'll see an alert on the <a href="https://go.microsoft.com/fwlink/p/?linkid=848038" target="_blank">Licenses</a> page that says you have a licensing conflict that needs to be resolved. [Learn how to resolve license conflicts](../../commerce/licenses/buy-licenses.md). After you have resolved any licensing conflicts, you should see the **Switch plans** button. If not, you can [switch plans manually](switch-plans-manually.md), or [call support](../../admin/contact-support-for-business-products.md).
::: moniker-end ::: moniker range="o365-21vianet"
-To use the **Switch plans** button to switch plans automatically, all of your users need to be assigned valid licenses. If you have assigned more licenses than you have purchased, you'll see an alert on the <a href="https://go.microsoft.com/fwlink/p/?linkid=850625" target="_blank">Licenses</a> page that says you have a licensing conflict that needs to be resolved. [Learn how to resolve license conflicts](../../admin/manage/resolve-license-conflicts.md). After you have resolved any licensing conflicts, you should see the **Switch plans** button. If not, you can [switch plans manually](switch-plans-manually.md), or [call support](../../admin/contact-support-for-business-products.md).
+To use the **Switch plans** button to switch plans automatically, all of your users need to be assigned valid licenses. If you have assigned more licenses than you have purchased, you'll see an alert on the <a href="https://go.microsoft.com/fwlink/p/?linkid=850625" target="_blank">Licenses</a> page that says you have a licensing conflict that needs to be resolved. [Learn how to resolve license conflicts](../../commerce/licenses/buy-licenses.md). After you have resolved any licensing conflicts, you should see the **Switch plans** button. If not, you can [switch plans manually](switch-plans-manually.md), or [call support](../../admin/contact-support-for-business-products.md).
::: moniker-end
compliance Alert Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/alert-policies.md
An alert policy consists of the following settings and conditions.
- **Activity the alert is tracking** - You create a policy to track an activity or in some cases a few related activities, such a sharing a file with an external user by sharing it, assigning access permissions, or creating an anonymous link. When a user performs the activity defined by the policy, an alert is triggered based on the alert threshold settings. > [!NOTE]
- > The activities that you can track depend on your organization's Office 365 Enterprise or Office 365 US Government plan. In general, activities related to malware campaigns and phishing attacks require an E5/G5 subscription or an E1/F1/G1 or E3/F3/G3 subscription with an [Defender for Office 365](../security/office-365-security/office-365-atp.md) Plan 2 add-on subscription.
+ > The activities that you can track depend on your organization's Office 365 Enterprise or Office 365 US Government plan. In general, activities related to malware campaigns and phishing attacks require an E5/G5 subscription or an E1/F1/G1 or E3/F3/G3 subscription with an [Defender for Office 365](../security/defender-365-security/defender-for-office-365.md) Plan 2 add-on subscription.
- **Activity conditions** - For most activities, you can define additional conditions that must be met to trigger an alert. Common conditions include IP addresses (so that an alert is triggered when the user performs the activity on a computer with a specific IP address or within an IP address range), whether an alert is triggered if a specific user or users perform that activity, and whether the activity is performed on a specific file name or URL. You can also configure a condition that triggers an alert when the activity is performed by any user in your organization. The available conditions are dependent on the selected activity.
The table also indicates the Office 365 Enterprise and Office 365 US Government
| Default alert policy | Description | Category | Enterprise subscription | |:--|:--|:--|:--|
-|**A potentially malicious URL click was detected**|Generates an alert when a user protected by [Safe Links](../security/office-365-security/atp-safe-links.md) in your organization clicks a malicious link. This event is triggered when URL verdict changes are identified by Microsoft Defender for Office 365 or when users override the Safe Links pages (based on your organization's Microsoft 365 for business Safe Links policy). This alert policy has a **High** severity setting. For Defender for Office 365 P2, E5, G5 customers, this alert automatically triggers [automated investigation and response in Office 365](../security/office-365-security/office-365-air.md). For more information on events that trigger this alert, see [Set up Safe Links policies](../security/office-365-security/set-up-atp-safe-links-policies.md).|Threat management|E5/G5 or Defender for Office 365 P2 add-on subscription|
-|**Admin Submission result completed**|Generates an alert when an [Admin Submission](../security/office-365-security/admin-submission.md) completes the rescan of the submitted entity. An alert will be triggered every time a rescan result is rendered from an Admin Submission. These alerts are meant to remind you to [review the results of previous submissions](https://protection.office.com/reportsubmission), submit user reported messages to get the latest policy check and rescan verdicts, and help you determine if the filtering policies in your organization are having the intended impact. This policy has a **Low** severity setting.|Threat management|E1/F1, E3/F3, or E5|
-|**Admin triggered manual investigation of email**|Generates an alert when an admin triggers the manual investigation of an email from Threat Explorer. For more information, see [Example: A security administrator triggers an investigation from Threat Explorer] (https://docs.microsoft.com/microsoft-365/security/office-365-security/automated-investigation-response-office#example-a-security-administrator-triggers-an-investigation-from-threat-explorer). This alert notifies your organization that the investigation was started. The alert provides information about who triggered it and includes a link to the investigation. This policy has an **Informational** severity setting.|Threat management| E5/G5 or Microsoft Defender for Office 365 P2 add-on subscription|
+|**A potentially malicious URL click was detected**|Generates an alert when a user protected by [Safe Links](../security/defender-365-security/safe-links.md) in your organization clicks a malicious link. This event is triggered when URL verdict changes are identified by Microsoft Defender for Office 365 or when users override the Safe Links pages (based on your organization's Microsoft 365 for business Safe Links policy). This alert policy has a **High** severity setting. For Defender for Office 365 P2, E5, G5 customers, this alert automatically triggers [automated investigation and response in Office 365](../security/defender-365-security/office-365-air.md). For more information on events that trigger this alert, see [Set up Safe Links policies](../security/defender-365-security/set-up-safe-links-policies.md).|Threat management|E5/G5 or Defender for Office 365 P2 add-on subscription|
+|**Admin Submission result completed**|Generates an alert when an [Admin Submission](../security/defender-365-security/admin-submission.md) completes the rescan of the submitted entity. An alert will be triggered every time a rescan result is rendered from an Admin Submission. These alerts are meant to remind you to [review the results of previous submissions](https://protection.office.com/reportsubmission), submit user reported messages to get the latest policy check and rescan verdicts, and help you determine if the filtering policies in your organization are having the intended impact. This policy has a **Low** severity setting.|Threat management|E1/F1, E3/F3, or E5|
+|**Admin triggered manual investigation of email**|Generates an alert when an admin triggers the manual investigation of an email from Threat Explorer. For more information, see [Example: A security administrator triggers an investigation from Threat Explorer] (https://docs.microsoft.com/microsoft-365/security/defender-365-security/automated-investigation-response-office#example-a-security-administrator-triggers-an-investigation-from-threat-explorer). This alert notifies your organization that the investigation was started. The alert provides information about who triggered it and includes a link to the investigation. This policy has an **Informational** severity setting.|Threat management| E5/G5 or Microsoft Defender for Office 365 P2 add-on subscription|
|**Creation of forwarding/redirect rule**|Generates an alert when someone in your organization creates an inbox rule for their mailbox that forwards or redirects messages to another email account. This policy only tracks inbox rules that are created using Outlook on the web (formerly known as Outlook Web App) or Exchange Online PowerShell. This policy has a **Low** severity setting. For more information about using inbox rules to forward and redirect email in Outlook on the web, see [Use rules in Outlook on the web to automatically forward messages to another account](https://support.office.com/article/1433e3a0-7fb0-4999-b536-50e05cb67fed).|Threat management|E1/F1/G1, E3/F3/G3, or E5/G5| |**eDiscovery search started or exported**|Generates an alert when someone uses the Content search tool in the Security and compliance center. An alert is triggered when the following content search activities are performed: <br/><br/>* A content search is started<br/>* The results of a content search are exported<br/>* A content search report is exported<br/><br/>Alerts are also triggered when the previous content search activities are performed in association with an eDiscovery case. This policy has a **Medium** severity setting. For more information about content search activities, see [Search for eDiscovery activities in the audit log](search-for-ediscovery-activities-in-the-audit-log.md#ediscovery-activities).|Threat management|E1/F1/G1, E3/F3/G3, or E5/G5| |**Elevation of Exchange admin privilege**|Generates an alert when someone is assigned administrative permissions in your Exchange Online organization. For example, when a user is added to the Organization Management role group in Exchange Online. This policy has a **Low** severity setting.|Permissions|E1/F1/G1, E3/F3/G3, or E5/G5|
-|**Email messages containing malware removed after delivery**|Generates an alert when any messages containing malware are delivered to mailboxes in your organization. If this event occurs, Microsoft removes the infected messages from Exchange Online mailboxes using [Zero-hour auto purge](../security/office-365-security/zero-hour-auto-purge.md). This policy has an **Informational** severity setting and automatically triggers [automated investigation and response in Office 365](../security/office-365-security/office-365-air.md).|Threat management|E5/G5 or Microsoft Defender for Office 365 P2 add-on subscription|
-|**Email messages containing phish URLs removed after delivery**|Generates an alert when any messages containing phish are delivered to mailboxes in your organization. If this event occurs, Microsoft removes the infected messages from Exchange Online mailboxes using [Zero-hour auto purge](../security/office-365-security/zero-hour-auto-purge.md). This policy has an **Informational** severity setting and automatically triggers [automated investigation and response in Office 365](../security/office-365-security/office-365-air.md).|Threat management|E5/G5 or Defender for Office 365 P2 add-on subscription|
-|**Email reported by user as malware or phish**|Generates an alert when users in your organization report messages as phishing email using the Report Message add-in. This policy has an **Informational** severity setting. For more information about this add-in, see [Use the Report Message add-in](https://support.office.com/article/b5caa9f1-cdf3-4443-af8c-ff724ea719d2). For Defender for Office 365 P2, E5, G5 customers, this alert automatically triggers [automated investigation and response in Office 365](../security/office-365-security/office-365-air.md).|Threat management|E1/F1/G1, E3/F3/G3, or E5/G5|
-|**Email sending limit exceeded**|Generates an alert when someone in your organization has sent more mail than is allowed by the outbound spam policy. This is usually an indication the user is sending too much email or that the account may be compromised. This policy has a **Medium** severity setting. If you get an alert generated by this alert policy, it's a good idea to [check whether the user account is compromised](../security/office-365-security/responding-to-a-compromised-email-account.md).|Threat management|E1/F1/G1, E3/F3/G3, or E5/G5|
+|**Email messages containing malware removed after delivery**|Generates an alert when any messages containing malware are delivered to mailboxes in your organization. If this event occurs, Microsoft removes the infected messages from Exchange Online mailboxes using [Zero-hour auto purge](../security/defender-365-security/zero-hour-auto-purge.md). This policy has an **Informational** severity setting and automatically triggers [automated investigation and response in Office 365](../security/defender-365-security/office-365-air.md).|Threat management|E5/G5 or Microsoft Defender for Office 365 P2 add-on subscription|
+|**Email messages containing phish URLs removed after delivery**|Generates an alert when any messages containing phish are delivered to mailboxes in your organization. If this event occurs, Microsoft removes the infected messages from Exchange Online mailboxes using [Zero-hour auto purge](../security/defender-365-security/zero-hour-auto-purge.md). This policy has an **Informational** severity setting and automatically triggers [automated investigation and response in Office 365](../security/defender-365-security/office-365-air.md).|Threat management|E5/G5 or Defender for Office 365 P2 add-on subscription|
+|**Email reported by user as malware or phish**|Generates an alert when users in your organization report messages as phishing email using the Report Message add-in. This policy has an **Informational** severity setting. For more information about this add-in, see [Use the Report Message add-in](https://support.office.com/article/b5caa9f1-cdf3-4443-af8c-ff724ea719d2). For Defender for Office 365 P2, E5, G5 customers, this alert automatically triggers [automated investigation and response in Office 365](../security/defender-365-security/office-365-air.md).|Threat management|E1/F1/G1, E3/F3/G3, or E5/G5|
+|**Email sending limit exceeded**|Generates an alert when someone in your organization has sent more mail than is allowed by the outbound spam policy. This is usually an indication the user is sending too much email or that the account may be compromised. This policy has a **Medium** severity setting. If you get an alert generated by this alert policy, it's a good idea to [check whether the user account is compromised](../security/defender-365-security/responding-to-a-compromised-email-account.md).|Threat management|E1/F1/G1, E3/F3/G3, or E5/G5|
|**Form blocked due to potential phishing attempt**|Generates an alert when someone in your organization has been restricted from sharing forms and collecting responses using Microsoft Forms due to detected repeated phishing attempt behavior. This policy has a **High severity** setting.|Threat management|E1, E3/F3, or E5| |**Form flagged and confirmed as phishing**|Generates an alert when a form created in Microsoft Forms from within your organization has been identified as potential phishing through Report Abuse and confirmed as phishing by Microsoft. This policy has a **High** severity setting.|Threat management|E1, E3/F3, or E5| |**Messages have been delayed**|Generates an alert when Microsoft can't deliver email messages to your on-premises organization or a partner server by using a connector. When this happens, the message is queued in Office 365. This alert is triggered when there are 2,000 messages or more that have been queued for more than an hour. This policy has a **High** severity setting.|Mail flow|E1/F1/G1, E3/F3/G3, or E5/G5|
The table also indicates the Office 365 Enterprise and Office 365 US Government
|**Malware not zapped because ZAP is disabled**| Generates an alert when Microsoft detects delivery of a malware message to a mailbox because Zero-Hour Auto Purge for Phish messages is disabled. This policy has an **Informational** severity setting. |Threat management|E5/G5 or Defender for Office 365 P2 add-on subscription| |**Phish delivered because a user's Junk Mail folder is disabled**|Generates an alert when Microsoft detects a userΓÇÖs Junk Mail folder is disabled, allowing delivery of a high confidence phishing message to a mailbox. This policy has an **Informational** severity setting.|Threat management|E5/G5 or Defender for Office 365 P1 or P2 add-on subscription| |**Phish delivered due to an ETR override**|Generates an alert when Microsoft detects an Exchange Transport Rule (ETR) that allowed delivery of a high confidence phishing message to a mailbox. This policy has an **Informational** severity setting. For more information about Exchange Transport Rules (Mail flow rules), see [Mail flow rules (transport rules) in Exchange Online](/exchange/security-and-compliance/mail-flow-rules/mail-flow-rules).|Threat management|E5/G5 or Defender for Office 365 P1 or P2 add-on subscription|
-|**Phish delivered due to an IP allow policy**|Generates an alert when Microsoft detects an IP allow policy that allowed delivery of a high confidence phishing message to a mailbox. This policy has an **Informational** severity setting. For more information about the IP allow policy (connection filtering), see [Configure the default connection filter policy - Office 365](../security/office-365-security/configure-the-connection-filter-policy.md).|Threat management|E5/G5 or Defender for Office 365 P1 or P2 add-on subscription|
+|**Phish delivered due to an IP allow policy**|Generates an alert when Microsoft detects an IP allow policy that allowed delivery of a high confidence phishing message to a mailbox. This policy has an **Informational** severity setting. For more information about the IP allow policy (connection filtering), see [Configure the default connection filter policy - Office 365](../security/defender-365-security/configure-the-connection-filter-policy.md).|Threat management|E5/G5 or Defender for Office 365 P1 or P2 add-on subscription|
|**Phish not zapped because ZAP is disabled**| Generates an alert when Microsoft detects delivery of a high confidence phishing message to a mailbox because Zero-Hour Auto Purge for Phish messages is disabled. This policy has an **Informational** severity setting.|Threat management|E5/G5 or Defender for Office 365 P2 add-on subscription| |**Phish delivered due to tenant or user override**<sup>1</sup>|Generates an alert when Microsoft detects an admin or user override allowed the delivery of a phishing message to a mailbox. Examples of overrides include an inbox or mail flow rule that allows messages from a specific sender or domain, or an anti-spam policy that allows messages from specific senders or domains. This policy has a **High** severity setting.|Threat management|E5/G5 or Defender for Office 365 P2 add-on subscription|
-|**Suspicious email forwarding activity**|Generates an alert when someone in your organization has autoforwarded email to a suspicious external account. This is an early warning for behavior that may indicate the account is compromised, but not severe enough to restrict the user. This policy has a **Medium** severity setting. Although it's rare, an alert generated by this policy may be an anomaly. It's a good idea to [check whether the user account is compromised](../security/office-365-security/responding-to-a-compromised-email-account.md).|Threat management|E1/F1/G1, E3/F3/G3, or E5/G5|
-|**Suspicious email sending patterns detected**|Generates an alert when someone in your organization has sent suspicious email and is at risk of being restricted from sending email. This is an early warning for behavior that may indicate that the account is compromised, but not severe enough to restrict the user. This policy has a **Medium** severity setting. Although it's rare, an alert generated by this policy may be an anomaly. However, it's a good idea to [check whether the user account is compromised](../security/office-365-security/responding-to-a-compromised-email-account.md).|Threat management|E1/F1/G1, E3/F3/G3, or E5/G5 |
+|**Suspicious email forwarding activity**|Generates an alert when someone in your organization has autoforwarded email to a suspicious external account. This is an early warning for behavior that may indicate the account is compromised, but not severe enough to restrict the user. This policy has a **Medium** severity setting. Although it's rare, an alert generated by this policy may be an anomaly. It's a good idea to [check whether the user account is compromised](../security/defender-365-security/responding-to-a-compromised-email-account.md).|Threat management|E1/F1/G1, E3/F3/G3, or E5/G5|
+|**Suspicious email sending patterns detected**|Generates an alert when someone in your organization has sent suspicious email and is at risk of being restricted from sending email. This is an early warning for behavior that may indicate that the account is compromised, but not severe enough to restrict the user. This policy has a **Medium** severity setting. Although it's rare, an alert generated by this policy may be an anomaly. However, it's a good idea to [check whether the user account is compromised](../security/defender-365-security/responding-to-a-compromised-email-account.md).|Threat management|E1/F1/G1, E3/F3/G3, or E5/G5 |
|**Tenant restricted from sending email**|Generates an alert when most of the email traffic from your organization has been detected as suspicious and Microsoft has restricted your organization from sending email. Investigate any potentially compromised user and admin accounts, new connectors, or open relays, and then contact Microsoft Support to unblock your organization. This policy has a **High** severity setting. For more information about why organizations are blocked, see [Fix email delivery issues for error code 5.7.7xx in Exchange Online](/Exchange/mail-flow-best-practices/non-delivery-reports-in-exchange-online/fix-error-code-5-7-700-through-5-7-750).|Threat management|E1/F1/G1, E3/F3/G3, or E5/G5| |**Unusual external user file activity**|Generates an alert when an unusually large number of activities are performed on files in SharePoint or OneDrive by users outside of your organization. This includes activities such as accessing files, downloading files, and deleting files. This policy has a **High** severity setting.|Information governance|E5/G5, Microsoft Defender for Office 365 P2, or Microsoft 365 E5 add-on subscription| |**Unusual volume of external file sharing**|Generates an alert when an unusually large number of files in SharePoint or OneDrive are shared with users outside of your organization. This policy has a **Medium** severity setting.|Information governance|E5/G5, Defender for Office 365 P2, or Microsoft 365 E5 add-on subscription|
The table also indicates the Office 365 Enterprise and Office 365 US Government
||||| > [!NOTE]
-> <sup>1</sup> We've temporarily removed this default alert policy based on customer feedback. We're working to improve it, and will replace it with a new version in the near future. Until then, you can create a custom alert policy to replace this functionality by using the following settings:<br/>&nbsp; * Activity is Phish email detected at time of delivery<br/>&nbsp; * Mail is not ZAP'd<br/>&nbsp; * Mail direction is Inbound<br/>&nbsp; * Mail delivery status is Delivered<br/>&nbsp; * Detection technology is Malicious URL retention, URL detonation, Advanced phish filter, General phish filter, Domain impersonation, User impersonation, and Brand impersonation<br/><br/>&nbsp;&nbsp;&nbsp;For more information about anti-phishing in Office 365, see [Set up anti-phishing and anti-phishing policies](../security/office-365-security/set-up-anti-phishing-policies.md).<br/><br/><sup>2</sup> To recreate this alert policy, follow the guidance in the previous footnote, but choose User impersonation as the only Detection technology.
+> <sup>1</sup> We've temporarily removed this default alert policy based on customer feedback. We're working to improve it, and will replace it with a new version in the near future. Until then, you can create a custom alert policy to replace this functionality by using the following settings:<br/>&nbsp; * Activity is Phish email detected at time of delivery<br/>&nbsp; * Mail is not ZAP'd<br/>&nbsp; * Mail direction is Inbound<br/>&nbsp; * Mail delivery status is Delivered<br/>&nbsp; * Detection technology is Malicious URL retention, URL detonation, Advanced phish filter, General phish filter, Domain impersonation, User impersonation, and Brand impersonation<br/><br/>&nbsp;&nbsp;&nbsp;For more information about anti-phishing in Office 365, see [Set up anti-phishing and anti-phishing policies](../security/defender-365-security/set-up-anti-phishing-policies.md).<br/><br/><sup>2</sup> To recreate this alert policy, follow the guidance in the previous footnote, but choose User impersonation as the only Detection technology.
The unusual activity monitored by some of the built-in policies is based on the same process as the alert threshold setting that was previously described. Microsoft establishes a baseline value that defines the normal frequency for "usual" activity. Alerts are then triggered when the frequency of activities tracked by the built-in alert policy greatly exceeds the baseline value.
You can use the following filters to view a subset of all the alerts on the **Vi
- **Category.** Use this filter to show alerts from one or more alert categories. -- **Tags.** Use this filter to show alerts from one or more user tags. Tags are reflected based on tagged mailboxes or users that appear in the alerts. See [User tags in Office 356 ATP](..\security\office-365-security\user-tags.md) to learn more.
+- **Tags.** Use this filter to show alerts from one or more user tags. Tags are reflected based on tagged mailboxes or users that appear in the alerts. See [User tags in Office 356 ATP](../security/defender-365-security/user-tags.md) to learn more.
- **Source.** Use this filter to show alerts triggered by alert policies in the security and compliance center or alerts triggered by Office 365 Cloud App Security policies, or both. For more information about Office 365 Cloud App Security alerts, see [Viewing Cloud App Security alerts](#viewing-cloud-app-security-alerts).
Similar to an alert triggered by an alert policy in the security and compliance
![Alert details contain links to the Cloud App Security portal](../media/CASAlertDetail.png) > [!IMPORTANT]
-> Changing the status of a Cloud App Security alert in the security and compliance center won't update the resolution status for the same alert in the Cloud App Security portal. For example, if you mark the status of the alert as **Resolved** in the security and compliance center, the status of the alert in the Cloud App Security portal is unchanged. To resolve or dismiss a Cloud App Security alert, manage the alert in the Cloud App Security portal.
+> Changing the status of a Cloud App Security alert in the security and compliance center won't update the resolution status for the same alert in the Cloud App Security portal. For example, if you mark the status of the alert as **Resolved** in the security and compliance center, the status of the alert in the Cloud App Security portal is unchanged. To resolve or dismiss a Cloud App Security alert, manage the alert in the Cloud App Security portal.
compliance Archive Celltrust Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-celltrust-data.md
localization_priority: Normal
-description: "Admins can set up a connector to import and archive CellTrust data from Globanet to Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."
+description: "Admins can set up a connector to import and archive CellTrust data from Veritas to Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."
# Set up a connector to archive CellTrust data
-Use a Globanet connector in the Microsoft 365 compliance center to import and archive data from the CellTrust platform to user mailboxes in your Microsoft 365 organization. Globanet provides a [CellTrust](https://globanet.com/celltrust/) connector that captures items from the third-party data source and imports those items to Microsoft 365. The connector converts the content of SMS messages from CellTrust accounts to an email message format and then imports those items to the user's mailbox in Microsoft 365.
+Use a Veritas connector in the Microsoft 365 compliance center to import and archive data from the CellTrust platform to user mailboxes in your Microsoft 365 organization. Veritas provides a [CellTrust](https://globanet.com/celltrust/) connector that captures items from the third-party data source and imports those items to Microsoft 365. The connector converts the content of SMS messages from CellTrust accounts to an email message format and then imports those items to the user's mailbox in Microsoft 365.
After CellTrust data is stored in user mailboxes, you can apply Microsoft 365 compliance features such as Litigation Hold, eDiscovery, retention policies and retention labels, and communication compliance. Using a CellTrust connector to import and archive data in Microsoft 365 can help your organization stay compliant with government and regulatory policies.
The following overview explains the process of using a connector to archive Cell
1. Your organization works with CellTrust to set up and configure a CellTrust site.
-2. Once every 24 hours, CellTrust items are copied to the Globanet Merge1 site. The connector also converts the content of a message to an email message format.
+2. Once every 24 hours, CellTrust items are copied to the Veritas Merge1 site. The connector also converts the content of a message to an email message format.
-3. The CellTrust connector that you create in the Microsoft 365 compliance center connects to the Globanet Merge1 site every day and transfers the messages to a secure Azure Storage location in the Microsoft cloud.
+3. The CellTrust connector that you create in the Microsoft 365 compliance center connects to the Veritas Merge1 site every day and transfers the messages to a secure Azure Storage location in the Microsoft cloud.
4. The automatic user mapping as connector imports items to the mailboxes of specific users by using the value of the *Email* property of the described in [Step 3](#step-3-map-users-and-complete-the-connector-setup). A subfolder in the Inbox folder named **CellTrust** is created in the user mailboxes, and the message items are imported to that folder. The connector determines which mailbox to import items to by using the value of the *Email* property. Every CellTrust item contains this property, which is populated with the email address of every participant. ## Before you begin -- Create a Merge1 account for Microsoft connectors. To create an account, contact [Globanet Customer Support](https://globanet.com/contact-us/). You need to sign into this account when you create the connector in Step 1.
+- Create a Merge1 account for Microsoft connectors. To create an account, contact [Veritas Customer Support](https://www.veritas.com/content/support/). You need to sign into this account when you create the connector in Step 1.
- The user who creates the CellTrust connector in Step 1 (and completes it in Step 3) must be assigned to the Mailbox Import Export role in Exchange Online. This role is required to add connectors on the **Data connectors** page in the Microsoft 365 compliance center. By default, this role isn't assigned to any role group in Exchange Online. You can add the Mailbox Import Export role to the Organization Management role group in Exchange Online. Or you can create a role group, assign the Mailbox Import Export role, and then add the appropriate users as members. For more information, see the [Create role groups](/Exchange/permissions-exo/role-groups#create-role-groups) or [Modify role groups](/Exchange/permissions-exo/role-groups#modify-role-groups) sections in the article "Manage role groups in Exchange Online".
The first step is to access to the **Data Connectors** in the Microsoft 365 comp
5. Sign in to your Merge1 account to configure the connector.
-## Step 2: Configure the CellTrust connector on the Globanet Merge1 site
+## Step 2: Configure the CellTrust connector on the Veritas Merge1 site
-The second step is to configure the CellTrust connector on the Globanet Merge1 site. For information about how to configure the CellTrust connector, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20CellTrust%20User%20Guide%20.pdf).
+The second step is to configure the CellTrust connector on the Veritas Merge1 site. For information about how to configure the CellTrust connector, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20CellTrust%20User%20Guide%20.pdf).
After you click **Save & Finish**, the **User mapping** page in the connector wizard in the Microsoft 365 compliance center is displayed.
compliance Archive Ciscojabberonmssql Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-ciscojabberonmssql-data.md
localization_priority: Normal
-description: "Admins can set up a connector to import and archive Cisco Jabber data from Globanet in Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."
+description: "Admins can set up a connector to import and archive Cisco Jabber data from Veritas in Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."
# Set up a connector to archive Cisco Jabber data
-Use a Globanet connector in the Microsoft 365 compliance center to import and archive data from the Cisco Jabber platform to user mailboxes in your Microsoft 365 organization. Globanet provides you with a [Cisco Jabber](https://globanet.com/jabber/) connector that is configured to capture items from the JabberΓÇÖs MS SQL Database, such as 1:1 chat messages and group chats and then import those items to Microsoft 365. The connector retrieves data from the Cisco JabberΓÇÖs MS SQL Database, processes it, and the converts the content from a user's Cisco Jabber account to an email message format and then imports those items to the user's mailbox in Microsoft 365.
+Use a Veritas connector in the Microsoft 365 compliance center to import and archive data from the Cisco Jabber platform to user mailboxes in your Microsoft 365 organization. Veritas provides you with a [Cisco Jabber](https://globanet.com/jabber/) connector that is configured to capture items from the JabberΓÇÖs MS SQL Database, such as 1:1 chat messages and group chats and then import those items to Microsoft 365. The connector retrieves data from the Cisco JabberΓÇÖs MS SQL Database, processes it, and the converts the content from a user's Cisco Jabber account to an email message format and then imports those items to the user's mailbox in Microsoft 365.
After Cisco Jabber data is stored in user mailboxes, you can apply Microsoft 365 compliance features such as Litigation Hold, eDiscovery, retention policies and retention labels, and communication compliance. Using a Cisco Jabber connector to import and archive data in Microsoft 365 can help your organization stay compliant with government and regulatory policies.
The following overview explains the process of using a connector to archive Cisc
1. Your organization works with Cisco to set up and configure a Cisco Jabber on MS SQL Database.
-2. Once every 24 hours, Cisco Jabber items are copied from the MS SQL Database to the Globanet Merge1 site. The connector also converts the content of chat messages to an email message format.
+2. Once every 24 hours, Cisco Jabber items are copied from the MS SQL Database to the Veritas Merge1 site. The connector also converts the content of chat messages to an email message format.
-3. The Cisco Jabber connector that you create in the Microsoft 365 compliance center connects to the Globanet Merge1 site every day and transfers the items to a secure Azure Storage location in the Microsoft cloud.
+3. The Cisco Jabber connector that you create in the Microsoft 365 compliance center connects to the Veritas Merge1 site every day and transfers the items to a secure Azure Storage location in the Microsoft cloud.
4. The automatic user mapping as connector imports items to the mailboxes of specific users by using the value of the *Email* property of the described in [Step 3](#step-3-map-users-and-complete-the-connector-setup). A subfolder in the Inbox folder named **Cisco Jabber on MS SQL** is created in the user mailboxes, and the message items are imported to that folder. The connector determines which mailbox to import items to by using the value of the *Email* property. Every Cisco Jabber item contains this property, which is populated with the email address of every participant. ## Before you begin -- Create a Globanet Merge1 account for Microsoft connectors. To create this account, contact [Globanet Customer Support](https://globanet.com/ms-connectors-contact/). You will sign into this account when you create the connector in Step 1.
+- Create a Veritas Merge1 account for Microsoft connectors. To create this account, contact [Veritas Customer Support](https://www.veritas.com/content/support/). You will sign into this account when you create the connector in Step 1.
- Set up an MS SQL Database to retrieve Jabber items from before creating the connector in Step 1. You will specify the connection settings for the MS SQL Database when configuring the Cisco Jabber connector in Step 2. For more information, see the [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20Cisco%20Jabber%20on%20MS%20SQL%20User%20Guide%20.pdf).
The first step is to access to the **Data Connectors** in the Microsoft 365 comp
5. Sign in to your Merge1 account to configure the connector.
-## Step 2: Configure the Cisco Jabber connector on the Globanet Merge1 site
+## Step 2: Configure the Cisco Jabber connector on the Veritas Merge1 site
-The second step is to configure the Cisco Jabber on MS SQL connector on the Globanet Merge1 site. For information about how to configure the Cisco Jabber on MS SQL connector, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20Cisco%20Jabber%20on%20MS%20SQL%20User%20Guide%20.pdf).
+The second step is to configure the Cisco Jabber on MS SQL connector on the Veritas Merge1 site. For information about how to configure the Cisco Jabber on MS SQL connector, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20Cisco%20Jabber%20on%20MS%20SQL%20User%20Guide%20.pdf).
After you click **Save & Finish**, the **User mapping** page in the connector wizard in the Microsoft 365 compliance center is displayed.
compliance Archive Eml Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-eml-data.md
localization_priority: Normal
-description: "Admins can set up a connector to import and archive EML data from Globanet into Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."
+description: "Admins can set up a connector to import and archive EML data from Veritas into Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."
# Set up a connector to archive EML data
-Use a Globanet connector in the Microsoft 365 compliance center to import and archive EML data to user mailboxes in your Microsoft 365 organization. EML is the file extension for an email message saved to a file. The connector converts the content of an item from the source format to an email message format and then imports the item to a user mailbox.
+Use a Veritas connector in the Microsoft 365 compliance center to import and archive EML data to user mailboxes in your Microsoft 365 organization. EML is the file extension for an email message saved to a file. The connector converts the content of an item from the source format to an email message format and then imports the item to a user mailbox.
After EML messages are stored in user mailboxes, you can apply Microsoft 365 compliance features such as Litigation Hold, eDiscovery, and retention policies and retention labels. Using an EML connector to import and archive data in Microsoft 365 can help your organization stay compliant with government and regulatory policies.
The following overview explains the process of using a connector to archive EML
1. Your organization works with the EML source to set up and configure an EML site.
-2. Once every 24 hours, content items from the EML source are copied to the Globanet Merge1 site. During this process, the content of an EML file is converted to an email message format.
+2. Once every 24 hours, content items from the EML source are copied to the Veritas Merge1 site. During this process, the content of an EML file is converted to an email message format.
-3. The EML connector that you create in the Microsoft 365 compliance center, connects to the Globanet Merge1 site every day and transfers the messages to a secure Azure Storage location in the Microsoft cloud.
+3. The EML connector that you create in the Microsoft 365 compliance center, connects to the Veritas Merge1 site every day and transfers the messages to a secure Azure Storage location in the Microsoft cloud.
4. The connector imports the converted message items to the mailboxes of specific users using the value of the *Email* property of the automatic user mapping process that's described in [Step 3](#step-3-map-users-and-complete-the-connector-setup). During this process, a subfolder in the Inbox folder named **EML**is created in the user mailboxes, and the EML items are imported to that folder. The connector determines which mailbox to import items to by using the value of the *Email* property. Every message contains this property, which is populated with the email address of every participant of the content item. ## Before you begin -- Create a Globanet Merge1 account for Microsoft connectors. To create an account, contact [Globanet Customer Support](https://globanet.com/ms-connectors-contact). You will sign into this account when you create the connector in Step 1.
+- Create a Veritas Merge1 account for Microsoft connectors. To create an account, contact [Veritas Customer Support](https://globanet.com/ms-connectors-contact). You will sign into this account when you create the connector in Step 1.
- The user who creates the EML connector in Step 1 (and completes it in Step 3) must be assigned to the Mailbox Import Export role in Exchange Online. This role is required to add connectors on the **Data connectors** page in the Microsoft 365 compliance center. By default, this role is not assigned to a role group in Exchange Online. You can add the Mailbox Import Export role to the Organization Management role group in Exchange Online. Or you can create a role group, assign the Mailbox Import Export role, and then add the appropriate users as members. For more information, see the [Create role groups](/Exchange/permissions-exo/role-groups#create-role-groups) or [Modify role groups](/Exchange/permissions-exo/role-groups#modify-role-groups) sections in the article "Manage role groups in Exchange Online".
The first step is to access to the **Data Connectors** page in the Microsoft 365
5. Sign in to your Merge1 account to configure the connector.
-## Step 2: Configure the EML connector on the Globanet Merge1 site
+## Step 2: Configure the EML connector on the Veritas Merge1 site
-The second step is to configure the EML connector on the Globanet Merge1 site. For information about configuring the EML connector, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20EML%20User%20Guide%20.pdf).
+The second step is to configure the EML connector on the Veritas Merge1 site. For information about configuring the EML connector, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20EML%20User%20Guide%20.pdf).
After you click **Save & Finish**, the **User mapping** page in the connector wizard in the Microsoft 365 compliance center is displayed.
compliance Archive Fxconnect Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-fxconnect-data.md
localization_priority: Normal
-description: "Admins can set up a connector to import and archive data from Globanet FX Connect in Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365 so you can use compliance features such as legal hold, content search, and retention policies to manage your organization's third-party data."
+description: "Admins can set up a connector to import and archive data from Veritas FX Connect in Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365 so you can use compliance features such as legal hold, content search, and retention policies to manage your organization's third-party data."
# Set up a connector to archive FX Connect data
-Use a Globanet connector in the Microsoft 365 compliance center to import and archive data from the FX Connect collaboration platform to user mailboxes in your Microsoft 365 organization. Globanet provides an [FX Connect](https://globanet.com/fx-connect/) connector that is configured to capture FX Connect items and import those items to Microsoft 365. The connector converts the content from FX Connect, such as trades, messages, and other details from your organization's FX Connect account, to an email message format and then imports those items to the user's mailbox in Microsoft 365.
+Use a Veritas connector in the Microsoft 365 compliance center to import and archive data from the FX Connect collaboration platform to user mailboxes in your Microsoft 365 organization. Veritas provides an [FX Connect](https://globanet.com/fx-connect/) connector that is configured to capture FX Connect items and import those items to Microsoft 365. The connector converts the content from FX Connect, such as trades, messages, and other details from your organization's FX Connect account, to an email message format and then imports those items to the user's mailbox in Microsoft 365.
After FX Connect data is stored in user mailboxes, you can apply Microsoft 365 compliance features such as Litigation Hold, eDiscovery, retention policies and retention labels, and communication compliance. Using an FX Connect connector to import and archive data in Microsoft 365 can help your organization stay compliant with government and regulatory policies.
The following overview explains the process of using a connector to archive the
1. Your organization works with FX Connect to set up and configure an FX Connect site.
-2. Once every 24 hours, items from FX Connect accounts are copied to the Globanet Merge1 site. The connector also converts the FX Connect items to an email message format.
+2. Once every 24 hours, items from FX Connect accounts are copied to the Veritas Merge1 site. The connector also converts the FX Connect items to an email message format.
-3. The FX Connect connector that you create in the Microsoft 365 compliance center, connects to the Globanet Merge1 site every day and transfers the FX Connect items to a secure Azure Storage location in the Microsoft cloud.
+3. The FX Connect connector that you create in the Microsoft 365 compliance center, connects to the Veritas Merge1 site every day and transfers the FX Connect items to a secure Azure Storage location in the Microsoft cloud.
4. The connector imports items to the mailboxes of specific users by using the value of the *Email* property of the automatic user mapping as described in [Step 3](#step-3-map-users-and-complete-the-connector-setup). A subfolder in the Inbox folder named **FX Connect** is created in the user mailboxes, and the items are imported to that folder. The connector does this by using the value of the *Email* property. Every FX Connect item contains this property, which is populated with the email address of every participant of the item. ## Before you begin -- Create a Globanet Merge1 account for Microsoft connectors. To create an account, contact [Globanet Customer Support](https://globanet.com/ms-connectors-contact). You will sign into this account when you create the connector in Step 1.
+- Create a Veritas Merge1 account for Microsoft connectors. To create an account, contact [Veritas Customer Support](https://globanet.com/ms-connectors-contact). You will sign into this account when you create the connector in Step 1.
- The user who creates the FX Connect connector in Step 1 (and completes it in Step 3) must be assigned to the Mailbox Import Export role in Exchange Online. This role is required to add connectors on the **Data connectors** page in the Microsoft 365 compliance center. By default, this role is not assigned to a role group in Exchange Online. You can add the Mailbox Import Export role to the Organization Management role group in Exchange Online. Or you can create a role group, assign the Mailbox Import Export role, and then add the appropriate users as members. For more information, see the [Create role groups](/Exchange/permissions-exo/role-groups#create-role-groups) or [Modify role groups](/Exchange/permissions-exo/role-groups#modify-role-groups) sections in the article "Manage role groups in Exchange Online".
The first step is to access to the **Data Connectors** page in the Microsoft 365
5. Sign in to your Merge1 account to configure the connector.
-## Step 2: Configure the FX Connect connector on the Globanet Merge1 site
+## Step 2: Configure the FX Connect connector on the Veritas Merge1 site
The second step is to configure the FX Connect connector on the Merge1 site. For information about how to configure the FX Connect connector, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20FX%20Connect%20User%20Guide%20.pdf).
compliance Archive Jive Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-jive-data.md
localization_priority: Normal
-description: "Admins can set up a connector to import and archive Jive data from Globanet in Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365 so you can use compliance features such as legal hold, content search, and retention policies to manage your organization's third-party data."
+description: "Admins can set up a connector to import and archive Jive data from Veritas in Microsoft 365. This connector lets you archive third-party data in Microsoft 365 so you can use compliance features such as legal hold, content search, and retention policies to manage your organization's third-party data."
# Set up a connector to archive Jive data
-Use a Globanet connector in the Microsoft 365 compliance center to import and archive data from the collaboration platform to user mailboxes in your Microsoft 365 organization. Globanet provides a [Jive](https://globanet.com/jive/) connector that is configured to capture items from the third-party data source (on a regular basis) and then import those items to Microsoft 365. The connector converts content such as email messages, chats, and attachments from a user's Jive account to an email message format and then imports those items to the user's mailbox in Microsoft 365.
+Use a Veritas connector in the Microsoft 365 compliance center to import and archive data from the collaboration platform to user mailboxes in your Microsoft 365 organization. Veritas provides a [Jive](https://globanet.com/jive/) connector that is configured to capture items from the third-party data source (on a regular basis) and then import those items to Microsoft 365. The connector converts content such as email messages, chats, and attachments from a user's Jive account to an email message format and then imports those items to the user's mailbox in Microsoft 365.
After Jive data is stored in user mailboxes, you can apply Microsoft 365 compliance features such as Litigation Hold, eDiscovery, retention policies and retention labels, and communication compliance. Using a Jive connector to import and archive data in Microsoft 365 can help your organization stay compliant with government and regulatory policies.
The following overview explains the process of using a connector to archive the
1. Your organization works with Jive to set up and configure a Jive site.
-2. Once every 24 hours, items from Jive are copied to the Globanet Merge1 site. The connector also converts the content of Jive items to an email message format.
+2. Once every 24 hours, items from Jive are copied to the Veritas Merge1 site. The connector also converts the content of Jive items to an email message format.
-3. The Jive connector that you create in the Microsoft 365 compliance center connects to the Globanet Merge1 site every day and transfers the content to a secure Azure Storage location in the Microsoft cloud.
+3. The Jive connector that you create in the Microsoft 365 compliance center connects to the Veritas Merge1 site every day and transfers the content to a secure Azure Storage location in the Microsoft cloud.
4. The connector imports the converted items to the mailboxes of specific users by using the value of the *Email* property of the automatic user mapping as described in [Step 3](#step-3-map-users-and-complete-the-connector-setup). A new subfolder in the Inbox folder named **Jive** is created in the user mailboxes, and the items are imported to that folder. The connector does this by using the value of the *Email* property. Every Jive item contains this property, which is populated with the email address of every participant of the item. ## Before you begin -- Create a Globanet Merge1 account for Microsoft connectors. To create this account, contact [globanet customer support](https://globanet.com/ms-connectors-contact/). You will sign into this account when you create the connector in Step 1.
+- Create a Veritas Merge1 account for Microsoft connectors. To create this account, contact [Veritas Customer Support](https://www.veritas.com/content/support/). You will sign into this account when you create the connector in Step 1.
- The user who creates the Jive connector in Step 1 (and completes it in Step 3) must be assigned to the Mailbox Import Export role in Exchange Online. This role is required to add connectors on the **Data connectors** page in the Microsoft 365 compliance center. By default, this role is not assigned to a role group in Exchange Online. You can add the Mailbox Import Export role to the Organization Management role group in Exchange Online. Or you can create a role group, assign the Mailbox Import Export role, and then add the appropriate users as members. For more information, see the [Create role groups](/Exchange/permissions-exo/role-groups#create-role-groups) or [Modify role groups](/Exchange/permissions-exo/role-groups#modify-role-groups) sections in the article "Manage role groups in Exchange Online".
compliance Archive Mssqldatabaseimporter Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-mssqldatabaseimporter-data.md
description: "Admins can set up a connector to import and archive data from MS S
# Set up a connector to archive data from MS SQL Database
-Use a Globanet connector in the Microsoft 365 compliance center to import and archive data from MS SQL Database to user mailboxes in your Microsoft 365 organization. Globanet provides you with an MS SQL Database Importer connector that's configured to capture items from a database using an XML configuration file and import those items to Microsoft 365. The connector converts content from MS SQL Database to an email message format and then imports those items to user mailboxes in Microsoft 365.
+Use a Veritas connector in the Microsoft 365 compliance center to import and archive data from MS SQL Database to user mailboxes in your Microsoft 365 organization. Veritas provides you with an MS SQL Database Importer connector that's configured to capture items from a database using an XML configuration file and import those items to Microsoft 365. The connector converts content from MS SQL Database to an email message format and then imports those items to user mailboxes in Microsoft 365.
After content from MS SQL Database stored in user mailboxes, you can apply Microsoft 365 compliance features such as Litigation Hold, eDiscovery, retention policies and retention labels. Using an MS SQL Database connector to import and archive data in Microsoft 365 can help your organization stay compliant with government and regulatory policies.
The following overview explains the process of using a connector to archive MS S
1. Your organization works with an MS SQL Database provider to set up and configure an MS SQL Database site.
-2. Once every 24 hours, MS SQL Database items are copied to the Globanet Merge1 site. The connector also converts this content to an email message format.
+2. Once every 24 hours, MS SQL Database items are copied to the Veritas Merge1 site. The connector also converts this content to an email message format.
-3. The MS SQL Database Importer connector that you create in the Microsoft 365 compliance center, connects to the Globanet Merge1 site every day and transfers the messages to a secure Azure Storage location in the Microsoft cloud.
+3. The MS SQL Database Importer connector that you create in the Microsoft 365 compliance center, connects to the Veritas Merge1 site every day and transfers the messages to a secure Azure Storage location in the Microsoft cloud.
4. The connector imports the converted MS SQL Database items to the mailboxes of specific users using the value of the *Email* property of the automatic user mapping as described in [Step 3](#step-3-map-users-and-complete-the-connector-setup). A subfolder in the Inbox folder named **MS SQL Database Importer** is created in the user mailboxes, and the items are imported to that folder. The connector determines which mailbox to import items to by using the value of the *Email* property. Every item from the MS SQL Database contains this property, which is populated with the email address of every participant of the item. ## Before you begin -- Create a Globanet Merge1 account for Microsoft connectors. To create an account, contact [Globanet Customer Support](https://globanet.com/contact-us/). You need to sign into this account when you create the connector in Step 1.
+- Create a Veritas Merge1 account for Microsoft connectors. To create an account, contact [Veritas Customer Support](https://www.veritas.com/content/support/). You need to sign into this account when you create the connector in Step 1.
- The user who creates the MS SQL Database Importer connector in Step 1 (and completes it in Step 3) must be assigned to the Mailbox Import Export role in Exchange Online. This role is required to add connectors on the Data connectors page in the Microsoft 365 compliance center. By default, this role is not assigned to any role group in Exchange Online. You can add the Mailbox Import Export role to the Organization Management role group in Exchange Online. Or you can create a role group, assign the Mailbox Import Export role, and then add the appropriate users as members. For more information, see the [Create role groups](/Exchange/permissions-exo/role-groups#create-role-groups) or [Modify role groups](/Exchange/permissions-exo/role-groups#modify-role-groups) sections in the article "Manage role groups in Exchange Online".
The first step is to access to the **Data Connectors** page in the Microsoft365
5. Sign in to your Merge1 account to configure the connector.
-## Step 2: Configure the MS SQL Database Importer connector on the Globanet Merge1 site
+## Step 2: Configure the MS SQL Database Importer connector on the Veritas Merge1 site
The second step is to configure the MS SQL Database Importer connector on the Merge1 site. For information about how to configure the MS SQL Database Importer, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20MS%20SQL%20Database%20Importer%20User%20Guide%20.pdf).
compliance Archive Pivot Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-pivot-data.md
localization_priority: Normal
-description: "Admins can set up a connector to import and archive Pivot data from Globanet in Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365 so you can use compliance features such as legal hold, content search, and retention policies to manage your organization's third-party data."
+description: "Admins can set up a connector to import and archive Pivot data from Veritas in Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365 so you can use compliance features such as legal hold, content search, and retention policies to manage your organization's third-party data."
# Set up a connector to archive Pivot data
-Use a Globanet connector in the Microsoft 365 compliance center to import and archive data from the Pivot platform to user mailboxes in your Microsoft 365 organization. Globanet provides you with a [Pivot](https://globanet.com/pivot/) connector that is configured to capture items from the third-party data source (on a regular basis) and then import those items to Microsoft 365. Pivot is an instant messaging platform that allows collaboration with financial market participants. The connector converts items such as chat messages, from a users' Pivot accounts to an email message format and then imports those items to the user mailboxes in Microsoft 365.
+Use a Veritas connector in the Microsoft 365 compliance center to import and archive data from the Pivot platform to user mailboxes in your Microsoft 365 organization. Veritas provides you with a [Pivot](https://globanet.com/pivot/) connector that is configured to capture items from the third-party data source (on a regular basis) and then import those items to Microsoft 365. Pivot is an instant messaging platform that allows collaboration with financial market participants. The connector converts items such as chat messages, from a users' Pivot accounts to an email message format and then imports those items to the user mailboxes in Microsoft 365.
After Pivot data is stored in user mailboxes, you can apply Microsoft 365 compliance features such as Litigation Hold, eDiscovery, retention policies and retention labels, and communication compliance. Using a Pivot connector to import and archive data in Microsoft 365 can help your organization stay compliant with government and regulatory policies.
The following overview explains the process of using a connector to archive the
1. Your organization works with Pivot to set up and configure a Pivot source site.
-2. Once every 24 hours, Pivot items are copied to the Globanet Merge1 site. The connector also converts the Pivot items to an email message format.
+2. Once every 24 hours, Pivot items are copied to the Veritas Merge1 site. The connector also converts the Pivot items to an email message format.
-3. The Pivot connector that you create in the Microsoft 365 compliance center, connects to the Globanet Merge1 site every day and transfers the Pivot items to a secure Azure Storage location in the Microsoft cloud.
+3. The Pivot connector that you create in the Microsoft 365 compliance center, connects to the Veritas Merge1 site every day and transfers the Pivot items to a secure Azure Storage location in the Microsoft cloud.
4. The connector imports the Pivot items to the mailboxes of specific users by using the value of the *Email* property of the automatic user mapping as described in [Step 3](#step-3-map-users-and-complete-the-connector-setup). A subfolder in the Inbox folder named **Pivot** is created in the user mailboxes, and the items are imported to that folder. The connector does this by using the value of the *Email* property. Every Pivot item contains this property, which is populated with the email address of every participant of the item. ## Before you begin -- Create a Globanet Merge1 account for Microsoft connectors. To create this account, contact [Globanet Customer Support](https://globanet.com/ms-connectors-contact/). You will sign into this account when you create the connector in Step 1.
+- Create a Veritas Merge1 account for Microsoft connectors. To create this account, contact [Veritas Customer Support](https://www.veritas.com/content/support/). You will sign into this account when you create the connector in Step 1.
- The user who creates the Pivot connector in Step 1 (and completes it in Step 3) must be assigned to the Mailbox Import Export role in Exchange Online. This role is required to add connectors on the Data connectors page in the Microsoft 365 compliance center. By default, this role is not assigned to a role group in Exchange Online. You can add the Mailbox Import Export role to the Organization Management role group in Exchange Online. Or you can create a role group, assign the Mailbox Import Export role, and then add the appropriate users as members. For more information, see the [Create role groups](/Exchange/permissions-exo/role-groups#create-role-groups) or [Modify role groups](/Exchange/permissions-exo/role-groups#modify-role-groups) sections in the article "Manage role groups in Exchange Online".
The first step is to access to the **Data Connectors** page in the Microsoft com
5. Sign in to your Merge1 account to configure the connector.
-## Step 2: Configure the Pivot connector on the Globanet Merge1 site
+## Step 2: Configure the Pivot connector on the Veritas Merge1 site
-The second step is to configure the Pivot connector on the Merge1 site. For information about how to configure the Pivot connector on the Globanet Merge1 site, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20Pivot%20User%20Guide%20.pdf).
+The second step is to configure the Pivot connector on the Merge1 site. For information about how to configure the Pivot connector on the Veritas Merge1 site, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20Pivot%20User%20Guide%20.pdf).
After you click **Save & Finish**, the **User mapping** page in the connector wizard in the Microsoft 365 compliance center is displayed.
compliance Archive Redtailspeak Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-redtailspeak-data.md
localization_priority: Normal
-description: "Admins can set up a connector to import and archive Red tail Speak data from Globanet to Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."
+description: "Admins can set up a connector to import and archive Red tail Speak data from Veritas to Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."
# Set up a connector to archive Redtail Speak data
-Use a Globanet connector in the Microsoft 365 compliance center to import and archive data from the Redtail Speak to user mailboxes in your Microsoft 365 organization. Globanet provides you with a [Redtail Speak](https://globanet.com/redtail/) connector that's configured to capture items from your organizationΓÇÖs SFTP server where the items are received from Redtail. The connector converts the content from Redtail Speak to an email message format and then imports those items to the user's mailbox in Microsoft 365.
+Use a Veritas connector in the Microsoft 365 compliance center to import and archive data from the Redtail Speak to user mailboxes in your Microsoft 365 organization. Veritas provides you with a [Redtail Speak](https://globanet.com/redtail/) connector that's configured to capture items from your organizationΓÇÖs SFTP server where the items are received from Redtail. The connector converts the content from Redtail Speak to an email message format and then imports those items to the user's mailbox in Microsoft 365.
After Redtail Speak data is stored in user mailboxes, you can apply Microsoft 365 compliance features such as Litigation Hold, eDiscovery, retention policies, and retention labels. Using a Redtail Speak connector to import and archive data in Microsoft 365 can help your organization stay compliant with government and regulatory policies.
The following overview explains the process of using a connector to archive the
1. Your organization works with Redtail Speak to set up and configure an SMTP gateway where messages are forwarded from Redtail Speak to your organization's SFTP server on a daily basis.
-2. Once every 24 hours, the Redtail Speak items are copied to the Globanet Merge1 site. The connector also converts the Redtail Speak items to an email message format.
+2. Once every 24 hours, the Redtail Speak items are copied to the Veritas Merge1 site. The connector also converts the Redtail Speak items to an email message format.
-3. The Redtail Speak connector that you create in the Microsoft 365 compliance center connects to the Globanet Merge1 site every day and transfers the messages to a secure Azure Storage location in the Microsoft cloud.
+3. The Redtail Speak connector that you create in the Microsoft 365 compliance center connects to the Veritas Merge1 site every day and transfers the messages to a secure Azure Storage location in the Microsoft cloud.
4. The connector imports the converted Redtail Speak items to the mailboxes of specific users using the value of the *Email* property of the automatic user mapping as described in [Step 3](#step-3-map-users-and-complete-the-connector-setup). A subfolder in the Inbox folder named **Redtail Speak** is created in the user mailboxes, and the items are imported to that folder. The connector determines which mailbox to import items to by using the value of the *Email* property. Every Redtail Speak item contains this property, which is populated with the email address of every participant of the item. ## Before you begin -- Create a Globanet Merge1 account for Microsoft connectors. To create an account, contact [Globanet Customer Support](https://globanet.com/contact-us/). You need to sign into this account when you create the connector in Step 1.
+- Create a Veritas Merge1 account for Microsoft connectors. To create an account, contact [Veritas Customer Support](https://www.veritas.com/content/support/). You need to sign into this account when you create the connector in Step 1.
-- In Step 2, you need to specify your organization's SFTP server. This step is necessary so that Globanet Merge1 can contact it to collect Redtail Speak data via SFTP.
+- In Step 2, you need to specify your organization's SFTP server. This step is necessary so that Veritas Merge1 can contact it to collect Redtail Speak data via SFTP.
- The user who creates the Redtail Speak Importer connector in Step 1 (and completes it in Step 3) must be assigned to the Mailbox Import Export role in Exchange Online. This role is required to add connectors on the Data connectors page in the Microsoft 365 compliance center. This role is not assigned to any role group in Exchange Online by default. You can add the Mailbox Import Export role to the Organization Management role group in Exchange Online. Or you can create a role group, assign the Mailbox Import Export role, and then add the appropriate users as members. For more information, see the [Create role groups](/Exchange/permissions-exo/role-groups#create-role-groups) or [Modify role groups](/Exchange/permissions-exo/role-groups#modify-role-groups) sections in the article "Manage role groups in Exchange Online".
The first step is to access to the **Data Connectors** page in the Microsoft 365
5. Sign in to your Merge1 account to configure the connector.
-## Step 2: Configure the Redtail Speak connector on the Globanet Merge1 site
+## Step 2: Configure the Redtail Speak connector on the Veritas Merge1 site
The second step is to configure the Redtail Speak connector on the Merge1 site. For information about how to configure the Redtail Speak connector, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20Redtail%20Speak%20User%20Guide%20.pdf).
compliance Archive Reutersdealing Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-reutersdealing-data.md
localization_priority: Normal
-description: "Admins can set up a connector to import and archive Reuters Dealing data from Globanet to Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."
+description: "Admins can set up a connector to import and archive Reuters Dealing data from Veritas to Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."
# Set up a connector to archive Reuters Dealing data
-Use a Globanet connector in the Microsoft 365 compliance center to import and archive data from the Reuters Dealing platform to user mailboxes in your Microsoft 365 organization. Globanet provides you with a [Reuters Dealing](https://globanet.com/reuters-dealing/) connector that's configured to capture items from the third-party data source (on a regular basis) and then import those items to Microsoft 365. The connector converts Dealing communications from the Reuters Dealing account to an email message format and then imports those items to the user's mailbox in Microsoft 365.
+Use a Veritas connector in the Microsoft 365 compliance center to import and archive data from the Reuters Dealing platform to user mailboxes in your Microsoft 365 organization. Veritas provides you with a [Reuters Dealing](https://globanet.com/reuters-dealing/) connector that's configured to capture items from the third-party data source (on a regular basis) and then import those items to Microsoft 365. The connector converts Dealing communications from the Reuters Dealing account to an email message format and then imports those items to the user's mailbox in Microsoft 365.
After Reuters Dealing data is stored in user mailboxes, you can apply Microsoft 365 compliance features such as Litigation Hold, eDiscovery, retention policies and retention labels, and communication compliance. Using a Reuters Dealing connector to import and archive data in Microsoft 365 can help your organization stay compliant with government and regulatory policies.
The following overview explains the process of using a connector to archive the
1. Your organization works with Reuters Dealing to set up and configure a Reuters Dealing site.
-2. Once every 24 hours, Reuters Dealing items are copied to the Globanet Merge1 site. The connector also converts the items to an email message format.
+2. Once every 24 hours, Reuters Dealing items are copied to the Veritas Merge1 site. The connector also converts the items to an email message format.
-3. The Reuters Dealing connector that you create in the Microsoft 365 compliance center connects to the Globanet Merge1 site every day and transfers the content to a secure Azure Storage location in the Microsoft cloud.
+3. The Reuters Dealing connector that you create in the Microsoft 365 compliance center connects to the Veritas Merge1 site every day and transfers the content to a secure Azure Storage location in the Microsoft cloud.
4. The connector imports items to the mailboxes of specific users by using the value of the *Email* property of the automatic user mapping as described in [Step 3](#step-3-map-users-and-complete-the-connector-setup). A subfolder in the Inbox folder named **Reuters Dealing** is created in the user mailboxes, and the items are imported to that folder. The connector determines which mailbox to import items to by using the value of the *Email* property. Every Reuters Dealing item contains this property, which is populated with the email address of every participant of the item. ## Before you begin -- Create a Globanet Merge1 account for Microsoft connectors. To create an account, contact [Globanet Customer Support](https://globanet.com/contact-us). You need to sign into this account when you create the connector in Step 1.
+- Create a Veritas Merge1 account for Microsoft connectors. To create an account, contact [Veritas Customer Support](https://globanet.com/contact-us). You need to sign into this account when you create the connector in Step 1.
- The user who creates the Reuters Dealing connector in Step 1 (and completes it in Step 3) must be assigned to the Mailbox Import Export role in Exchange Online. This role is required to add connectors on the **Data connectors** page in the Microsoft 365 compliance center. By default, this role is not assigned to any role group in Exchange Online. You can add the Mailbox Import Export role to the Organization Management role group in Exchange Online. Or you can create a role group, assign the Mailbox Import Export role, and then add the appropriate users as members. For more information, see the [Create role groups](/Exchange/permissions-exo/role-groups#create-role-groups) or [Modify role groups](/Exchange/permissions-exo/role-groups#modify-role-groups) sections in the article “Manage role groups in Exchange Online”.
The first step is to access to the **Data Connectors** page in the Microsoft 365
5. Sign to your Merge1 account to configure the connector.
-## Step 2: Configure the Reuters Dealing connector on the Globanet Merge1 site
+## Step 2: Configure the Reuters Dealing connector on the Veritas Merge1 site
-The second step is to configure the Reuters Dealing connector on Globanet the Merge1 site. For information about configuring the Reuters Dealing connector, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20Reuters%20Dealing%20User%20Guide%20.pdf).
+The second step is to configure the Reuters Dealing connector on Veritas the Merge1 site. For information about configuring the Reuters Dealing connector, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20Reuters%20Dealing%20User%20Guide%20.pdf).
After you click **Save & Finish**, the **User mapping** page in the connector wizard in the Microsoft 365 compliance center is displayed.
compliance Archive Reuterseikon Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-reuterseikon-data.md
localization_priority: Normal
-description: "Admins can set up a connector to import and archive Reuters Eikon data from Globanet in Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."
+description: "Admins can set up a connector to import and archive Reuters Eikon data from Veritas in Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."
# Set up a connector to archive Reuters Eikon data
-Use a Globanet connector in the Microsoft 365 compliance center to import and archive data from the Reuters Eikon platform to user mailboxes in your Microsoft 365 organization. Globanet provides a [Reuters Eikon](https://globanet.com/eikon/) connector that is configured to capture items from the third-party data source (on a regular basis) and import those items to Microsoft 365. The connector converts the content such as person-to-person messages, group chats, attachments, and disclaimers from a user's Reuters Eikon account to an email message format and then imports those items to the user's mailbox in Microsoft 365.
+Use a Veritas connector in the Microsoft 365 compliance center to import and archive data from the Reuters Eikon platform to user mailboxes in your Microsoft 365 organization. Veritas provides a [Reuters Eikon](https://globanet.com/eikon/) connector that is configured to capture items from the third-party data source (on a regular basis) and import those items to Microsoft 365. The connector converts the content such as person-to-person messages, group chats, attachments, and disclaimers from a user's Reuters Eikon account to an email message format and then imports those items to the user's mailbox in Microsoft 365.
After Reuters Eikon data is stored in user mailboxes, you can apply Microsoft 365 compliance features such as Litigation Hold, eDiscovery, retention policies and retention labels, and communication compliance. Using a Reuters Eikon connector to import and archive data in Microsoft 365 can help your organization stay compliant with government and regulatory policies.
The following overview explains the process of using a connector to archive Reut
1. Your organization works with Reuters Eikon to set up and configure a Reuters Eikon site.
-2. Once every 24 hours, Reuters Eikon items are copied to the Globanet Merge1 site. The connector also converts Reuters Eikon items to an email message format.
+2. Once every 24 hours, Reuters Eikon items are copied to the Veritas Merge1 site. The connector also converts Reuters Eikon items to an email message format.
-3. The Reuters Eikon connector that you create in the Microsoft 365 compliance center connects to the Globanet Merge1 site every day and transfers the content to a secure Azure Storage location in the Microsoft cloud.
+3. The Reuters Eikon connector that you create in the Microsoft 365 compliance center connects to the Veritas Merge1 site every day and transfers the content to a secure Azure Storage location in the Microsoft cloud.
4. The connector imports items to the mailboxes of specific users by using the value of the *Email* property of the automatic user mapping as described in [Step 3](#step-3-map-users-and-complete-the-connector-setup). A subfolder in the Inbox folder named **Reuters Eikon** is created in the user mailboxes, and the items are imported to that folder. The connector determines which mailbox to import items to by using the value of the *Email* property. Every Reuters Eikon item contains this property, which is populated with the email address of every participant of the item. ## Before you begin -- Create a Globanet Merge1 account for Microsoft connectors. To create an account, contact [Globanet Customer Support](https://globanet.com/ms-connectors-contact). You will sign into this account when you create the connector in Step 1.
+- Create a Veritas Merge1 account for Microsoft connectors. To create an account, contact [Veritas Customer Support](https://globanet.com/ms-connectors-contact). You will sign into this account when you create the connector in Step 1.
- The user who creates the Reuters Eikon connector in Step 1 (and completes it in Step 3) must be assigned to the Mailbox Import Export role in Exchange Online. This role is required to add connectors on the **Data connectors** page in the Microsoft 365 compliance center. By default, this role is not assigned to a role group in Exchange Online. You can add the Mailbox Import Export role to the Organization Management role group in Exchange Online. Or you can create a role group, assign the Mailbox Import Export role, and then add the appropriate users as members. For more information, see the [Create role groups](/Exchange/permissions-exo/role-groups#create-role-groups) or [Modify role groups](/Exchange/permissions-exo/role-groups#modify-role-groups) sections in the article "Manage role groups in Exchange Online".
The first step is to access to the **Data Connectors** page in the Microsoft 365
5. Sign in to your Merge1 account to configure the connector.
-## Step 2: Configure the Reuters Eikon connector on the Globanet Merge1 site
+## Step 2: Configure the Reuters Eikon connector on the Veritas Merge1 site
-The second step is to configure the Reuters Eikon connector on the Merge1 site. For information about how to configure the Reuters Eikon connector on the Globanet Merge1 site, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20Reuters%20Eikon%20User%20Guide%20.pdf).
+The second step is to configure the Reuters Eikon connector on the Merge1 site. For information about how to configure the Reuters Eikon connector on the Veritas Merge1 site, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20Reuters%20Eikon%20User%20Guide%20.pdf).
After you click **Save & Finish**, the **User mapping** page in the connector wizard in the Microsoft 365 compliance center is displayed.
compliance Archive Reutersfx Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-reutersfx-data.md
localization_priority: Normal
-description: "Admins can set up a connector to import and archive Reuters FX data from Globanet to Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."
+description: "Admins can set up a connector to import and archive Reuters FX data from Veritas to Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."
# Set up a connector to archive Reuters FX data
-Use a Globanet connector in the Microsoft 365 compliance center to import and archive data from the Reuters FX platform to user mailboxes in your Microsoft 365 organization. Globanet provides you with a [Reuters FX](https://globanet.com/reuters-fx/) connector that is configured to capture items from the third-party data source (on a regular basis) and then import those items to Microsoft 365. The connector converts the currencies and FX rates from the Reuters FX account to an email message format and then imports those items to the user's mailbox in Microsoft 365.
+Use a Veritas connector in the Microsoft 365 compliance center to import and archive data from the Reuters FX platform to user mailboxes in your Microsoft 365 organization. Veritas provides you with a [Reuters FX](https://globanet.com/reuters-fx/) connector that is configured to capture items from the third-party data source (on a regular basis) and then import those items to Microsoft 365. The connector converts the currencies and FX rates from the Reuters FX account to an email message format and then imports those items to the user's mailbox in Microsoft 365.
After Reuters FX data is stored in user mailboxes, you can apply Microsoft 365 compliance features such as Litigation Hold, eDiscovery, retention policies and retention labels, and communication compliance. Using a Reuters FX connector to import and archive data in Microsoft 365 can help your organization stay compliant with government and regulatory policies.
The following overview explains the process of using a connector to archive Reut
1. Your organization works with Reuters FX to set up and configure a Reuters FX site.
-2. Once every 24 hours, Reuters FX items are copied to the Globanet Merge1 site. The connector also converts the items to an email message format.
+2. Once every 24 hours, Reuters FX items are copied to the Veritas Merge1 site. The connector also converts the items to an email message format.
-3. The Reuters FX connector that you create in the Microsoft 365 compliance center, connects to the Globanet Merge1 site every day and transfers the content to a secure Azure Storage location in the Microsoft cloud.
+3. The Reuters FX connector that you create in the Microsoft 365 compliance center, connects to the Veritas Merge1 site every day and transfers the content to a secure Azure Storage location in the Microsoft cloud.
4. The connector imports the items to the mailboxes of specific users using the value of the *Email* property of the automatic user mapping as described in [Step 3](#step-3-map-users-and-complete-the-connector-setup). A subfolder in the Inbox folder named **Reuters FX** is created in the user mailboxes, and the items are imported to that folder. The connector determines which mailbox to import items to by using the value of the *Email* property. Every Reuters FX item contains this property, which is populated with the email address of every participant of the item. ## Before you begin -- Create a Globanet Merge1 account for Microsoft connectors. To create an account, contact [Globanet Customer Support](https://globanet.com/contact-us). You need to sign into this account when you create the connector in Step 1.
+- Create a Veritas Merge1 account for Microsoft connectors. To create an account, contact [Veritas Customer Support](https://globanet.com/contact-us). You need to sign into this account when you create the connector in Step 1.
- The user who creates the Reuters FX connector in Step 1 (and completes it in Step 3) must be assigned to the Mailbox Import Export role in Exchange Online. This role is required to add connectors on the **Data connectors** page in the Microsoft 365 compliance center. By default, this role is not assigned to any role group in Exchange Online. You can add the Mailbox Import Export role to the Organization Management role group in Exchange Online. Or you can create a role group, assign the Mailbox Import Export role, and then add the appropriate users as members. For more information, see the [Create role groups](/Exchange/permissions-exo/role-groups#create-role-groups) or [Modify role groups](/Exchange/permissions-exo/role-groups#modify-role-groups) sections in the article “Manage role groups in Exchange Online”.
The first step is to access to the **Data Connectors** page in the Microsoft 365
5. Sign to your Merge1 account to configure the connector.
-## Step 2: Configure the Reuters FX connector on the Globanet Merge1 site
+## Step 2: Configure the Reuters FX connector on the Veritas Merge1 site
-The second step is to configure the Reuters FX connector on the Globanet Merge1 site. For information about configuring the Reuters FX connector, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20Reuters%20FX%20User%20Guide%20.pdf).
+The second step is to configure the Reuters FX connector on the Veritas Merge1 site. For information about configuring the Reuters FX connector, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20Reuters%20FX%20User%20Guide%20.pdf).
After you click **Save & Finish**, the **User mapping** page in the connector wizard in the Microsoft 365 compliance center is displayed.
compliance Archive Salesforcechatter Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-salesforcechatter-data.md
localization_priority: Normal
-description: "Admins can set up a connector to import and archive Salesforce Chatter data from Globanet to Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."
+description: "Admins can set up a connector to import and archive Salesforce Chatter data from Veritas to Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."
# Set up a connector to archive Salesforce Chatter data
-Use a Globanet connector in the Microsoft 365 compliance center to import and archive data from the Salesforce Chatter platform to user mailboxes in your Microsoft 365 organization. Globanet provides a [Salesforce Chatter](http://globanet.com/chatter/) connector that captures items from the third-party data source and imports those items to Microsoft 365. The connector converts the content such as chats, attachments, and posts from Salesforce Chatter to an email message format and then imports those items to the userΓÇÖs mailbox in Microsoft 365.
+Use a Veritas connector in the Microsoft 365 compliance center to import and archive data from the Salesforce Chatter platform to user mailboxes in your Microsoft 365 organization. Veritas provides a [Salesforce Chatter](http://globanet.com/chatter/) connector that captures items from the third-party data source and imports those items to Microsoft 365. The connector converts the content such as chats, attachments, and posts from Salesforce Chatter to an email message format and then imports those items to the userΓÇÖs mailbox in Microsoft 365.
After Salesforce Chatter data is stored in user mailboxes, you can apply Microsoft 365 compliance features such as Litigation Hold, eDiscovery, retention policies and retention labels. Using a Salesforce Chatter connector to import and archive data in Microsoft 365 can help your organization stay compliant with government and regulatory policies.
The following overview explains the process of using a connector to archive the
1. Your organization works with Salesforce Chatter to set up and configure a Salesforce Chatter site.
-2. Once every 24 hours, Salesforce Chatter items are copied to the Globanet Merge1 site. The connector also Salesforce Chatter items to an email message format.
+2. Once every 24 hours, Salesforce Chatter items are copied to the Veritas Merge1 site. The connector also Salesforce Chatter items to an email message format.
-3. The Salesforce Chatter connector that you create in the Microsoft 365 compliance center, connects to the Globanet Merge1 site every day and transfers the Chatter content to a secure Azure Storage location in the Microsoft cloud.
+3. The Salesforce Chatter connector that you create in the Microsoft 365 compliance center, connects to the Veritas Merge1 site every day and transfers the Chatter content to a secure Azure Storage location in the Microsoft cloud.
4. The connector imports the converted items to the mailboxes of specific users using the value of the *Email* property of the automatic user mapping as described in [Step 3](#step-3-map-users-and-complete-the-connector-setup). A subfolder in the Inbox folder named **Salesforce Chatter** is created in the user mailboxes, and items are imported to that folder. The connector determines which mailbox to import items to by using the value of the *Email* property. Every Chatter item contains this property, which is populated with the email address of every participant of the item. ## Before you begin -- Create a Merge1 account for Microsoft connectors. To create an account, contact [Globanet Customer Support](https://globanet.com/contact-us/). You need to sign into this account when you create the connector in Step 1.
+- Create a Merge1 account for Microsoft connectors. To create an account, contact [Veritas Customer Support](https://www.veritas.com/content/support/). You need to sign into this account when you create the connector in Step 1.
- Create a Salesforce application and acquire a token at [https://salesforce.com](https://salesforce.com). You'll need to log into the Salesforce account as an admin and get a user personal token to import data. Also, triggers need to be published on the Chatter site to capture updates, deletes, and edits. These triggers will create a post on a channel, and Merge1 will capture the information from the channel. For step-by-step instructions about how to create the application and acquire the token, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20SalesForce%20Chatter%20User%20Guide%20.pdf).
The first step is to access to the **Data Connectors** page in the Microsoft 365
5. Sign in to your Merge1 account to configure the connector.
-## Step 2: Configure the Salesforce Chatter on the Globanet Merge1 site
+## Step 2: Configure the Salesforce Chatter on the Veritas Merge1 site
-The second step is to configure the Salesforce Chatter connector on the Globanet Merge1 site. For information about how to configure the Salesforce Chatter connector, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20SalesForce%20Chatter%20User%20Guide%20.pdf).
+The second step is to configure the Salesforce Chatter connector on the Veritas Merge1 site. For information about how to configure the Salesforce Chatter connector, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20SalesForce%20Chatter%20User%20Guide%20.pdf).
After you click **Save & Finish,** the **User mapping** page in the connector wizard in the Microsoft 365 compliance center is displayed.
compliance Archive Servicenow Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-servicenow-data.md
localization_priority: Normal
-description: "Admins can set up a connector to import and archive ServiceNow data from Globanet to Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."
+description: "Admins can set up a connector to import and archive ServiceNow data from Veritas to Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."
# Set up a connector to archive ServiceNow data
-Use a Globanet connector in the Microsoft 365 compliance center to import and archive data from the ServiceNow platform to user mailboxes in your Microsoft 365 organization. Globanet provides a [ServiceNow](https://globanet.com/servicenow/) connector that captures items from the third-party data source and import those items to Microsoft 365. The connector converts the content such as live messages, attachments, and posts from ServiceNow to an email message format and then imports those items to user mailboxes in Microsoft 365.
+Use a Veritas connector in the Microsoft 365 compliance center to import and archive data from the ServiceNow platform to user mailboxes in your Microsoft 365 organization. Veritas provides a [ServiceNow](https://globanet.com/servicenow/) connector that captures items from the third-party data source and import those items to Microsoft 365. The connector converts the content such as live messages, attachments, and posts from ServiceNow to an email message format and then imports those items to user mailboxes in Microsoft 365.
After ServiceNow data is stored in user mailboxes, you can apply Microsoft 365 compliance features such as Litigation Hold, eDiscovery, retention policies, and retention labels. Using a ServiceNow connector to import and archive data in Microsoft 365 can help your organization stay compliant with government and regulatory policies.
The following overview explains the process of using a connector to archive the
1. Your organization works with ServiceNow to set up and configure a ServiceNow site.
-2. Once every 24 hours, ServiceNow items are copied to the Globanet Merge1 site. The connector also converts ServiceNow items to an email message format.
+2. Once every 24 hours, ServiceNow items are copied to the Veritas Merge1 site. The connector also converts ServiceNow items to an email message format.
-3. The ServiceNow connector that you create in the Microsoft 365 compliance center connects to the Globanet Merge1 site every day and transfers the ServiceNow content to a secure Azure Storage location in the Microsoft cloud.
+3. The ServiceNow connector that you create in the Microsoft 365 compliance center connects to the Veritas Merge1 site every day and transfers the ServiceNow content to a secure Azure Storage location in the Microsoft cloud.
4. The connector imports the converted items to the mailboxes of specific users using the value of the *Email* property of the automatic user mapping as described in [Step 3](#step-3-map-users-and-complete-the-connector-setup). A subfolder in the Inbox folder named **ServiceNow** is created in the user mailboxes, and items are imported to that folder. The connector determines which mailbox to import items to by using the value of the *Email* property. Every ServiceNow item contains this property, which is populated with the email address of every participant of the item. ## Before you begin -- Create a Merge1 account for Microsoft connectors. To create an account, contact [Globanet Customer Support](https://globanet.com/contact-us/). You need to sign into this account when you create the connector in Step 1.
+- Create a Merge1 account for Microsoft connectors. To create an account, contact [Veritas Customer Support](https://www.veritas.com/content/support/). You need to sign into this account when you create the connector in Step 1.
- Create a ServiceNow application to fetch data from your ServiceNow account. For step-by step instructions about creating the application, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20ServiceNow%20User%20Guide%20.pdf).
The first step is to access to the **Data Connectors** page in the Microsoft 365
5. Sign in to your Merge1 account to configure the connector.
-## Step 2: Configure the ServiceNow on the Globanet Merge1 site
+## Step 2: Configure the ServiceNow on the Veritas Merge1 site
-The second step is to configure the ServiceNow connector on the Globanet Merge1 site. For information about how to configure the ServiceNow connector, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20ServiceNow%20User%20Guide%20.pdf).
+The second step is to configure the ServiceNow connector on the Veritas Merge1 site. For information about how to configure the ServiceNow connector, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20ServiceNow%20User%20Guide%20.pdf).
After you click **Save & Finish,** the **User mapping** page in the connector wizard in the Microsoft 365 compliance center is displayed.
compliance Archive Slack Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-slack-data.md
localization_priority: Normal
-description: "Admins can set up a connector to import and archive data from Globanet Slack eDiscovery into Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."
+description: "Admins can set up a connector to import and archive data from Veritas Slack eDiscovery into Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."
# Set up a connector to archive Slack eDiscovery data
-Use a Globanet connector in the Microsoft 365 compliance center to import and archive third-party data from social media, instant messaging, and document collaboration platforms to mailboxes in your Microsoft 365 organization. Globanet provides a [Slack](https://globanet.com/slack/) connector that's configured to capture items from the third-party data source (on a regular basis) and then import those items to Microsoft 365. Slack pulls messages and files from the Slack API and converts them to an email message format and then imports the item to user mailboxes.
+Use a Veritas connector in the Microsoft 365 compliance center to import and archive third-party data from social media, instant messaging, and document collaboration platforms to mailboxes in your Microsoft 365 organization. Veritas provides a [Slack](https://globanet.com/slack/) connector that's configured to capture items from the third-party data source (on a regular basis) and then import those items to Microsoft 365. Slack pulls messages and files from the Slack API and converts them to an email message format and then imports the item to user mailboxes.
After Slack eDiscovery data is stored in user mailboxes, you can apply Microsoft 365 compliance features such as Litigation Hold, eDiscovery, retention policies and retention labels, and communication compliance. Using a Slack connector to import and archive data in Microsoft 365 can help your organization stay compliant with government and regulatory policies.
The following overview explains the process of using a connector to archive the
1. Your organization works with Slack to set up and configure a Slack site.
-2. Once every 24 hours, chat messages from Slack eDiscovery are copied to the Globanet Merge1 site. The connector also converts the content of a chat message to an email message format.
+2. Once every 24 hours, chat messages from Slack eDiscovery are copied to the Veritas Merge1 site. The connector also converts the content of a chat message to an email message format.
-3. The Slack eDiscovery connector that you create in the Microsoft 365 compliance center, connects to the Globanet Merge1 site every day and transfers the chat messages to a secure Azure Storage location in the Microsoft cloud.
+3. The Slack eDiscovery connector that you create in the Microsoft 365 compliance center, connects to the Veritas Merge1 site every day and transfers the chat messages to a secure Azure Storage location in the Microsoft cloud.
4. The connector imports the converted chat message items to the mailboxes of specific users using the value of the *Email* property and automatic user mapping, as described in Step 3. A new subfolder in the Inbox folder named **Slack eDiscovery** is created in the user mailboxes, and the chat message items are imported to that folder. The connector determines which mailbox to import items to by using the value of the *Email* property. Every chat message contains this property, which is populated with the email address of every participant of the chat message. ## Before you begin -- Create a Globanet Merge1 account for Microsoft connectors. To create an account, contact [Globanet Customer Support](https://globanet.com/ms-connectors-contact). You will sign into this account when you create the connector in Step 1.
+- Create a Veritas Merge1 account for Microsoft connectors. To create an account, contact [Veritas Customer Support](https://globanet.com/ms-connectors-contact). You will sign into this account when you create the connector in Step 1.
- Obtain the username and password for your organization's Slack enterprise account. You'll need to sign into this account in Step 2 when you configure Slack.
The first step is to access to the **Data Connectors** page in the Microsoft 365
## Step 2: Configure Slack eDiscovery
-The second step is to configure the Slack eDiscovery connector on the Merge1 site. For more information about how to configure the Slack eDiscovery connector on the Globanet Merge1 site, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20Slack%20eDiscovery%20User%20Guide.pdf).
+The second step is to configure the Slack eDiscovery connector on the Merge1 site. For more information about how to configure the Slack eDiscovery connector on the Veritas Merge1 site, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20Slack%20eDiscovery%20User%20Guide.pdf).
After you click **Save & Finish**, the **User mapping** page in the connector wizard in the Microsoft 365 compliance center is displayed.
compliance Archive Symphony Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-symphony-data.md
localization_priority: Normal
-description: "Admins can set up a connector to import and archive data from Globanet Symphony into Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."
+description: "Admins can set up a connector to import and archive data from Veritas Symphony into Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."
# Set up a connector to archive Symphony data
-Use a Globanet connector in the Microsoft 365 compliance center to import and archive Symphony data to user mailboxes in your Microsoft 365 organization. Symphony is a messaging and collaboration platform used in the financial services industry. Globanet provides a [Symphony](https://globanet.com/symphony) data connector in the Microsoft 365 compliance center that you can configure to capture items from the third-party data source (on a regular basis) and then import those items to user mailboxes. The connector converts the content of an item from the Symphony account to an email message format and then imports the item to a mailbox in Microsoft 365.
+Use a Veritas connector in the Microsoft 365 compliance center to import and archive Symphony data to user mailboxes in your Microsoft 365 organization. Symphony is a messaging and collaboration platform used in the financial services industry. Veritas provides a [Symphony](https://globanet.com/symphony) data connector in the Microsoft 365 compliance center that you can configure to capture items from the third-party data source (on a regular basis) and then import those items to user mailboxes. The connector converts the content of an item from the Symphony account to an email message format and then imports the item to a mailbox in Microsoft 365.
After Symphony communications are stored in user mailboxes, you can apply Microsoft 365 compliance features such as Litigation Hold, eDiscovery, retention policies and retention labels, and communication compliance. Using a Symphony connector to import and archive data in Microsoft 365 can help your organization stay compliant with government and regulatory policies.
The following overview explains the process of using a data connector to archive
1. Your organization works with Symphony to set up and configure a Symphony site.
-2. Once every 24 hours, chat messages from Symphony are copied to the Globanet Merge1 site. The connector also converts the content of a chat message to an email message format.
+2. Once every 24 hours, chat messages from Symphony are copied to the Veritas Merge1 site. The connector also converts the content of a chat message to an email message format.
-3. The Symphony connector that you create in the Microsoft 365 compliance center, connects to the Globanet Merge1 site every day and transfers the messages to a secure Azure Storage location in the Microsoft cloud.
+3. The Symphony connector that you create in the Microsoft 365 compliance center, connects to the Veritas Merge1 site every day and transfers the messages to a secure Azure Storage location in the Microsoft cloud.
4. The connector imports the converted message items to the mailboxes of specific users using the value of the *Email* property of the automatic user mapping as described in Step 3. A new subfolder in the Inbox folder named **Symphony** is created in the user mailboxes, and the message items are imported to that folder. The connector determines which mailbox to import items to by using the value of the *Email* property. Every chat message contains this property, which is populated with the email address for every participant. ## Before you begin -- Create a Globanet Merge1 account for Microsoft connectors. To create an account, contact [Globanet Customer Support](https://globanet.com/ms-connectors-contact). You will sign into this account when you create the connector in Step 1.
+- Create a Veritas Merge1 account for Microsoft connectors. To create an account, contact [Veritas Customer Support](https://globanet.com/ms-connectors-contact). You will sign into this account when you create the connector in Step 1.
- The user who creates the Symphony connector in Step 1 (and completes it in Step 3) must be assigned to the Mailbox Import Export role in Exchange Online. This role is required to add connectors on the **Data connectors** page in the Microsoft 365 compliance center. By default, this role is not assigned to a role group in Exchange Online. You can add the Mailbox Import Export role to the Organization Management role group in Exchange Online. Or you can create a role group, assign the Mailbox Import Export role, and then add the appropriate users as members. For more information, see the [Create role groups](/Exchange/permissions-exo/role-groups#create-role-groups) or [Modify role groups](/Exchange/permissions-exo/role-groups#modify-role-groups) sections in the article "Manage role groups in Exchange Online".
The first step is to access to the **Data Connectors** page in the Microsoft 365
5. Sign in to your Merge1 account to configure the connector.
-## Configure the Symphony connector on the Globanet Merge1 site
+## Configure the Symphony connector on the Veritas Merge1 site
-The second step is to configure the Symphony connector on the Merge1 site. For information about configuring the Symphony connector on the Globanet Merge1 site, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20Symphony%20User%20Guide%20.pdf).
+The second step is to configure the Symphony connector on the Merge1 site. For information about configuring the Symphony connector on the Veritas Merge1 site, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20Symphony%20User%20Guide%20.pdf).
After you click **Save & Finish**, the **User mapping** page in the connector wizard in the Microsoft 365 compliance center is displayed.
compliance Archive Text Delimited Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-text-delimited-data.md
localization_priority: Normal
-description: "Admins can set up a connector to import and archive text-delimited data from Globanet into Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."
+description: "Admins can set up a connector to import and archive text-delimited data from Veritas into Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."
# Set up a connector to archive text-delimited data
-Use a Globanet connector in the Microsoft 365 compliance center to import and archive text-delimited data to user mailboxes in your Microsoft 365 organization. Globanet provides a [text-delimited connector](https://globanet.com/text-delimited) that's configured to capture items from a third-party data source (on a regular basis) and import those items to Microsoft 365. The connector converts content from the text-delimited data source to an email message format and then imports those items to the user's mailbox in Microsoft 365.
+Use a Veritas connector in the Microsoft 365 compliance center to import and archive text-delimited data to user mailboxes in your Microsoft 365 organization. Veritas provides a [text-delimited connector](https://globanet.com/text-delimited) that's configured to capture items from a third-party data source (on a regular basis) and import those items to Microsoft 365. The connector converts content from the text-delimited data source to an email message format and then imports those items to the user's mailbox in Microsoft 365.
After text-delimited data is stored in user mailboxes, you can apply Microsoft 365 compliance features such as Litigation Hold, eDiscovery, and retention policies and retention labels. Using a text-delimited data connector to import and archive data in Microsoft 365 can help your organization stay compliant with government and regulatory policies.
The following overview explains the process of using a connector to archive text
1. Your organization works with the text-delimited source to set up and configure a text-delimited site.
-2. Once every 24 hours, chat messages from the text-delimited source are copied to the Globanet Merge1 site. The connector also converts the content to an email message format.
+2. Once every 24 hours, chat messages from the text-delimited source are copied to the Veritas Merge1 site. The connector also converts the content to an email message format.
-3. The text-delimited connector that you create in the Microsoft 365 compliance center connects to the Globanet Merge1 site every day and transfers the messages to a secure Azure Storage location in the Microsoft cloud.
+3. The text-delimited connector that you create in the Microsoft 365 compliance center connects to the Veritas Merge1 site every day and transfers the messages to a secure Azure Storage location in the Microsoft cloud.
4. The connector imports the converted message items to the mailboxes of specific users using the value of the *Email* property of the automatic user mapping as described in Step 3. A new subfolder in the Inbox folder named **Text- Delimited** is created in the user mailboxes, and the message items are imported to that folder. The connector determines which mailbox to import items to by using the value of the *Email* property. Every message contains this property, which is populated with the email address of every participant. ## Before you begin -- Create a Globanet Merge1 account for Microsoft connectors. To create this account, contact [Globanet Customer Support](https://globanet.com/ms-connectors-contact). You will sign into this account when you create the connector in Step 1.
+- Create a Veritas Merge1 account for Microsoft connectors. To create this account, contact [Veritas Customer Support](https://globanet.com/ms-connectors-contact). You will sign into this account when you create the connector in Step 1.
- The user who creates the text-delimited connector in Step 1 (and completes it in Step 3) must be assigned to the Mailbox Import Export role in Exchange Online. This role is required to add connectors on the **Data connectors** page in the Microsoft 365 compliance center. By default, this role is not assigned to a role group in Exchange Online. You can add the Mailbox Import Export role to the Organization Management role group in Exchange Online. Or you can create a role group, assign the Mailbox Import Export role, and then add the appropriate users as members. For more information, see the [Create role groups](/Exchange/permissions-exo/role-groups#create-role-groups) or [Modify role groups](/Exchange/permissions-exo/role-groups#modify-role-groups) sections in the article "Manage role groups in Exchange Online".
The first step is to access to the **Data Connectors** page in the Microsoft 365
5. Sign in to your Merge1 account to configure the connector.
-## Step 2: Configure the Text-delimited connector on the Globanet Merge1 site
+## Step 2: Configure the Text-delimited connector on the Veritas Merge1 site
-The second step is to configure the text-delimited connector on the Merge1 site. For information about configuring the text-delimited connector on the Globanet Merge1 site, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20text-delimited%20User%20Guide%20.pdf).
+The second step is to configure the text-delimited connector on the Merge1 site. For information about configuring the text-delimited connector on the Veritas Merge1 site, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20text-delimited%20User%20Guide%20.pdf).
After you click **Save & Finish**, the **User mapping** page in the connector wizard in the Microsoft 365 compliance center is displayed.
compliance Archive Webexteams Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-webexteams-data.md
localization_priority: Normal
-description: "Admins can set up a connector to import and archive data from Globanet's Webex Teams connector in Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365 so you can use compliance features such as legal hold, content search, and retention policies to manage your organization's third-party data."
+description: "Admins can set up a connector to import and archive data from Veritas's Webex Teams connector in Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365 so you can use compliance features such as legal hold, content search, and retention policies to manage your organization's third-party data."
# Set up a connector to archive Webex Teams data
-Use a Globanet connector in the Microsoft 365 compliance center to import and archive data from Webex Teams to user mailboxes in your Microsoft 365 organization. Globanet provides a [Webex Teams](https://globanet.com/webex-teams/) connector that is configured to capture Webex Teams communication items and import them to Microsoft 365. The connector converts content from Webex Teams, such as 1:1 chats, group conversations, channel conversations, and attachments from your organization's Webex Teams account, to an email message format and then imports those items to the user's mailbox in Microsoft 365.
+Use a Veritas connector in the Microsoft 365 compliance center to import and archive data from Webex Teams to user mailboxes in your Microsoft 365 organization. Veritas provides a [Webex Teams](https://globanet.com/webex-teams/) connector that is configured to capture Webex Teams communication items and import them to Microsoft 365. The connector converts content from Webex Teams, such as 1:1 chats, group conversations, channel conversations, and attachments from your organization's Webex Teams account, to an email message format and then imports those items to the user's mailbox in Microsoft 365.
After Webex Teams data is stored in user mailboxes, you can apply Microsoft 365 compliance features such as Litigation Hold, eDiscovery, retention policies and retention labels, and communication compliance. Using a Webex Teams connector to import and archive data in Microsoft 365 can help your organization stay compliant with government and regulatory policies.
The following overview explains the process of using a connector to archive Webe
1. Your organization works with Webex Teams to set up and configure a Webex Teams site.
-2. Once every 24 hours, Webex Teams items are copied to the Globanet Merge1 site. The connector also converts the Webex Teams items to an email message format.
+2. Once every 24 hours, Webex Teams items are copied to the Veritas Merge1 site. The connector also converts the Webex Teams items to an email message format.
-3. The Webex Teams connector that you create in the Microsoft 365 compliance center, connects to the Globanet Merge1 every day, and transfers the Webex Teams items to a secure Azure Storage location in the Microsoft cloud.
+3. The Webex Teams connector that you create in the Microsoft 365 compliance center, connects to the Veritas Merge1 every day, and transfers the Webex Teams items to a secure Azure Storage location in the Microsoft cloud.
4. The connector imports items to the mailboxes of specific users by using the value of the *Email* property of the automatic user mapping as described in [Step 3](#step-3-map-users-and-complete-the-connector-setup). A subfolder in the Inbox folder named **Webex Teams** is created in the user mailboxes, and the items are imported to that folder. The connector does this by using the value of the *Email* property. Every Webex Teams item contains this property, which is populated with the email address of every participant of the item. ## Before you begin -- Create a Globanet Merge1 account for Microsoft connectors. To create this account, contact [Globanet Customer Support](https://globanet.com/ms-connectors-contact). You will sign into this account when you create the connector in Step 1.
+- Create a Veritas Merge1 account for Microsoft connectors. To create this account, contact [Veritas Customer Support](https://globanet.com/ms-connectors-contact). You will sign into this account when you create the connector in Step 1.
- Create an application at [https://developer.webex.com/](https://developer.webex.com) to fetch data from your Webex Teams account. For step-by step instructions about creating the application, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20Webex%20Teams%20User%20Guide%20.pdf)
The first step is to gain access to the **Data Connectors** and set up the [Webe
5. Sign in to your Merge1 account to configure the connector.
-## Step 2: Configure the Webex Teams connector on the Globanet Merge1 site
+## Step 2: Configure the Webex Teams connector on the Veritas Merge1 site
The second step is to configure the Webex Teams connector on the Merge1 site. For information about how to configure the Webex Teams connector, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20Webex%20Teams%20User%20Guide%20.pdf).
compliance Archive Webpagecapture Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-webpagecapture-data.md
localization_priority: Normal
-description: "Admins can set up a connector to import and archive Webpage Capture data from Globanet in Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365 so you can use compliance features such as legal hold, content search, and retention policies to manage your organization's third-party data."
+description: "Admins can set up a connector to import and archive Webpage Capture data from Veritas in Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365 so you can use compliance features such as legal hold, content search, and retention policies to manage your organization's third-party data."
# Set up a connector to archive webpage data
-Use a Globanet connector in the Microsoft 365 compliance center to import and archive data from webpages to user mailboxes in your Microsoft 365 organization. Globanet provides a [Webpage Capture](https://globanet.com/webpage-capture) connector that captures specific webpages (and any links on those pages) in a specific website or an entire domain. The connector converts the webpage content to a PDF, PNG, or custom file format and then attaches the converted files to an email message and then imports those email items to user mailboxes in Microsoft 365.
+Use a Veritas connector in the Microsoft 365 compliance center to import and archive data from webpages to user mailboxes in your Microsoft 365 organization. Veritas provides a [Webpage Capture](https://globanet.com/webpage-capture) connector that captures specific webpages (and any links on those pages) in a specific website or an entire domain. The connector converts the webpage content to a PDF, PNG, or custom file format and then attaches the converted files to an email message and then imports those email items to user mailboxes in Microsoft 365.
After webpage content is stored in user mailboxes, you can apply Microsoft 365 compliance features such as Litigation Hold, eDiscovery, and retention policies and retention labels. Using a Webpage Capture connector to import and archive data in Microsoft 365 can help your organization stay compliant with government and regulatory policies.
The following overview explains the process of using a connector to archive webp
1. Your organization works with the webpage source to set up and configure a Webpage Capture site.
-2. Once every 24 hours, the webpage sources items are copied to the Globanet Merge1 site. The connector also converts and attaches the content of a webpage to an email message.
+2. Once every 24 hours, the webpage sources items are copied to the Veritas Merge1 site. The connector also converts and attaches the content of a webpage to an email message.
-3. The Webpage Capture connector that you create in the Microsoft 365 compliance center, connects to the Globanet Merge1 site every day and transfers the webpage items to a secure Azure Storage location in the Microsoft cloud.
+3. The Webpage Capture connector that you create in the Microsoft 365 compliance center, connects to the Veritas Merge1 site every day and transfers the webpage items to a secure Azure Storage location in the Microsoft cloud.
-4. The connector imports the converted webpage items to the mailboxes of specific users by using the value of the *Email* property of the automatic user mapping as described in [Step 3](#step-3-map-users-and-complete-the-connector-setup). A subfolder in the Inbox folder named **Webpage Capture** is created in the user mailboxes, and the webpage items are imported to that folder. The connector does this by using the value of the *Email* property. Every webpage item contains this property, which is populated with the email addresses provided when you configure the Webpage Capture connector in [Step 2](#step-2-configure-the-webpage-capture-connector-on-the-globanet-merge1-site).
+4. The connector imports the converted webpage items to the mailboxes of specific users by using the value of the *Email* property of the automatic user mapping as described in [Step 3](#step-3-map-users-and-complete-the-connector-setup). A subfolder in the Inbox folder named **Webpage Capture** is created in the user mailboxes, and the webpage items are imported to that folder. The connector does this by using the value of the *Email* property. Every webpage item contains this property, which is populated with the email addresses provided when you configure the Webpage Capture connector in [Step 2](#step-2-configure-the-webpage-capture-connector-on-the-veritas-merge1-site).
## Before you begin -- Create a Globanet Merge1 account for Microsoft connectors. To create this account, contact [Globanet Customer Support](https://globanet.com/ms-connectors-contact/). You will sign into this account when you create the connector in Step 1.
+- Create a Veritas Merge1 account for Microsoft connectors. To create this account, contact [Veritas Customer Support](https://www.veritas.com/content/support/). You will sign into this account when you create the connector in Step 1.
-- You need to work with Globanet support to set up a custom file format to convert the webpage items to. For more information, see the Merge1 Third-Party Connectors User Guide in
+- You need to work with Veritas support to set up a custom file format to convert the webpage items to. For more information, see the [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20Web%20Page%20Capture%20User%20Guide%20.pdf).
- The user who creates the Webpage Capture connector in Step 1 (and completes it in Step 3) must be assigned to the Mailbox Import Export role in Exchange Online. This role is required to add connectors on the **Data connectors** page in the Microsoft 365 compliance center. By default, this role is not assigned to a role group in Exchange Online. You can add the Mailbox Import Export role to the Organization Management role group in Exchange Online. Or you can create a role group, assign the Mailbox Import Export role, and then add the appropriate users as members. For more information, see the [Create role groups](/Exchange/permissions-exo/role-groups#create-role-groups) or [Modify role groups](/Exchange/permissions-exo/role-groups#modify-role-groups) sections in the article "Manage role groups in Exchange Online".
The first step is to access to the **Data Connectors** and create a connector fo
5. Sign in to your Merge1 account to configure the connector.
-## Step 2: Configure the Webpage Capture connector on the Globanet Merge1 site
+## Step 2: Configure the Webpage Capture connector on the Veritas Merge1 site
-The second step is to configure the Webpage Capture connector on the Globanet Merge1 site. For information about how to configure the Webpage Capture connector, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20Web%20Page%20Capture%20User%20Guide%20.pdf).
+The second step is to configure the Webpage Capture connector on the Veritas Merge1 site. For information about how to configure the Webpage Capture connector, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20Web%20Page%20Capture%20User%20Guide%20.pdf).
After you click **Save & Finish**, the **User mapping** page in the connector wizard in the Microsoft 365 compliance center is displayed.
compliance Archive Workplacefromfacebook Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-workplacefromfacebook-data.md
localization_priority: Normal
-description: "Admins can set up a connector to import and archive data from Workplace from Facebook, which is archived on Globanet's Merge1 site, into Microsoft 365. Setting up a connector requires that you work with Globanet This connector lets you archive data from third-party data sources in Microsoft 365 so you can use compliance features such as legal hold, content search, and retention policies to manage your organization's third-party data."
+description: "Admins can set up a connector to import and archive data from Workplace from Facebook, which is archived on Veritas's Merge1 site, into Microsoft 365. Setting up a connector requires that you work with Veritas This connector lets you archive data from third-party data sources in Microsoft 365 so you can use compliance features such as legal hold, content search, and retention policies to manage your organization's third-party data."
# Set up a connector to archive Workplace from Facebook data
-Use a Globanet connector in the Microsoft 365 compliance center to import and archive data from Workplace from Facebook to user mailboxes in your Microsoft 365 organization. Globanet provides a [Workplace from Facebook](https://globanet.com/workplace/) connector that is configured to capture items from the third-party data source (on a regular basis) and import those items to Microsoft 365. The connector converts the content such as chats, attachments, posts, and videos from Workplace to an email message format and then imports those items to user mailboxes in Microsoft 365.
+Use a Veritas connector in the Microsoft 365 compliance center to import and archive data from Workplace from Facebook to user mailboxes in your Microsoft 365 organization. Veritas provides a [Workplace from Facebook](https://globanet.com/workplace/) connector that is configured to capture items from the third-party data source (on a regular basis) and import those items to Microsoft 365. The connector converts the content such as chats, attachments, posts, and videos from Workplace to an email message format and then imports those items to user mailboxes in Microsoft 365.
After Workplace data is stored in user mailboxes, you can apply Microsoft 365 compliance features such as Litigation Hold, eDiscovery, retention policies and retention labels, and communication compliance. Using Workplace from Facebook connector to import and archive data in Microsoft 365 can help your organization stay compliant with government and regulatory policies.
The following overview explains the process of using a connector to archive Work
1. Your organization works with Workplace from Facebook to set up and configure a Workplace site.
-2. Once every 24 hours, items from Workplace are copied to the Globanet Merge1 site. The connector also converts the content of these items to an email message format.
+2. Once every 24 hours, items from Workplace are copied to the Veritas Merge1 site. The connector also converts the content of these items to an email message format.
-3. The Workplace from Facebook connector that you create in the Microsoft 365 compliance center, connects to the Globanet Merge1 every day, and transfers the Workplace items to a secure Azure Storage location in the Microsoft cloud.
+3. The Workplace from Facebook connector that you create in the Microsoft 365 compliance center, connects to the Veritas Merge1 every day, and transfers the Workplace items to a secure Azure Storage location in the Microsoft cloud.
4. The connector imports the converted items to the mailboxes of specific users using the value of the *Email* property of the automatic user mapping as described in Step 3. A subfolder in the Inbox folder named **Workplace from Facebook** is created, and the Workplace items are imported to that folder. The connector does this by using the value of the *Email* property. Every Workplace item contains this property, which is populated with the email address of every chat or post participant. ## Before you begin -- Create a Globanet Merge1 account for Microsoft connectors. To create this account, contact [Globanet Customer Support](https://globanet.com/ms-connectors-contact). You will sign into this account when you create the connector in Step 1.
+- Create a Veritas Merge1 account for Microsoft connectors. To create this account, contact [Veritas Customer Support](https://globanet.com/ms-connectors-contact). You will sign into this account when you create the connector in Step 1.
- Create a custom integration at https://my.workplace.com/work/admin/apps/ to retrieve data from Workplace via APIs for compliance and eDiscovery purposes.
The first step is to access to the **Data Connectors** page in the Microsoft 365
5. Sign in to your Merge1 account to configure the connector.
-## Step 2: Configure the Workplace from Facebook connector on the Globanet Merge1 site
+## Step 2: Configure the Workplace from Facebook connector on the Veritas Merge1 site
The second step is to configure the Workplace from Facebook connector on the Merge1 site. For information about how to configure the Workplace from Facebook connector, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20Workplace%20from%20Facebook%20User%20Guide%20.pdf).
compliance Archive Xip Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-xip-data.md
localization_priority: Normal
-description: "Admins can set up a connector to import and archive XIP source data from Globanet to Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."
+description: "Admins can set up a connector to import and archive XIP source data from Veritas to Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."
# Set up a connector to archive XIP source data
-Use a Globanet connector in the Microsoft 365 compliance center to import and archive data from the XIP source platform to user mailboxes in your Microsoft 365 organization. Globanet provides a [XIP](https://globanet.com/xip/) connector that allows using an XIP file to import items to Microsoft 365. An XIP file is similar to a ZIP file, but allows for a digital signature to be used. The digital signature is verified by the Globanet Merge 1 before the XIP source file is extracted. The connector converts the content from the XIP source file to an email message format and then imports those items to the user's mailbox in Microsoft 365.
+Use a Veritas connector in the Microsoft 365 compliance center to import and archive data from the XIP source platform to user mailboxes in your Microsoft 365 organization. Veritas provides a [XIP](https://globanet.com/xip/) connector that allows using an XIP file to import items to Microsoft 365. An XIP file is similar to a ZIP file, but allows for a digital signature to be used. The digital signature is verified by the Veritas Merge 1 before the XIP source file is extracted. The connector converts the content from the XIP source file to an email message format and then imports those items to the user's mailbox in Microsoft 365.
After XIP source data is stored in user mailboxes, you can apply Microsoft 365 compliance features such as Litigation Hold, eDiscovery, retention policies and retention labels, and communication compliance. Using an XIP connector to import and archive data in Microsoft 365 can help your organization stay compliant with government and regulatory policies.
The following overview explains the process of using a connector to archive the
1. Your organization works with the XIP source to set up and configure an XIP site.
-2. Once every 24 hours, XIP source items are copied to the Globanet Merge1 site. The connector also converts the content to an email message format.
+2. Once every 24 hours, XIP source items are copied to the Veritas Merge1 site. The connector also converts the content to an email message format.
-3. The XIP connector that you create in the Microsoft 365 compliance center, connects to the Globanet Merge1 site every day and transfers the messages to a secure Azure Storage location in the Microsoft cloud.
+3. The XIP connector that you create in the Microsoft 365 compliance center, connects to the Veritas Merge1 site every day and transfers the messages to a secure Azure Storage location in the Microsoft cloud.
4. The connector imports the converted message items to the mailboxes of specific users using the value of the *Email* property of the automatic user mapping as described in [Step 3](#step-3-map-users-and-complete-the-connector-setup). A subfolder in the Inbox folder named **XIP** is created in the user mailboxes, and the items are imported to that folder. The connector determines which mailbox to import items to by using the value of the *Email* property. Every source item contains this property, which is populated with the email address of every participant. ## Before you begin -- Create a Globanet Merge1 account for Microsoft connectors. To create an account, contact [Globanet Customer Support](https://globanet.com/contact-us/). You need to sign into this account when you create the connector in Step 1.
+- Create a Veritas Merge1 account for Microsoft connectors. To create an account, contact [Veritas Customer Support](https://www.veritas.com/content/support/). You need to sign into this account when you create the connector in Step 1.
- The user who creates the XIP connector in Step 1 (and completes it in Step 3) must be assigned to the Mailbox Import Export role in Exchange Online. This role is required to add connectors on the Data connectors page in the Microsoft 365 compliance center. By default, this role is not assigned to any role group in Exchange Online. You can add the Mailbox Import Export role to the Organization Management role group in Exchange Online. Or you can create a role group, assign the Mailbox Import Export role, and then add the appropriate users as members. For more information, see the [Create role groups](/Exchange/permissions-exo/role-groups#create-role-groups) or [Modify role groups](/Exchange/permissions-exo/role-groups#modify-role-groups) sections in the article "Manage role groups in Exchange Online".
The first step is to access to the **Data Connectors** page in the Microsoft365
5. Sign in to your Merge1 account to configure the connector.
-## Step 2: Configure the XIP connector on the Globanet Merge1 site
+## Step 2: Configure the XIP connector on the Veritas Merge1 site
The second step is to configure the XIP connector on the Merge1 site. For information about how to configure the XIP connector, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20XIP%20User%20Guide%20.pdf).
compliance Archive Xslt Xml Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-xslt-xml-data.md
localization_priority: Normal
-description: "Admins can set up a connector to import and archive XSLT/XML data from Globanet in Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365 so you can use compliance features such as legal hold, content search, and retention policies to manage your organization's third-party data."
+description: "Admins can set up a connector to import and archive XSLT/XML data from Veritas in Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365 so you can use compliance features such as legal hold, content search, and retention policies to manage your organization's third-party data."
# Set up a connector to archive XSLT/XML data
-Use a Globanet connector in the Microsoft 365 compliance center to import and archive data from the Web page source to user mailboxes in your Microsoft 365 organization. Globanet provides you with an [XSLT/XML connector](https://globanet.com/xslt-xml) that allows the rapid development of files created by using XSLT (Extensible Style sheet Language Transformations) to transform XML files into other file formats (such as HTML or text) that can be imported to Microsoft 365. The connector converts the content of an item from the XSLT/XML source to an email message format and then imports the converted item to Microsoft 365 mailboxes.
+Use a Veritas connector in the Microsoft 365 compliance center to import and archive data from the Web page source to user mailboxes in your Microsoft 365 organization. Veritas provides you with an [XSLT/XML connector](https://globanet.com/xslt-xml) that allows the rapid development of files created by using XSLT (Extensible Style sheet Language Transformations) to transform XML files into other file formats (such as HTML or text) that can be imported to Microsoft 365. The connector converts the content of an item from the XSLT/XML source to an email message format and then imports the converted item to Microsoft 365 mailboxes.
After XSLT/XML data is stored in user mailboxes, you can apply Microsoft 365 compliance features such as Litigation Hold, eDiscovery, and retention policies and retention labels. Using an XSLT/XML connector to import and archive data in Microsoft 365 can help your organization stay compliant with government and regulatory policies.
The following overview explains the process of using a connector to archive XSLT
1. Your organization works with the XSLT/XML source to set up and configure an XSLT/XML site.
-2. Once every 24 hours, chat messages from the XSLT/XML source are copied to the Globanet Merge1 site. The connector also converts the content to an email message format.
+2. Once every 24 hours, chat messages from the XSLT/XML source are copied to the Veritas Merge1 site. The connector also converts the content to an email message format.
-3. The XSLT/XML connector that you create in the Microsoft 365 compliance center, connects to the Globanet Merge1 site every day and transfers the messages to a secure Azure Storage location in the Microsoft cloud.
+3. The XSLT/XML connector that you create in the Microsoft 365 compliance center, connects to the Veritas Merge1 site every day and transfers the messages to a secure Azure Storage location in the Microsoft cloud.
4. The connector imports the converted message items to the mailboxes of specific users using the value of the *Email* property of the automatic user mapping as described in Step 3. A new subfolder in the Inbox folder named **XSLT/XML** is created in the user mailboxes, and the message items are imported to that folder. The connector does this by using the value of the *Email* property. Every message contains this property, which is populated with the email address of every participant of the message. ## Before you begin -- Create a Globanet Merge1 account for Microsoft connectors. To create this account, contact [Globanet Customer Support](https://globanet.com/contact-us/). You will sign into this account when you create the connector in Step 1.
+- Create a Veritas Merge1 account for Microsoft connectors. To create this account, contact [Veritas Customer Support](https://www.veritas.com/content/support/). You will sign into this account when you create the connector in Step 1.
- The user who creates the XSLT/XML connector in Step 1 (and completes it in Step 3) must be assigned to the Mailbox Import Export role in Exchange Online. This role is required to add connectors on the **Data connectors** page in the Microsoft 365 compliance center. By default, this role is not assigned to a role group in Exchange Online. You can add the Mailbox Import Export role to the Organization Management role group in Exchange Online. Or you can create a role group, assign the Mailbox Import Export role, and then add the appropriate users as members. For more information, see the [Create role groups](/Exchange/permissions-exo/role-groups#create-role-groups) or [Modify role groups](/Exchange/permissions-exo/role-groups#modify-role-groups) sections in the article "Manage role groups in Exchange Online".
The first step is to access to the **Data Connectors** in the Microsoft 365 comp
## Step 2: Configure an XSLT/XML connector
-The second step is to configure the XSLT/XML connector on the Merge1 site. For information about how to configure the XSLT/XML connector on the Globanet Merge1 site, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20XSLT-XML%20User%20Guide%20.pdf).
+The second step is to configure the XSLT/XML connector on the Merge1 site. For information about how to configure the XSLT/XML connector on the Veritas Merge1 site, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20XSLT-XML%20User%20Guide%20.pdf).
After you click **Save & Finish**, the **User mapping** page in the connector wizard in the Microsoft 365 compliance center is displayed.
compliance Archive Yieldbroker Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-yieldbroker-data.md
localization_priority: Normal
-description: "Admins can set up a connector to import and archive Yieldbroker data from Globanet to Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."
+description: "Admins can set up a connector to import and archive Yieldbroker data from Veritas to Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."
# Set up a connector to archive Yieldbroker data
-Use a Globanet connector in the Microsoft 365 compliance center to import and archive data from the Yieldbroker to user mailboxes in your Microsoft 365 organization. Globanet provides you with a [Yieldbroker](https://globanet.com/yieldbroker/) connector that's configured to capture items from the third-party data source and import those items to Microsoft 365. The connector converts the content from Yieldbroker to an email message format and then imports those items to the userΓÇÖs mailbox in Microsoft 365.
+Use a Veritas connector in the Microsoft 365 compliance center to import and archive data from the Yieldbroker to user mailboxes in your Microsoft 365 organization. Veritas provides you with a [Yieldbroker](https://globanet.com/yieldbroker/) connector that's configured to capture items from the third-party data source and import those items to Microsoft 365. The connector converts the content from Yieldbroker to an email message format and then imports those items to the userΓÇÖs mailbox in Microsoft 365.
After Yieldbroker is stored in user mailboxes, you can apply Microsoft 365 compliance features such as Litigation Hold, eDiscovery, retention policies, and retention labels. Using a Yieldbroker connector to import and archive data in Microsoft 365 can help your organization stay compliant with government and regulatory policies.
The following overview explains the process of using a connector to archive the
1. Your organization works with the Yieldbroker to set up and configure a Yieldbroker site.
-2. Once every 24 hours, Yieldbroker items are copied to the Globanet Merge1 site. The connector also converts the content to an email message format.
+2. Once every 24 hours, Yieldbroker items are copied to the Veritas Merge1 site. The connector also converts the content to an email message format.
-3. The Yieldbroker connector that you create in the Microsoft 365 compliance center, connects to the Globanet Merge1 site every day and transfers the messages to a secure Azure Storage location in the Microsoft cloud.
+3. The Yieldbroker connector that you create in the Microsoft 365 compliance center, connects to the Veritas Merge1 site every day and transfers the messages to a secure Azure Storage location in the Microsoft cloud.
4. The connector imports the converted Yieldbroker items to the mailboxes of specific users using the value of the *Email* property of the automatic user mapping as described in [Step 3](#step-3-map-users-and-complete-the-connector-setup). A subfolder in the Inbox folder named **Yieldbroker** is created in the user mailboxes, and the items are imported to that folder. The connector determines which mailbox to import items to by using the value of the *Email* property. Every Yieldbroker contains this property, which is populated with the email address of every participant of the item. ## Before you begin -- Create a Globanet Merge1 account for Microsoft connectors. To create an account, contact [Globanet Customer Support](https://globanet.com/contact-us/). You need to sign into this account when you create the connector in Step 1.
+- Create a Veritas Merge1 account for Microsoft connectors. To create an account, contact [Veritas Customer Support](https://www.veritas.com/content/support/). You need to sign into this account when you create the connector in Step 1.
- The user who creates the Yieldbroker connector in Step 1 (and completes it in Step 3) must be assigned to the Mailbox Import Export role in Exchange Online. This role is required to add connectors on the Data connectors page in the Microsoft 365 compliance center. By default, this role is not assigned to any role group in Exchange Online. You can add the Mailbox Import Export role to the Organization Management role group in Exchange Online. Or you can create a role group, assign the Mailbox Import Export role, and then add the appropriate users as members. For more information, see the [Create role groups](/Exchange/permissions-exo/role-groups#create-role-groups) or [Modify role groups](/Exchange/permissions-exo/role-groups#modify-role-groups) sections in the article "Manage role groups in Exchange Online".
The first step is to access to the **Data Connectors** page in the Microsoft 365
5. Sign in to your Merge1 account to configure the connector.
-## Step 2: Configure the Yieldbroker connector on the Globanet Merge1 site
+## Step 2: Configure the Yieldbroker connector on the Veritas Merge1 site
The second step is to configure the Yieldbroker connector on the Merge1 site. For information about how to configure the Yieldbroker, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20Yieldbroker%20User%20Guide%20.pdf).
compliance Archive Zoommeetings Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-zoommeetings-data.md
localization_priority: Normal
-description: "Admins can set up a connector to import and archive data from Globanet Zoom Meetings into Microsoft 365. This lets you archive data from third-party data sources in Microsoft 365 so you can use compliance features such as legal hold, content search, and retention policies to manage your organization's third-party data."
+description: "Admins can set up a connector to import and archive data from Veritas Zoom Meetings into Microsoft 365. This lets you archive data from third-party data sources in Microsoft 365 so you can use compliance features such as legal hold, content search, and retention policies to manage your organization's third-party data."
# Set up a connector to archive Zoom Meetings data
-Use a Globanet connector in the Microsoft 365 compliance center to import and archive data from Zoom Meetings to user mailboxes in your Microsoft 365 organization. Globanet provides a [Zoom Meetings](https://globanet.com/zoom/) connector that is configured to capture items from the third-party data source (on a regular basis) and import those items to Microsoft 365. The connector converts the content of the meetings (including chats, recorded files, and metadata) from the Zoom Meetings account to an email message format and then imports those items to user mailboxes in Microsoft 365.
+Use a Veritas connector in the Microsoft 365 compliance center to import and archive data from Zoom Meetings to user mailboxes in your Microsoft 365 organization. Veritas provides a [Zoom Meetings](https://globanet.com/zoom/) connector that is configured to capture items from the third-party data source (on a regular basis) and import those items to Microsoft 365. The connector converts the content of the meetings (including chats, recorded files, and metadata) from the Zoom Meetings account to an email message format and then imports those items to user mailboxes in Microsoft 365.
After Zoom Meetings data is stored in user mailboxes, you can apply Microsoft 365 compliance features such as Litigation Hold, eDiscovery, retention policies and retention labels, and communication compliance. Using a Zoom Meetings connector to import and archive data in Microsoft 365 can help your organization stay compliant with government and regulatory policies.
The following overview explains the process of using a connector to archive Zoom
1. Your organization works with Zoom Meetings to set up and configure a Zoom Meetings site.
-2. Once every 24 hours, meeting items from Zoom Meetings are copied to the Globanet Merge1 site. The connector also converts the content of the meetings to an email message format.
+2. Once every 24 hours, meeting items from Zoom Meetings are copied to the Veritas Merge1 site. The connector also converts the content of the meetings to an email message format.
-3. The Zoom Meetings connector that you create in the Microsoft 365 compliance center, connects to the Globanet Merge1 every day, and transfers the meeting messages to a secure Azure Storage location in the Microsoft cloud.
+3. The Zoom Meetings connector that you create in the Microsoft 365 compliance center, connects to the Veritas Merge1 every day, and transfers the meeting messages to a secure Azure Storage location in the Microsoft cloud.
4. The connector imports the converted meeting items to the mailboxes of specific users using the value of the *Email* property and automatic user mapping, as described in Step 3. A new subfolder in the Inbox folder named **Zoom Meetings** is created in user mailboxes, and the meeting items are imported to that folder. The connector does this by using the value of the *Email* property. Every meeting item contains this property, which is populated with the email address of every participant of the meeting. ## Before you begin -- Create a Globanet Merge1 account for Microsoft connectors. To create this account, contact [Globanet Customer Support](https://globanet.com/ms-connectors-contact). You will sign into this account when you create the connector in Step 1.
+- Create a Veritas Merge1 account for Microsoft connectors. To create this account, contact [Veritas Customer Support](https://globanet.com/ms-connectors-contact). You will sign into this account when you create the connector in Step 1.
- Obtain the username and password for your organization's Zoom Business or Zoom Enterprise account. You'll need to sign into this account in Step 2 when you configure the Zoom Meetings connector.
The first step is to access the **Data Connectors** in the Microsoft 365 complia
## Step 2: Configure the Zoom Meetings connector
-The second step is to configure the Zoom Meetings connector on the Merge1 site. For more information about how to configure the Zoom Meetings connector on the Globanet Merge1 site, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20Zoom%20Meetings%20User%20Guide%20.pdf).
+The second step is to configure the Zoom Meetings connector on the Merge1 site. For more information about how to configure the Zoom Meetings connector on the Veritas Merge1 site, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20Zoom%20Meetings%20User%20Guide%20.pdf).
After you click **Save & Finish**, the **User mapping** page in the connector wizard in the Microsoft 365 compliance center is displayed.
compliance Archiving Third Party Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archiving-third-party-data.md
The following table lists the third-party data connectors available in the Micro
|||||||| > [!NOTE]
-> <sup>1</sup> Data connector provided by TeleMessage. Before you can archive data in Microsoft 365, you have to work with TeleMessage to set up their archiving service for your organization. For more information, see the prerequisite section in the step-by-step instructions for this data type.<br/><br/><sup>2</sup> Data connector provided by Globanet. Before you can archive data in Microsoft 365, you have to work with Globanet to set up their archiving service for your organization. For more information, see the prerequisite section in the step-by-step instructions for this data type.
+> <sup>1</sup> Data connector provided by TeleMessage. Before you can archive data in Microsoft 365, you have to work with TeleMessage to set up their archiving service for your organization. For more information, see the prerequisite section in the step-by-step instructions for this data type.<br/><br/><sup>2</sup> Data connector provided by Veritas. Before you can archive data in Microsoft 365, you have to work with Veritas to set up their archiving service for your organization. For more information, see the prerequisite section in the step-by-step instructions for this data type.
The third-party data listed in the previous table (except for HR data and physical badging data) is imported into user mailboxes. The corresponding compliance solutions that support third-party data are applied to the user mailbox where the data is stored.
compliance Communication Compliance Configure https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-configure.md
Use this option to assign users to specific role groups to segment communication
9. Select **Close** to complete the steps.
-For more information about role groups and permissions, see [Permissions in the Compliance Center](../security/office-365-security/protect-against-threats.md).
+For more information about role groups and permissions, see [Permissions in the Compliance Center](../security/defender-365-security/protect-against-threats.md).
## Step 2 (required): Enable the audit log
compliance Compliance Manager Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-setup.md
To set permissions and assign roles in the Office 365 Security & Compliance cent
##### More about the Office 365 Security & Compliance Center
-Learn more about [permissions in the Office 365 Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md).
+Learn more about [permissions in the Office 365 Security & Compliance Center](../security/defender-365-security/permissions-in-the-security-and-compliance-center.md).
If you don't have access to the Office 365 Security and Compliance Center, or if you need to access the classic version of Compliance Manager in the Microsoft Service Trust Portal, the Admin settings in the Service Trust Portal provides another way to assign roles ([view instructions](meet-data-protection-and-regulatory-reqs-using-microsoft-cloud.md#assigning-compliance-manager-roles-to-users)). Be aware that such roles are more limited in their functionality.
The Compliance Manager settings in the Microsoft 365 compliance center allow you
### Set up automated testing
-Some improvement actions in Compliance Manager are also monitored by [Microsoft Secure Score](../security/mtp/microsoft-secure-score.md). You can set up automated testing of actions that are jointly monitored, which means that when an action is tested and updated in Secure Score, those results synch with the same actions in Compliance Manager and count toward your compliance score.
+Some improvement actions in Compliance Manager are also monitored by [Microsoft Secure Score](../security/defender/microsoft-secure-score.md). You can set up automated testing of actions that are jointly monitored, which means that when an action is tested and updated in Secure Score, those results synch with the same actions in Compliance Manager and count toward your compliance score.
Automatic testing is turned on by default for organizations new to Compliance Manager. When you first deploy Microsoft 365 or Office 365, it takes approximately seven days for Secure Score to fully collect data and factor it into your compliance score. When automated testing is turned on, the actionΓÇÖs test date wonΓÇÖt be updated, but its test status will update. When new assessments are created, scores automatically include Microsoft control scores and Secure Score integration.
compliance Compliance Quick Tasks https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-quick-tasks.md
ItΓÇÖs important to manage who in your organization has access to the Microsoft
Start by assigning compliance permissions to the people in your organization so that they can perform these tasks and to prevent unauthorized people from having access to areas outside of their responsibilities. YouΓÇÖll want to make sure that youΓÇÖve assigned the proper people to the **Compliance data administrator** and the **Compliance administrator** admin roles before you start to configure and implement compliance solutions included with Microsoft 365. YouΓÇÖll also need to assign users to the Azure Active Directory global reader role to view data in Compliance Manager.
-For step-by-step guidance to configure permissions and assign people to admin roles, see [Permissions in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md).
+For step-by-step guidance to configure permissions and assign people to admin roles, see [Permissions in the Security & Compliance Center](../security/defender-365-security/permissions-in-the-security-and-compliance-center.md).
## Task 2: Know your state of compliance
For step-by-step guidance to get started with Compliance Manager, see [Get start
>[!IMPORTANT] >Security and compliance are tightly integrated for most organizations. ItΓÇÖs important that your organization addresses basic security, threat protection, and identity and access management areas to help provide a defense in-depth approach to both security and compliance. >
->Check your [Microsoft 365 Secure Score](../security/mtp/microsoft-secure-score.md) in the Microsoft 365 security center and completing the tasks outlined in the following articles:
+>Check your [Microsoft 365 Secure Score](../security/defender/microsoft-secure-score.md) in the Microsoft 365 security center and completing the tasks outlined in the following articles:
>
-> - [Security roadmap - Top priorities for the first 30 days, 90 days, and beyond](../security/office-365-security/security-roadmap.md)
+> - [Security roadmap - Top priorities for the first 30 days, 90 days, and beyond](../security/defender-365-security/security-roadmap.md)
> - [Top 12 tasks for security teams to support working from home](../security/top-security-tasks-for-remote-work.md) ## Task 3: Enable auditing for your organization
compliance Compliance Score Calculation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-score-calculation.md
Your action status is updated on your dashboard every 24 hours. Once you follow
For example, if you turn on multi-factor authentication (MFA) in the Azure AD portal, Compliance Manager detects the setting and reflects it in the control access solution details. Conversely, if you didnΓÇÖt turn on MFA, Compliance Manager flags that as a recommended action for you to take.
-Learn more about [Secure Score and how it works](../security/mtp/microsoft-secure-score.md).
+Learn more about [Secure Score and how it works](../security/defender/microsoft-secure-score.md).
## Action types and points
compliance Create Activity Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-activity-alerts.md
You can create an activity alert that will send you an email notification when u
## Confirm roles and configure audit logging -- You must be assigned the Organization Configuration role in the Security & Compliance Center to manage activity alerts. By default, this role is assigned to the Compliance Administrator and Organization Management role groups. For more information about adding members to role groups, see [Give users access to the Security & Compliance Center](../security/office-365-security/grant-access-to-the-security-and-compliance-center.md).
+- You must be assigned the Organization Configuration role in the Security & Compliance Center to manage activity alerts. By default, this role is assigned to the Compliance Administrator and Organization Management role groups. For more information about adding members to role groups, see [Give users access to the Security & Compliance Center](../security/defender-365-security/grant-access-to-the-security-and-compliance-center.md).
- You (or another admin) must first turn on audit logging for your organization before you can start using activity alerts. To do this, just click **Start recording user and admin activity** on the **Activity alerts** page. (If you don't see this link, auditing has already been turned on for your organization.) You can also turn on auditing on the **Audit log search** page in the Security & Compliance Center (go to **Search** \> **Audit log search**). You only have to do this once for your organization.
compliance Create Test Tune Dlp Policy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-test-tune-dlp-policy.md
Members of your compliance team who will create DLP policies need permissions to
Use the **View-Only DLP Compliance Management** role to create role group with view-only privileges to the DLP policies and DLP reports.
-For more information, see [Give users access to the Office 365 Compliance Center](../security/office-365-security/grant-access-to-the-security-and-compliance-center.md).
+For more information, see [Give users access to the Office 365 Compliance Center](../security/defender-365-security/grant-access-to-the-security-and-compliance-center.md).
These permissions are required to create and apply a DLP policy not to enforce policies.
compliance Data Loss Prevention Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/data-loss-prevention-policies.md
Members of your compliance team who will create DLP policies need permissions to
You can also create a role group with view-only privileges to the DLP policies and DLP reports by granting the **View-Only DLP Compliance Management** role.
-For more information, see [Give users access to the Office 365 Compliance Center](../security/office-365-security/grant-access-to-the-security-and-compliance-center.md).
+For more information, see [Give users access to the Office 365 Compliance Center](../security/defender-365-security/grant-access-to-the-security-and-compliance-center.md).
These permissions are required only to create and apply a DLP policy. Policy enforcement does not require access to the content.
compliance Data Spillage Scenariosearch And Purge https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/data-spillage-scenariosearch-and-purge.md
To further investigate if email with spilled data was shared, you can optionally
You can use Message trace in the security and compliance center or use the corresponding cmdlets in Exchange Online PowerShell. It's important to note that message tracing doesn't offer full guarantees on the completeness of data returned. For more information about using Message trace, see: -- [Message trace in the Security & Compliance Center](../security/office-365-security/message-trace-scc.md)
+- [Message trace in the Security & Compliance Center](../security/defender-365-security/message-trace-scc.md)
- [New Message Trace in Security & Compliance Center](https://blogs.technet.microsoft.com/exchange/2018/05/02/new-message-trace-in-office-365-security-compliance-center/)
compliance Define Mail Flow Rules To Encrypt Email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/define-mail-flow-rules-to-encrypt-email.md
If you haven't yet moved your organization to the new OME capabilities, Microsof
[Mail flow rules (transport rules) in Exchange Online](/exchange/security-and-compliance/mail-flow-rules/mail-flow-rules)
-[Mail flow rules (transport rules) in Exchange Online Protection](../security/office-365-security/mail-flow-rules-transport-rules-0.md)
+[Mail flow rules (transport rules) in Exchange Online Protection](../security/defender-365-security/mail-flow-rules-transport-rules-0.md)
compliance Disposition https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/disposition.md
To grant users just the permissions they need for disposition reviews without gr
Additionally, to view the contents of items during the disposition process, add users to the following two role groups: **Content Explorer Content Viewer** and **Content Explorer List Viewer**. If users don't have the permissions from these role groups, they can still select a disposition review action to complete the disposition review, but must do so without being able to view the item's contents from the compliance center.
-For instructions to configure these permissions, see [Give users access to the Office 365 Security & Compliance Center](../security/office-365-security/grant-access-to-the-security-and-compliance-center.md).
+For instructions to configure these permissions, see [Give users access to the Office 365 Security & Compliance Center](../security/defender-365-security/grant-access-to-the-security-and-compliance-center.md).
### Enable auditing
compliance Download Existing Reports https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/download-existing-reports.md
description: "Learn how to download one or more existing reports in the Security
# Download existing reports in the Security &amp; Compliance Center
-In the [Security &amp; Compliance Center](https://protection.office.com), several [reports and insights](../security/office-365-security/reports-and-insights-in-security-and-compliance.md) are available to help your organization's security team mitigate and address threats to your organization. If you're a member of your organization's security team, you can download one or more existing reports.
+In the [Security &amp; Compliance Center](https://protection.office.com), several [reports and insights](../security/defender-365-security/reports-and-insights-in-security-and-compliance.md) are available to help your organization's security team mitigate and address threats to your organization. If you're a member of your organization's security team, you can download one or more existing reports.
## Download existing reports > [!IMPORTANT]
-> Make sure that you have the necessary [permissions assigned in the Security &amp; Compliance Center](../security/office-365-security/protect-against-threats.md). In general, global administrators, security administrators, and security readers can access reports in the Security &amp; Compliance Center.
+> Make sure that you have the necessary [permissions assigned in the Security &amp; Compliance Center](../security/defender-365-security/protect-against-threats.md). In general, global administrators, security administrators, and security readers can access reports in the Security &amp; Compliance Center.
1. In the [Security &amp; Compliance Center](https://protection.office.com), go to **Reports** \> **Reports for download**.
In the [Security &amp; Compliance Center](https://protection.office.com), severa
## Related topics
-[Reports and insights in the Security &amp; Compliance Center](../security/office-365-security/reports-and-insights-in-security-and-compliance.md)
+[Reports and insights in the Security &amp; Compliance Center](../security/defender-365-security/reports-and-insights-in-security-and-compliance.md)
-[Create a schedule for a report in the Security &amp; Compliance Center](../security/office-365-security/view-reports-for-atp.md)
+[Create a schedule for a report in the Security &amp; Compliance Center](../security/defender-365-security/view-reports-for-mdo.md)
-[Manage schedules for reports in the Security &amp; Compliance Center](../security/office-365-security/view-reports-for-atp.md)
+[Manage schedules for reports in the Security &amp; Compliance Center](../security/defender-365-security/view-reports-for-mdo.md)
-[Download a custom report in the Security &amp; Compliance Center](../security/office-365-security/view-reports-for-atp.md)
+[Download a custom report in the Security &amp; Compliance Center](../security/defender-365-security/view-reports-for-mdo.md)
compliance Get Started With Records Management https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/get-started-with-records-management.md
Members of your compliance team who are responsible for records management need
For a read-only role, you can create a new role group and add the **View-Only Record Management** role to this group.
-For more information about role groups and roles, see [Permissions in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#roles-in-the-security--compliance-center).
+For more information about role groups and roles, see [Permissions in the Security & Compliance Center](../security/defender-365-security/permissions-in-the-security-and-compliance-center.md#roles-in-the-security--compliance-center).
-For instructions to add users to role groups and assign roles, see [Give users access to the Security & Compliance Center](../security/office-365-security/grant-access-to-the-security-and-compliance-center.md).
+For instructions to add users to role groups and assign roles, see [Give users access to the Security & Compliance Center](../security/defender-365-security/grant-access-to-the-security-and-compliance-center.md).
These permissions are required only to create, configure, and apply retention labels that declare records, and manage disposition. The person configuring these labels doesn't require access to the content.
compliance Get Started With Retention https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/get-started-with-retention.md
Members of your compliance team who will create and manage retention policies an
Alternatively to using this default role, you can create a new role group and add the **Retention Management** role to this group. For a read-only role, use **View-Only Retention Management**.
-For more information about role groups and roles, see [Permissions in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#roles-in-the-security--compliance-center).
+For more information about role groups and roles, see [Permissions in the Security & Compliance Center](../security/defender-365-security/permissions-in-the-security-and-compliance-center.md#roles-in-the-security--compliance-center).
-For instructions to add users to role groups and assign roles, see [Give users access to the Security & Compliance Center](../security/office-365-security/grant-access-to-the-security-and-compliance-center.md).
+For instructions to add users to role groups and assign roles, see [Give users access to the Security & Compliance Center](../security/defender-365-security/grant-access-to-the-security-and-compliance-center.md).
These permissions are required only to create, configure, and apply retention policies and retention labels. The person configuring these policies and labels doesn't require access to the content.
compliance Get Started With Sensitivity Labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/get-started-with-sensitivity-labels.md
By default, global administrators for your tenant have access to these admin cen
Alternatively to using the default roles, you can create a new role group and add either **Sensitivity Label Administrator** or **Organization Configuration** roles to this group. For a read-only role, use **Sensitivity Label Reader**.
-For instructions to add users to the default roles or create your own role groups, see [Give users access to the Office 365 Security & Compliance Center](../security/office-365-security/grant-access-to-the-security-and-compliance-center.md).
+For instructions to add users to the default roles or create your own role groups, see [Give users access to the Office 365 Security & Compliance Center](../security/defender-365-security/grant-access-to-the-security-and-compliance-center.md).
These permissions are required only to create and configure sensitivity labels and their label policies. They are not required to apply the labels in apps or services. If additional permissions are needed for specific configurations that relate to sensitivity labels, those permissions will be listed in their respective documentation instructions.
compliance Information Barriers https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/information-barriers.md
To [define or edit information barrier policies](information-barriers-policies.m
- Compliance administrator - IB Compliance Management
-(To learn more about roles and permissions, see [Permissions in the Office 365 Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md).)
+(To learn more about roles and permissions, see [Permissions in the Office 365 Security & Compliance Center](../security/defender-365-security/permissions-in-the-security-and-compliance-center.md).)
You must be familiar with PowerShell cmdlets in order to define, validate, or edit information barrier policies. Although we provide several examples of PowerShell cmdlets in the [how-to article](information-barriers-policies.md), you'll need to know other details, such as parameters, for your organization.
compliance Legacy Information For Message Encryption https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/legacy-information-for-message-encryption.md
When an encrypted reply is sent from the encryption portal or through the OME Vi
**Q. I am an Exchange Hosted Encryption (EHE) subscriber. Where can I learn more about the upgrade to Office 365 Message Encryption?**
-All EHE customers have been upgraded to Office 365 Message Encryption. For more information, visit the [Exchange Hosted Encryption Upgrade Center](../security/office-365-security/exchange-online-protection-overview.md).
+All EHE customers have been upgraded to Office 365 Message Encryption. For more information, visit the [Exchange Hosted Encryption Upgrade Center](../security/defender-365-security/exchange-online-protection-overview.md).
**Q. Do I need to open any URLs, IP addresses, or ports in my organization's firewall to support Office 365 Message Encryption?**
compliance Microsoft 365 Compliance Center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/microsoft-365-compliance-center.md
You can also use the **Add cards** feature to add additional cards, such as one
## Easy navigation to more compliance features and capabilities
-In addition to links in cards on the home page, you'll see a navigation pane on the left side of the screen that gives you easy access to your [alerts](../security/office-365-security/alerts.md), [reports](reports-in-security-and-compliance.md), [policies](alert-policies.md), compliance solutions, and more. To add or remove options for a customized navigation pane, use the **Customize navigation** control on the navigation pane. This opens the **Customize your navigation pane** settings so you can configure which items appear in the navigation pane.
+In addition to links in cards on the home page, you'll see a navigation pane on the left side of the screen that gives you easy access to your [alerts](../security/defender-365-security/alerts.md), [reports](reports-in-security-and-compliance.md), [policies](alert-policies.md), compliance solutions, and more. To add or remove options for a customized navigation pane, use the **Customize navigation** control on the navigation pane. This opens the **Customize your navigation pane** settings so you can configure which items appear in the navigation pane.
| | | |||
-|![Navigation in the Microsoft 365 compliance center](../medi) <br> Automate and simplify the retention schedule for regulatory, legal and business-critical records in your organization.
+|![Navigation in the Microsoft 365 compliance center](../medi) <br> Automate and simplify the retention schedule for regulatory, legal and business-critical records in your organization.
## How do I get the compliance center?
compliance Ome Faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ome-faq.md
Yes! For information on customizing email messages and the OME portal, see Add y
## Are there any reporting capabilities or insights for encrypted emails?
-There is an Encryption report in the Security and Compliance Center. See [View email security reports in the Security & Compliance Center](../security/office-365-security/view-email-security-reports.md).
+There is an Encryption report in the Security and Compliance Center. See [View email security reports in the Security & Compliance Center](../security/defender-365-security/view-email-security-reports.md).
## Can I use message encryption with compliance features such as eDiscovery?
compliance Permissions Filtering For Content Search https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/permissions-filtering-for-content-search.md
Search permissions filtering is supported by the Content Search feature in the S
## Requirements to configure permissions filtering -- To run the compliance security filter cmdlets, you have to be a member of the Organization Management role group in the Security & Compliance Center. For more information, see [Permissions in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md).
+- To run the compliance security filter cmdlets, you have to be a member of the Organization Management role group in the Security & Compliance Center. For more information, see [Permissions in the Security & Compliance Center](../security/defender-365-security/permissions-in-the-security-and-compliance-center.md).
- You have to connect to both Exchange Online and Security & Compliance Center PowerShell to use the compliance security filter cmdlets. This is necessary because these cmdlets require access to mailbox properties, which is why you have to connect to Exchange Online PowerShell. See the steps in the next section.
compliance Plan For Security And Compliance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/plan-for-security-and-compliance.md
Orient yourself to the information protection capabilities in the Information Pr
After setting up your Microsoft 365 subscription, take note of your starting score. Secure Score provides configuration suggestions that you can take to increase your score. The goal is to be aware of opportunities that you can take to protect your environment which won't negatively affect the productivity of your users. -- [Introducing the Office 365 Secure Score](../security/mtp/microsoft-secure-score.md)
+- [Introducing the Office 365 Secure Score](../security/defender/microsoft-secure-score.md)
## Step 3: Plan access protection for identity and devices
Protecting access to your Microsoft 365 data and services is crucial to defendin
- [Protect access to data and services in Office 365](protect-access-to-data-and-services.md) -- [Secure email policies and configurations](../security/office-365-security/secure-email-recommended-policies.md)
+- [Secure email policies and configurations](../security/defender-365-security/secure-email-recommended-policies.md)
[PDF](https://go.microsoft.com/fwlink/p/?linkid=841656) | [Visio](https://go.microsoft.com/fwlink/p/?linkid=841657) | [More languages](https://www.microsoft.com/download/details.aspx?id=55032)
The Security &amp; Compliance Center gives you a single view into the controls y
- [Go to the Security &amp; Compliance Center](./microsoft-365-compliance-center.md) -- [Permissions in the Security &amp; Compliance Center](~/security/office-365-security/protect-against-threats.md)
+- [Permissions in the Security &amp; Compliance Center](~/security/defender-365-security/protect-against-threats.md)
-- [Give users access to the Security &amp; Compliance Center](~/security/office-365-security/grant-access-to-the-security-and-compliance-center.md)
+- [Give users access to the Security &amp; Compliance Center](~/security/defender-365-security/grant-access-to-the-security-and-compliance-center.md)
## Step 6: Use end-to-end security scenarios as starting points Use these recommended configurations as a starting point for enterprise scale or sophisticated access security scenarios. -- [Secure email policies and configurations](../security/office-365-security/secure-email-recommended-policies.md)
+- [Secure email policies and configurations](../security/defender-365-security/secure-email-recommended-policies.md)
- [Contoso in the Microsoft Cloud](../enterprise/contoso-case-study.md)
compliance Protect Access To Data And Services https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/protect-access-to-data-and-services.md
The administrative accounts you use to administer your Microsoft 365 environment
Begin by using administrator accounts only for administration. Admins should have a separate user account for regular, non-administrative use and only use their administrative account when necessary to complete a task associated with their job function.
-Protect your administrator accounts with multi-factor authentication and conditional access. For more information, see [Protecting administrator accounts](../security/office-365-security/identity-access-prerequisites.md#protecting-administrator-accounts).
+Protect your administrator accounts with multi-factor authentication and conditional access. For more information, see [Protecting administrator accounts](../security/defender-365-security/identity-access-prerequisites.md#protecting-administrator-accounts).
Next, configure privileged access management in Office 365. Privileged access management allows granular access control over privileged admin tasks in Office 365. It can help protect your organization from breaches that may use existing privileged admin accounts with standing access to sensitive data or access to critical configuration settings.
Another top recommendation is to use workstations specifically configured for ad
Finally, you can mitigate the impact of inadvertent lack of administrative access by creating two or more emergency access accounts in your tenant. See [Manage emergency access accounts in Azure AD](/azure/active-directory/users-groups-roles/directory-emergency-access). ## Step 3: Configure recommended identity and device access policies
-Multi-factor authentication (MFA) and conditional access policies are powerful tools for mitigating against compromised accounts and unauthorized access. We recommend implementing a set of policies that have been tested together. For more information, including deployment steps, see [Identity and device access configurations](../security/office-365-security/microsoft-365-policies-configurations.md).
+Multi-factor authentication (MFA) and conditional access policies are powerful tools for mitigating against compromised accounts and unauthorized access. We recommend implementing a set of policies that have been tested together. For more information, including deployment steps, see [Identity and device access configurations](../security/defender-365-security/microsoft-365-policies-configurations.md).
These policies implement the following capabilities: - Mult-factor authentication
Implementing Intune device compliance requires device enrollment. Managing devic
## Step 4: Configure SharePoint device access policies
-Microsoft recommends you protect content in SharePoint sites with sensitive and highly-regulated content with device access controls. For more information, see [Policy recommendations for securing SharePoint sites and files](../security/office-365-security/sharepoint-file-access-policies.md).
+Microsoft recommends you protect content in SharePoint sites with sensitive and highly-regulated content with device access controls. For more information, see [Policy recommendations for securing SharePoint sites and files](../security/defender-365-security/sharepoint-file-access-policies.md).
compliance Records Management https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/records-management.md
Use the following capabilities to support your records management solution in Mi
- **Export information about all disposed items** with the [export option](disposition.md#filter-and-export-the-views). -- **Set specific permissions** for records manager functions in your organization to [have the right access](../security/office-365-security/permissions-in-the-security-and-compliance-center.md).
+- **Set specific permissions** for records manager functions in your organization to [have the right access](../security/defender-365-security/permissions-in-the-security-and-compliance-center.md).
Using these capabilities, you can incorporate your organization's retention schedules and requirements into a records management solution that manages retention, records declaration, and disposition, to support the full lifecycle of your content.
compliance Revoke Ome Encrypted Mail https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/revoke-ome-encrypted-mail.md
There are multiple ways to find the Message ID of the email that you want to rev
#### To identify the Message ID of the email you want to revoke by using Office Message Encryption reports in the Security &amp; Compliance Center
-1. In the Security &amp; Compliance Center, navigate to the **Message encryption report**. For information on this report, see [View email security reports in the Security &amp; Compliance Center](../security/office-365-security/view-email-security-reports.md).
+1. In the Security &amp; Compliance Center, navigate to the **Message encryption report**. For information on this report, see [View email security reports in the Security &amp; Compliance Center](../security/defender-365-security/view-email-security-reports.md).
2. Choose the **View details** table and identify the message that you want to revoke.
compliance Search The Audit Log In Security And Compliance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance.md
The following table lists the activities in content explorer that are logged in
### Quarantine activities
-The following table lists the quarantine activities that you can search for in the audit log. For more information about quarantine, see [Quarantine email messages in Office 365](../security/office-365-security/quarantine-email-messages.md).
+The following table lists the quarantine activities that you can search for in the audit log. For more information about quarantine, see [Quarantine email messages in Office 365](../security/defender-365-security/quarantine-email-messages.md).
|Friendly name|Operation|Description| |:--|:--|:--|
compliance Set Up Encryption https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/set-up-encryption.md
With Office 365, several encryption capabilities are available by default. Addit
|Files are saved on Windows computers <br/> |Encryption at the computer level can be done using BitLocker on Windows devices. As an enterprise administrator or IT Pro, you can set this up using the Microsoft Deployment Toolkit (MDT). See [Set up MDT for BitLocker](/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker). <br/> | |Files are saved on mobile devices <br/> |Some kinds of mobile devices encrypt files that are saved to those devices by default. With [Capabilities of built-in Mobile Device Management for Office 365](https://support.microsoft.com/en-us/office/capabilities-of-built-in-mobile-device-management-for-microsoft-365-a1da44e5-7475-4992-be91-9ccec25905b0), you can set policies that determine whether to allow mobile devices to access data in Office 365. For example, you can set a policy that allows only devices that encrypt content to access Office 365 data. See [Create and deploy device security policies](https://support.microsoft.com/office/create-and-deploy-device-security-policies-d310f556-8bfb-497b-9bd7-fe3c36ea2fd6). <br/> For additional control over how mobile devices interact with Office 365, you can consider adding [Microsoft Intune](/mem/intune/fundamentals/setup-steps). <br/> | |You need control over the encryption keys used to encrypt your data in Microsoft's data centers <br/> | As an Office 365 administrator, you can control your organization's encryption keys and then configure Office 365 to use them to encrypt your data at rest in Microsoft's data centers. <br/> [Service encryption with Customer Key in Office 365](customer-key-overview.md) <br/> |
-|People are communicating via email (Exchange Online) <br/> | As an Exchange Online administrator, you have several options for configuring email encryption. These include: <br/> Using [Office 365 message encryption (OME)](set-up-new-message-encryption-capabilities.md) with Azure Rights Management (Azure RMS) to enable people to send encrypted messages inside or outside your organization <br/> Using [S/MIME for message signing and encryption](../security/office-365-security/s-mime-for-message-signing-and-encryption.md) to encrypt and digitally sign email messages <br/> Using TLS to [set up connectors for secure mail flow with another organization](/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/set-up-connectors-for-secure-mail-flow-with-a-partner) <br/> See [Email encryption in Office 365](./email-encryption.md). <br/> |
+|People are communicating via email (Exchange Online) <br/> | As an Exchange Online administrator, you have several options for configuring email encryption. These include: <br/> Using [Office 365 message encryption (OME)](set-up-new-message-encryption-capabilities.md) with Azure Rights Management (Azure RMS) to enable people to send encrypted messages inside or outside your organization <br/> Using [S/MIME for message signing and encryption](../security/defender-365-security/s-mime-for-message-signing-and-encryption.md) to encrypt and digitally sign email messages <br/> Using TLS to [set up connectors for secure mail flow with another organization](/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/set-up-connectors-for-secure-mail-flow-with-a-partner) <br/> See [Email encryption in Office 365](./email-encryption.md). <br/> |
|Files are accessed from team sites or document libraries (OneDrive for Business or SharePoint Online) <br/> |When people are working with files saved to OneDrive for Business or SharePoint Online, TLS connections are used. This is built into Office 365 automatically. See [Data Encryption in OneDrive for Business and SharePoint Online](./data-encryption-in-odb-and-spo.md). <br/> | |Files are shared in online meetings and IM conversations (Skype for Business Online) <br/> |When people are working with files using Skype for Business Online, TLS is used for the connection. This is built into Office 365 automatically. See [Security and Archiving (Skype for Business Online)](/office365/servicedescriptions/skype-for-business-online-service-description/skype-for-business-online-features). <br/> | |Files are shared in online meetings and IM conversations (Microsoft Teams) <br/> |When people are working with files using Microsoft Teams, TLS is used for the connection. This is built into Office 365 automatically. Microsoft Teams does not currently support inline rendering of encrypted email. To prevent encrypted email from landing in Microsoft Teams as encrypted, see [Message Encryption FAQ](./ome-faq.md?view=o365-worldwide#can-i-automatically-remove-encryption-on-incoming-and-outgoing-mail). <br/>
compliance Whats New https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/whats-new.md
Whether it be adding new solutions to the [Microsoft 365 compliance center](micr
> Some compliance features get rolled out at different speeds to our customers. If you aren't seeing a feature yet, try adding yourself to [targeted release](/office365/admin/manage/release-options-in-office-365). > [!TIP]
-> Interested in what's going on in other admin centers? Check out these articles:<br>[What's new in the Microsoft 365 admin center](/office365/admin/whats-new-in-preview)<br>[What's new in the SharePoint admin center](/sharepoint/what-s-new-in-admin-center)<br>[What's new in Microsoft 365 Defender](../security/mtp/whats-new.md)<br><br>
+> Interested in what's going on in other admin centers? Check out these articles:<br>[What's new in the Microsoft 365 admin center](/office365/admin/whats-new-in-preview)<br>[What's new in the SharePoint admin center](/sharepoint/what-s-new-in-admin-center)<br>[What's new in Microsoft 365 Defender](../security/defender/whats-new.md)<br><br>
And visit the [Microsoft 365 Roadmap](https://www.microsoft.com/en-us/microsoft-365/roadmap) to learn about Microsoft 365 features that were launched, are rolling out, are in development, have been cancelled, or previously released. ## January 2021
Improved workflow and functionality for [adding custodians](add-custodians-to-ca
### Data connectors
-[Four new Globanet connectors released](archiving-third-party-data.md#third-party-data-connectors): Redtail Speak, Salesforce Chatter, ServiceNow, and Yieldbroker.
+[Four new Veritas connectors released](archiving-third-party-data.md#third-party-data-connectors): Redtail Speak, Salesforce Chatter, ServiceNow, and Yieldbroker.
### Encryption
To make it easier to manage encrypted content in the eDiscovery workflow, Micros
### Data connectors
-[Five new Globanet connectors in preview](archiving-third-party-data.md#third-party-data-connectors). New connectors include Reuters Dealing, Reuters FX, CellTrust, XIP, generic MS SQL Database data.
+[Five new Veritas connectors in preview](archiving-third-party-data.md#third-party-data-connectors). New connectors include Reuters Dealing, Reuters FX, CellTrust, XIP, generic MS SQL Database data.
### Retention labels (disposition review)
Watch the video below to learn how Compliance Manager can help simplify how your
### Data connectors -- [New third-party data connectors](archiving-third-party-data.md#third-party-data-connectors). 25 new data connectors, including 14 connectors from Globanet and 8 from Telemessage.
+- [New third-party data connectors](archiving-third-party-data.md#third-party-data-connectors). 25 new data connectors, including 14 connectors from Veritas and 8 from Telemessage.
- [Physical badging connector](import-physical-badging-data.md). Import physical badging data, such as employeeΓÇÖs raw physical access events or any physical access alarms generated by your organization's badging system. Examples include entries to buildings, server rooms, or data centers. Physical badging data can be used by the insider risk management solution to help protect your organization from malicious activity or data theft inside your organization. ### Insider risk management
compliance Work With Partner To Archive Third Party Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/work-with-partner-to-archive-third-party-data.md
The following sections list the Microsoft partners (and the third-party data sou
[ArchiveSocial](#archivesocial)
-[Globanet](#globanet)
+[Veritas](#veritas)
[OpenText](#opentext)
The following sections list the Microsoft partners (and the third-party data sou
- Vimeo
-### Globanet
+### Veritas
-[Globanet](https://www.globanet.com) supports the following third-party data sources:
+[Veritas](https://www.globanet.com) supports the following third-party data sources:
- AOL with Pivot Client
contentunderstanding Set Up Content Understanding https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/set-up-content-understanding.md
To use SharePoint Syntex, your organization must have a subscription to SharePoi
If you cancel your SharePoint Syntex subscription at a future date (or your trial expires), users will no longer be able to create or run document understanding or form processing models, and the content center template will no longer be available. Additionally, term store reports, SKOS taxonomy import, and Content type push will no longer be available. No content will be deleted and site permissions will not be changed.
+### AI Builder credits
+
+If you have 300 or more SharePoint Syntex licenses for SharePoint Syntex in your organization, you will be allocated one million AI Builder credits. If you have fewer than 300 licenses, you must purchase AI Builder credits in order to use forms processing.
+
+You can estimate the AI Builder capacity thatΓÇÖs right for you with the [AI Builder calculator](https://powerapps.microsoft.com/ai-builder-calculator).
+
+Go to the [Power Platform admin center](https://admin.powerplatform.microsoft.com/resources/capacity) to check your credits and usage.
+ ## To set up SharePoint Syntex 1. In the Microsoft 365 admin center, select **Setup**, and then view the **Files and content** section.
To assign licenses:
5. Click **Save changes**.
-## AI Builder credits
-
-If you have 300 or more SharePoint Syntex licenses for SharePoint Syntex in your organization, you will be allocated one million AI Builder credits. If you have fewer than 300 licenses, you must purchase AI Builder credits in order to use forms processing.
-
-You can estimate the AI Builder capacity thatΓÇÖs right for you with the [AI Builder calculator](https://powerapps.microsoft.com/ai-builder-calculator).
-
-Go to the [Power Platform admin center](https://admin.powerplatform.microsoft.com/resources/capacity) to check your credits and usage.
- ## See also [Overview of the form processing model](/ai-builder/form-processing-model-overview)
-[Step-by-Step: How to Build a Document Understanding Model (video)](https://www.youtube.com/watch?v=DymSHObD-bg)
+[Step-by-Step: How to Build a Document Understanding Model (video)](https://www.youtube.com/watch?v=DymSHObD-bg)
enterprise Assign Licenses To User Accounts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/assign-licenses-to-user-accounts.md
For more informaion, see [group-based licensing in Azure AD](/azure/active-direc
With the appropriate set of user accounts that have been assigned licenses, you are now ready to: -- [Implement security](../security/office-365-security/security-roadmap.md)
+- [Implement security](../security/defender-365-security/security-roadmap.md)
- [Deploy client software, such as Microsoft 365 Apps](/DeployOffice/deployment-guide-microsoft-365-apps) - [Set up device management](device-management-roadmap-microsoft-365.md) - [Configure services and applications](configure-services-and-applications.md)
enterprise Azure Expressroute https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/azure-expressroute.md
description: Learn how to use Azure ExpressRoute with Office 365 and plan the ne
Learn how Azure ExpressRoute is used with Office 365 and how to plan the network implementation project that will be required if you are deploying Azure ExpressRoute for use with Office 365. Infrastructure and platform services running in Azure will often benefit by addressing network architecture and performance considerations. We recommend ExpressRoute for Azure in these cases. Software as a Service offerings like Office 365 and Dynamics 365 have been built to be accessed securely and reliably via the Internet. You can read about Internet performance and security and when you might consider Azure ExpressRoute for Office 365 in the article [Assessing Office 365 network connectivity](assessing-network-connectivity.md).
-> [!NOTE]
-> Microsoft authorization is required to use ExpressRoute for Office 365. Microsoft reviews every customer request and authorizes ExpressRoute for Office 365 usage when a customer's regulatory requirement mandates direct connectivity. If you have such requirements, please provide the text excerpt and web link to the regulation which you interpret to mean that direct connectivity is required in the [ExpressRoute for Office 365 Request Form](https://aka.ms/O365ERReview) to begin a Microsoft review. Unauthorized subscriptions trying to create route filters for Office 365 will receive an [error message](https://support.microsoft.com/kb/3181709).
+>[!NOTE]
+>Microsoft does not recommend ExpressRoute for Microsoft 365, nor does it provide the best connectivity model for the service in almost all circumstances. As such, Microsoft authorization is required to use this connectivity model for the service. Microsoft reviews every customer request and authorizes ExpressRoute for Microsoft 365 only in the rare scenarios where it is necessary.
+Please read the [ExpressRoute for Microsoft 365 guide](https://aka.ms/erguide) for more information and work with your Microsoft account team to submit an exception should you require, following comprehensive review of the guide.
+Unauthorized subscriptions trying to create route filters for Microsoft 365 will receive an [error message](https://support.microsoft.com/kb/3181709).
You can now add a direct network connection to Office 365 for selected Office 365 network traffic. Azure ExpressRoute offers a direct connection, predictable performance, and comes with an uptime SLA of 99.95% for the Microsoft networking components. You'll still require an internet connection for services that aren't supported over Azure ExpressRoute.
Ready to sign-up for [ExpressRoute for Office 365](https://aka.ms/ert)?
## See also
-[Microsoft 365 Enterprise overview](microsoft-365-overview.md)
+[Microsoft 365 Enterprise overview](microsoft-365-overview.md)
enterprise Cloud Only Prereqs M365 Test Environment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/cloud-only-prereqs-m365-test-environment.md
description: Create a Microsoft 365 environment to test identity and device acce
*This Test Lab Guide can only be used for Microsoft 365 for enterprise test environments.*
-[Identity and device access configurations](../security/office-365-security/microsoft-365-policies-configurations.md) are a set of recommended configurations and conditional access policies to protect access to all services that are integrated with Azure Active Directory (Azure AD).
+[Identity and device access configurations](../security/defender-365-security/microsoft-365-policies-configurations.md) are a set of recommended configurations and conditional access policies to protect access to all services that are integrated with Azure Active Directory (Azure AD).
-This article describes how to configure a Microsoft 365 test environment that meets the requirements of the [cloud only prerequisite configuration](../security/office-365-security/identity-access-prerequisites.md#prerequisites) for identity and device access.
+This article describes how to configure a Microsoft 365 test environment that meets the requirements of the [cloud only prerequisite configuration](../security/defender-365-security/identity-access-prerequisites.md#prerequisites) for identity and device access.
There are eight phases to setting up this test environment:
For Skype for Business Online:
Get-CsOAuthConfiguration ```
-The result is a test environment that meets the requirements of the [cloud-only prerequisite configuration](../security/office-365-security/identity-access-prerequisites.md#prerequisites) for identity and device access.
+The result is a test environment that meets the requirements of the [cloud-only prerequisite configuration](../security/defender-365-security/identity-access-prerequisites.md#prerequisites) for identity and device access.
## Next step
-Use [Common identity and device access policies](../security/office-365-security/identity-access-policies.md) to configure the policies that build on the prerequisites and protect identities and devices.
+Use [Common identity and device access policies](../security/defender-365-security/identity-access-policies.md) to configure the policies that build on the prerequisites and protect identities and devices.
## See also
Use [Common identity and device access policies](../security/office-365-security
[Microsoft 365 for enterprise overview](microsoft-365-overview.md)
-[Microsoft 365 for enterprise documentation](/microsoft-365-enterprise/)
+[Microsoft 365 for enterprise documentation](/microsoft-365-enterprise/)
enterprise Configure Services And Applications https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/configure-services-and-applications.md
If you want help getting Microsoft 365 set up, use **[FastTrack](https://www.mic
|**Services & applications**|**Resources**| |:--|:--| |**Microsoft 365 Suite** |- [Add your company branding to Microsoft 365 Sign In Page](https://support.office.com/article/Add-your-company-branding-to-Office-365-Sign-In-Page-a1229cdb-ce19-4da5-90c7-2b9b146aef0a) <br> - [Add customized help desk info to the Microsoft 365 help pane](https://support.office.com/article/Add-customized-help-desk-info-to-the-Office-365-help-pane-9dd9b104-68f7-4d49-9a30-82561c7d79a3) <br> - [Add integration with Azure AD and other applications](https://support.office.com/article/Integrated-Apps-and-Azure-AD-for-Office-365-administrators-cb2250e3-451e-416f-bf4e-363549652c2a). <br> - [Learn more about using groups](https://support.office.com/Article/Learn-more-about-groups-b565caa1-5c40-40ef-9915-60fdb2d97fa2) to collaborate with email, calendar, documents, and chat <br> - [Activate and use mobile device management in Microsoft 365](https://support.office.microsoft.com/article/Manage-mobile-devices-in-Office-365-dd892318-bc44-4eb1-af00-9db5430be3cd) <br> - [Monitor Microsoft 365 connectivity](monitor-connectivity.md) |
-|**Email** <br> (Exchange Online) | - Get ready to migrate with [Exchange Hybrid using the Exchange Deployment Assistant](https://technet.microsoft.com/exdeploy2013) <br> - Use the [Exchange migration advisor](https://aka.ms/office365setup) to get customized set up guidance <br> - [Set up Exchange Online Protection](../security/office-365-security/set-up-your-eop-service.md) |
+|**Email** <br> (Exchange Online) | - Get ready to migrate with [Exchange Hybrid using the Exchange Deployment Assistant](https://technet.microsoft.com/exdeploy2013) <br> - Use the [Exchange migration advisor](https://aka.ms/office365setup) to get customized set up guidance <br> - [Set up Exchange Online Protection](../security/defender-365-security/set-up-your-eop-service.md) |
|**Sites** <br> (SharePoint Online) | -Configure hybrid functionality for [SharePoint Server 2013](/SharePoint/hybrid/hybrid)<br> - [Create and use site templates](https://support.office.com/article/Create-and-use-site-templates-60371B0F-00E0-4C49-A844-34759EBDD989) to customize the look and feel of SharePoint Online <br> - Use the [SharePoint Online Planning Guide](https://support.office.com/article/SharePoint-Online-Planning-Guide-for-Office-365-for-business-d5089cdf-3fd2-4230-acbd-20ecda2f9bb8) or the [SharePoint Online deployment advisor](https://aka.ms/spoguidance) to plan and configure additional features <br> - Manage your [Video portal](https://support.office.com/article/Manage-your-Office-365-Video-portal-c059465b-eba9-44e1-b8c7-8ff7793ff5da) | |**IM and online meetings** <br> (Skype for Business Online) | - Configure hybrid functionality for [Lync Server 2013](/previous-versions/office/lync-server-2013/lync-server-2013-lync-server-2013-hybrid) or [Skype for Business 2015](/skypeforbusiness/hybrid/plan-hybrid-connectivity?bc=%2fSkypeForBusiness%2fbreadcrumb%2ftoc.json&toc=%2fSkypeForBusiness%2ftoc.json)<br> - [Set up Skype for Business Online](https://support.office.com/article/Set-up-Skype-for-Business-Online-40296968-e779-4259-980b-c2de1c044c6e) and configure common features such as call routing, conference calling, and sharing <br> - Use the [Skype for Business deployment advisor](/MicrosoftTeams/faq-journey) to get customized set up guidance | | **File storage & sharing** <br> (OneDrive for Business and SharePoint Online) | - [Set up Microsoft 365 file storage and sharing](https://support.office.com/article/7aa9cdc8-2245-4218-81ee-86fa7c35f1de#BKMK_WhatDif): Learn when you should use OneDrive for Business to store files and when you should use ShharePoint Online team sites <br> - [Set up file storage and sharing](https://support.office.com/article/7aa9cdc8-2245-4218-81ee-86fa7c35f1de#BKMK_MoveDocsVideo): See how easy it is to upload files in OneDrive for Business and your SharePoint team site <br> - [Set up file storage and sharing](https://support.office.com/article/7aa9cdc8-2245-4218-81ee-86fa7c35f1de#BKMK_Store): Get all the steps for uploading files to OneDrive for Business and your team site. Learn tips for file sharing <br> - Use the [OneDrive for Business setup guide](https://aka.ms/OD4Bguidance) to get customized set up guidance |
enterprise Contoso Identity https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/contoso-identity.md
Here's the server running Azure AD Connect polling the Contoso AD DS forest for
## Conditional Access policies for identity and device access
-Contoso created a set of Azure AD and Intune [Conditional Access policies](../security/office-365-security/identity-access-policies.md) for three protection levels:
+Contoso created a set of Azure AD and Intune [Conditional Access policies](../security/defender-365-security/identity-access-policies.md) for three protection levels:
- *Baseline* protections apply to all user accounts. - *Sensitive* protections apply to senior leadership and executive staff.
enterprise Contoso Info Protect https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/contoso-info-protect.md
Contoso followed these steps to prepare Microsoft 365 for enterprise for their i
As part of their rollout of Exchange Online and SharePoint, Contoso configured the following set of Conditional Access policies and applied them to the appropriate groups: -- [Managed and unmanaged application access on devices policies](../security/office-365-security/identity-access-policies.md)-- [Exchange Online access policies](../security/office-365-security/secure-email-recommended-policies.md)-- [SharePoint access policies](../security/office-365-security/sharepoint-file-access-policies.md)
+- [Managed and unmanaged application access on devices policies](../security/defender-365-security/identity-access-policies.md)
+- [Exchange Online access policies](../security/defender-365-security/secure-email-recommended-policies.md)
+- [SharePoint access policies](../security/defender-365-security/sharepoint-file-access-policies.md)
Here's resulting set of Contoso policies for information protection.
Learn how Contoso uses the [security features across Microsoft 365 for enterpris
## See also
-[Security roadmap](../security/office-365-security/security-roadmap.md)
+[Security roadmap](../security/defender-365-security/security-roadmap.md)
[Microsoft 365 for enterprise overview](microsoft-365-overview.md)
enterprise Contoso Security Summary https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/contoso-security-summary.md
To follow security best practices and Microsoft 365 for enterprise deployment re
- Safer device and application access with Conditional Access policies
- Contoso is using [Conditional Access policies](../security/office-365-security/microsoft-365-policies-configurations.md) for identity, devices, Exchange Online, and SharePoint. Identity Conditional Access policies include requiring password changes for high-risk users and blocking clients from using apps that don't support modern authentication. Device policies include the definition of approved apps and requiring compliant PCs and mobile devices. Exchange Online Conditional Access policies include blocking ActiveSync clients and setting up Office 365 message encryption. SharePoint Conditional Access policies include additional protection for sensitive and highly regulated sites.
+ Contoso is using [Conditional Access policies](../security/defender-365-security/microsoft-365-policies-configurations.md) for identity, devices, Exchange Online, and SharePoint. Identity Conditional Access policies include requiring password changes for high-risk users and blocking clients from using apps that don't support modern authentication. Device policies include the definition of approved apps and requiring compliant PCs and mobile devices. Exchange Online Conditional Access policies include blocking ActiveSync clients and setting up Office 365 message encryption. SharePoint Conditional Access policies include additional protection for sensitive and highly regulated sites.
- Windows Hello for Business
enterprise Desktop Deployment Center Home https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/desktop-deployment-center-home.md
Use these resources to deploy modern desktops:
- [Windows 10 deployment](/windows/deployment/) - [Deploy Microsoft 365 Apps](/deployoffice/deployment-guide-microsoft-365-apps) - [Microsoft Intune](/mem/intune/fundamentals/planning-guide)-- [Identity and device access policies](../security/office-365-security/microsoft-365-policies-configurations.md)
+- [Identity and device access policies](../security/defender-365-security/microsoft-365-policies-configurations.md)
You can also view the [Desktop Deployment series videos from Microsoft Mechanics](https://www.aka.ms/watchhowtoshift).
enterprise Device Management Roadmap Microsoft 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/device-management-roadmap-microsoft-365.md
Based on your assessment, get started managing your devices with:
## Identity and device access recommendations
-Microsoft provides a set of recommendations for [identity and device access](../security/office-365-security/microsoft-365-policies-configurations.md) to ensure a secure and productive workforce. For device access, use the recommendations and settings in these articles:
+Microsoft provides a set of recommendations for [identity and device access](../security/defender-365-security/microsoft-365-policies-configurations.md) to ensure a secure and productive workforce. For device access, use the recommendations and settings in these articles:
-- [Prerequisites](../security/office-365-security/identity-access-prerequisites.md)-- [Common identity and device access policies](../security/office-365-security/identity-access-policies.md)
+- [Prerequisites](../security/defender-365-security/identity-access-prerequisites.md)
+- [Common identity and device access policies](../security/defender-365-security/identity-access-policies.md)
## How Contoso did device management for Microsoft 365
enterprise External Domain Name System Records https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/external-domain-name-system-records.md
There are specific steps to take when you use [Office 365 URLs and IP address r
<a name="BKMK_SPFrecords"> </a> > [!IMPORTANT]
-> SPF is designed to help prevent spoofing, but there are spoofing techniques that SPF cannot protect against. In order to protect against these, once you have set up SPF, you should also configure DKIM and DMARC for Office 365. To get started, see [Use DKIM to validate outbound email sent from your domain in Office 365](../security/office-365-security/use-dkim-to-validate-outbound-email.md). Next, see [Use DMARC to validate email in Office 365](../security/office-365-security/use-dmarc-to-validate-email.md).
+> SPF is designed to help prevent spoofing, but there are spoofing techniques that SPF cannot protect against. In order to protect against these, once you have set up SPF, you should also configure DKIM and DMARC for Office 365. To get started, see [Use DKIM to validate outbound email sent from your domain in Office 365](../security/defender-365-security/use-dkim-to-validate-outbound-email.md). Next, see [Use DMARC to validate email in Office 365](../security/defender-365-security/use-dmarc-to-validate-email.md).
SPF records are TXT records that help to prevent other people from using your domain to send spam or other malicious email. Sender policy framework (SPF) records work by identifying the servers that are authorized to send email from your domain.
An email system that receives an email from your domain looks at the SPF record,
For scenarios where you're not just using Exchange Online email for Office 365 (for example, when you use email originating from SharePoint Online as well), use the following table to determine what to include in the value of the record. > [!NOTE]
-> If you have a complicated scenario that includes, for example, edge email servers for managing email traffic across your firewall, you'll have a more detailed SPF record to set up. Learn how: [Set up SPF records in Office 365 to help prevent spoofing](../security/office-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing.md). You can also learn much more about how SPF works with Office 365 by reading [How Office 365 uses Sender Policy Framework (SPF) to help prevent spoofing](../security/office-365-security/how-office-365-uses-spf-to-prevent-spoofing.md).
+> If you have a complicated scenario that includes, for example, edge email servers for managing email traffic across your firewall, you'll have a more detailed SPF record to set up. Learn how: [Set up SPF records in Office 365 to help prevent spoofing](../security/defender-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing.md). You can also learn much more about how SPF works with Office 365 by reading [How Office 365 uses Sender Policy Framework (SPF) to help prevent spoofing](../security/defender-365-security/how-office-365-uses-spf-to-prevent-spoofing.md).
| Number|If you're using… <br/> |Purpose <br/> |Add these includes <br/> | |:--|:--|:--|:--|
TXT Name @
Values: v=spf1 include:spf.protection.outlook.com include:mail.contoso.com -all ```
-These are some common examples that can help you adapt your existing SPF record when you add your domain to Office 365 for email. If you have a complicated scenario that includes, for example, edge email servers for managing email traffic across your firewall, you'll have a more detailed SPF record to set up. Learn how: [Set up SPF records in Office 365 to help prevent spoofing](../security/office-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing.md).
+These are some common examples that can help you adapt your existing SPF record when you add your domain to Office 365 for email. If you have a complicated scenario that includes, for example, edge email servers for managing email traffic across your firewall, you'll have a more detailed SPF record to set up. Learn how: [Set up SPF records in Office 365 to help prevent spoofing](../security/defender-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing.md).
Here's a short link you can use to come back: [https://aka.ms/o365edns]()
enterprise Identity Device Access M365 Test Environment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/identity-device-access-m365-test-environment.md
description: Create a Microsoft 365 environment to test identity and device acce
*This Test Lab Guide can only be used for Microsoft 365 for enterprise test environments.*
-[Identity and device access configurations](../security/office-365-security/microsoft-365-policies-configurations.md) are a set of recommended configurations and conditional access policies to protect access to all services that are integrated with Azure Active Directory (Azure AD).
+[Identity and device access configurations](../security/defender-365-security/microsoft-365-policies-configurations.md) are a set of recommended configurations and conditional access policies to protect access to all services that are integrated with Azure Active Directory (Azure AD).
To create a test environment that has the common identity and device access configurations in place:
To create a test environment that has the common identity and device access conf
- [Password hash synchronization (PHS)](phs-prereqs-m365-test-environment.md) - [Pass-through authentication (PTA)](pta-prereqs-m365-test-environment.md)
-2. Use [Common identity and device access policies](../security/office-365-security/identity-access-policies.md) to configure the policies that build on the prerequisites configured for your test environment and explore and verify protection for identities and devices.
+2. Use [Common identity and device access policies](../security/defender-365-security/identity-access-policies.md) to configure the policies that build on the prerequisites configured for your test environment and explore and verify protection for identities and devices.
## See also
To create a test environment that has the common identity and device access conf
[Microsoft 365 for enterprise overview](microsoft-365-overview.md)
-[Microsoft 365 for enterprise documentation](/microsoft-365-enterprise/)
+[Microsoft 365 for enterprise documentation](/microsoft-365-enterprise/)
enterprise Identity Roadmap Microsoft 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/identity-roadmap-microsoft-365.md
To deploy your identity implementation:
### Identity and device access recommendations
-To help ensure a secure and productive workforce, Microsoft provides a set of recommendations for [identity and device access](../security/office-365-security/microsoft-365-policies-configurations.md). For identity, use the recommendations and settings in these articles:
+To help ensure a secure and productive workforce, Microsoft provides a set of recommendations for [identity and device access](../security/defender-365-security/microsoft-365-policies-configurations.md). For identity, use the recommendations and settings in these articles:
-- [Prerequisites](../security/office-365-security/identity-access-prerequisites.md)-- [Common identity and device access policies](../security/office-365-security/identity-access-policies.md)
+- [Prerequisites](../security/defender-365-security/identity-access-prerequisites.md)
+- [Common identity and device access policies](../security/defender-365-security/identity-access-policies.md)
## Manage
enterprise Implementing Expressroute https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/implementing-expressroute.md
Your implementation plan should encompass both the technical details of configur
- Decide how far ExpressRoute routes will be advertised into your network and what is the mechanism for clients to select Internet or ExpressRoute path; for example, direct routing or application proxy. -- Plan DNS record changes, including [Sender Policy Framework](../security/office-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing.md) entries.
+- Plan DNS record changes, including [Sender Policy Framework](../security/defender-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing.md) entries.
- Plan NAT strategy including outbound and inbound source NAT.
enterprise Increased O365 Security Microsoft 365 Enterprise Dev Test Environment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/increased-o365-security-microsoft-365-enterprise-dev-test-environment.md
In this phase, you enable increased Microsoft 365 security for your Microsoft 36
### Configure SharePoint Online to block apps that don't support modern authentication
-Apps that do not support modern authentication cannot have [identity and device access configurations](../security/office-365-security/microsoft-365-policies-configurations.md) applied to them, which is an important element of securing your Microsoft 365 subscription and its digital assets.
+Apps that do not support modern authentication cannot have [identity and device access configurations](../security/defender-365-security/microsoft-365-policies-configurations.md) applied to them, which is an important element of securing your Microsoft 365 subscription and its digital assets.
1. Go to the Microsoft 365 admin center ([https://portal.microsoft.com](https://portal.microsoft.com)) and sign in to your Microsoft 365 test lab subscription with your global administrator account.
Defender for Office 365 for SharePoint, OneDrive, and Microsoft Teams protects y
Malware is comprised of viruses and spyware. Viruses infect other programs and data, and they spread throughout your computer looking for programs to infect. Spyware refers to malware that gathers your personal information, such as sign-in information and personal data, and sends it back to the malware author.
-Microsoft 365 has built-in malware and spam filtering capabilities that help protect inbound and outbound messages from malicious software and help protect you from spam. For more information, see [Anti-spam & anti-malware protection](../security/office-365-security/anti-spam-and-anti-malware-protection.md).
+Microsoft 365 has built-in malware and spam filtering capabilities that help protect inbound and outbound messages from malicious software and help protect you from spam. For more information, see [Anti-spam & anti-malware protection](../security/defender-365-security/anti-spam-and-anti-malware-protection.md).
To ensure that anti-malware processing is being performed on files with common attachment file types:
To see the security dashboard:
Take a close look at all the cards on the dashboard to familiarize yourself with the information provided.
-For more information, see [Security Dashboard](../security/office-365-security/security-dashboard.md).
+For more information, see [Security Dashboard](../security/defender-365-security/security-dashboard.md).
## Phase 4: Examine Microsoft Secure Score
Microsoft Secure Score shows your security posture as a number, which indicates
2. On the **Overview** tab, note your current Secure Score and how it compares with the global average and subscriptions with a similar number of licenses. 3. On the **Improvement actions** tab, read through the list of actions you can take to increase your score.
-For more information, see [Microsoft Secure Score](../security/mtp/microsoft-secure-score.md).
+For more information, see [Microsoft Secure Score](../security/defender/microsoft-secure-score.md).
## Next steps
enterprise Microsoft 365 Secure Sign In https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-secure-sign-in.md
There are three ways to require your administrators or users to use MFA based on
||| |All Microsoft 365 plans (without Azure AD Premium P1 or P2 licenses) |[Enable Security defaults in Azure AD](/azure/active-directory/fundamentals/concept-fundamentals-security-defaults). Security defaults in Azure AD include MFA for users and administrators. | |Microsoft 365 E3 (includes Azure AD Premium P1 licenses) | Use [Common Conditional Access policies](/azure/active-directory/conditional-access/concept-conditional-access-policy-common) to configure the following policies: <br>- [Require MFA for administrators](/azure/active-directory/conditional-access/howto-conditional-access-policy-admin-mfa) <br>- [Require MFA for all users](/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa) <br> - [Block legacy authentication](/azure/active-directory/conditional-access/howto-conditional-access-policy-block-legacy) |
-|Microsoft 365 E5 (includes Azure AD Premium P2 licenses) | Taking advantage of Azure AD Identity Protection, begin to implement Microsoft's [recommended set of conditional access and related policies](../security/office-365-security/identity-access-policies.md) by creating these two policies:<br> - [Require MFA when sign-in risk is medium or high](../security/office-365-security/identity-access-policies.md#require-mfa-based-on-sign-in-risk) <br>- [High risk users must change password](../security/office-365-security/identity-access-policies.md#high-risk-users-must-change-password) |
+|Microsoft 365 E5 (includes Azure AD Premium P2 licenses) | Taking advantage of Azure AD Identity Protection, begin to implement Microsoft's [recommended set of conditional access and related policies](../security/defender-365-security/identity-access-policies.md) by creating these two policies:<br> - [Require MFA when sign-in risk is medium or high](../security/defender-365-security/identity-access-policies.md#require-mfa-based-on-sign-in-risk) <br>- [High risk users must change password](../security/defender-365-security/identity-access-policies.md#high-risk-users-must-change-password) |
| | | ### Security defaults
Identity and device access policies are defined to be used in three tiers:
These tiers and their corresponding configurations provide consistent levels of protection across your data, identities, and devices.
-Microsoft highly recommends configuring and rolling out identity and device access policies in your organization, including specific settings for Microsoft Teams, Exchange Online, and SharePoint. For more information, see [Identity and device access configurations](../security/office-365-security/microsoft-365-policies-configurations.md).
+Microsoft highly recommends configuring and rolling out identity and device access policies in your organization, including specific settings for Microsoft Teams, Exchange Online, and SharePoint. For more information, see [Identity and device access configurations](../security/defender-365-security/microsoft-365-policies-configurations.md).
## Azure AD Identity Protection
See the [steps to enable Azure AD Identity Protection](/azure/active-directory/a
- [Identity roadmap for Microsoft 365](identity-roadmap-microsoft-365.md) - [Azure Academy Azure AD training videos](https://www.youtube.com/watch?v=pN8o0owHfI0&list=PL-V4YVm6AmwUFpC3rXr2i2piRQ708q_ia) - [Configure the Azure AD Multi-Factor Authentication registration policy](/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy)-- [Identity and device access configurations](../security/office-365-security/microsoft-365-policies-configurations.md)
+- [Identity and device access configurations](../security/defender-365-security/microsoft-365-policies-configurations.md)
## Next step
enterprise Microsoft 365 Vpn Implement Split Tunnel https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-vpn-implement-split-tunnel.md
We can then trigger policy such as approve, trigger MFA or block authentication
### How do I protect against viruses and malware?
-Again, Office 365 provides protection for the Optimize marked endpoints in various layers in the service itself, [outlined in this document](/office365/Enterprise/office-365-malware-and-ransomware-protection). As noted, it is vastly more efficient to provide these security elements in the service itself rather than try and do it in line with devices that may not fully understand the protocols/traffic.By default, SharePoint Online [automatically scans file uploads](../security/office-365-security/virus-detection-in-spo.md) for known malware
+Again, Office 365 provides protection for the Optimize marked endpoints in various layers in the service itself, [outlined in this document](/office365/Enterprise/office-365-malware-and-ransomware-protection). As noted, it is vastly more efficient to provide these security elements in the service itself rather than try and do it in line with devices that may not fully understand the protocols/traffic.By default, SharePoint Online [automatically scans file uploads](../security/defender-365-security/virus-detection-in-spo.md) for known malware
For the Exchange endpoints listed above, [Exchange Online Protection](/office365/servicedescriptions/exchange-online-protection-service-description/exchange-online-protection-service-description) and [Microsoft Defender for Office 365](/office365/servicedescriptions/office-365-advanced-threat-protection-service-description) do an excellent job of providing security of the traffic to the service.
enterprise Ms Cloud Germany Transition Add Adfs https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/ms-cloud-germany-transition-add-adfs.md
Once you have completed and tested the AD FS backup, perform the following steps
8. For AD FS 2012: On the **Choose Issuance Authorization Rules**, keep **Permit all users to access this relying party** selected and click **Next**.
-8. For AD FS 2016 and AD FS 2019: On the **Choose Access Control Policy** page, select the appropriate access control policy and click **Next**. If none is chosen, the Relying Party Trust will **NOT** work.
+9. For AD FS 2016 and AD FS 2019: On the **Choose Access Control Policy** page, select the appropriate access control policy and click **Next**. If none is chosen, the Relying Party Trust will **NOT** work.
-9. Click **Next** on the **Ready to Add Trust** page to complete the wizard.
+10. Click **Next** on the **Ready to Add Trust** page to complete the wizard.
-10. Click **Close** on the **Finish** page.
+11. Click **Close** on the **Finish** page.
By closing the wizard, the Relying Party Trust with the Office 365 Global service is established. However, no Issuance Transform rules are configured yet.
You can use [AD FS Help](https://adfshelp.microsoft.com/AadTrustClaims/ClaimsGen
1. Run **Generate Claims** on [AD FS Help](https://adfshelp.microsoft.com/AadTrustClaims/ClaimsGenerator) and copy the PowerShell script using the **Copy** option on the right upper corner of the script.
-2. Follow the steps outlined at [AD FS Help](https://adfshelp.microsoft.com/AadTrustClaims/ClaimsGenerator) on how to run the PowerShell script in your AD FS farm to generate the global Relying Party Trust.
+2. Follow the steps outlined at [AD FS Help](https://adfshelp.microsoft.com/AadTrustClaims/ClaimsGenerator) on how to run the PowerShell script in your AD FS farm to generate the global Relying Party Trust. Before you run the script, replace the following code lines in the generated script as outlined below:
+
+ ```powershell
+ # AD FS Help generated value
+ $claims = Get-AdfsRelyingPartyTrust -Identifier $(Get-RpIdentifier) | Select-Object IssuanceTransformRules;
+ # replace with
+ $claims = Get-AdfsRelyingPartyTrust -Identifier urn:federation:MicrosoftOnline | Select-Object IssuanceTransformRules;
+
+ # AD FS Help generated value
+ Set-AdfsRelyingPartyTrust -TargetIdentifier $(Get-RpIdentifier) -IssuanceTransformRules $RuleSet.ClaimRulesString;
+ # replace with
+ Set-AdfsRelyingPartyTrust -TargetIdentifier urn:federation:MicrosoftOnline -IssuanceTransformRules $RuleSet.ClaimRulesString;
+ ```
3. Verify that two Relying PartyTtrusts are present; one for Microsoft Cloud Deutschland and one for the Office 365 Global service. The following command can be leveraged for the check. It should return two rows and the respective names and identifiers.
You can use [AD FS Help](https://adfshelp.microsoft.com/AadTrustClaims/ClaimsGen
5. While your tenant is in migration, regularly verify that AD FS authentication is working with Microsoft Cloud Deutschland and Microsoft Global cloud in the various supported migration steps. - ## AD FS Disaster Recovery (WID Database) - To restore the AD FS farm in a disaster [AD FS Rapid Restore Tool](/windows-server/identity/ad-fs/operations/ad-fs-rapid-restore-tool) needs to be leveraged. Therefore, the tool must be downloaded and before the start of the migration a backup must be created and safely stored. In this example, the following commands have been run to back up a farm running on a WID database: <h2 id="backup"></h2>
To restore the AD FS farm in a disaster [AD FS Rapid Restore Tool](/windows-serv
4. Store the backup safely on a desired destination. - ### Restore an AD FS Farm If your farm failed completely and there is no way to return to the old farm, do the following.
If your farm failed completely and there is no way to return to the old farm, do
3. Point your new DNS records or load balancer to the new AD FS servers. - ## More information Getting started:
Cloud apps:
- [Dynamics 365 migration program information](/dynamics365/get-started/migrate-data-german-region) - [Power BI migration program information](/power-bi/admin/service-admin-migrate-data-germany)-- [Getting started with your Microsoft Teams upgrade](/microsoftteams/upgrade-start-here)
+- [Getting started with your Microsoft Teams upgrade](/microsoftteams/upgrade-start-here)
enterprise Ms Cloud Germany Transition Add Experience https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/ms-cloud-germany-transition-add-experience.md
description: "Summary: Additional customer experience information when moving from Microsoft Cloud Germany (Microsoft Cloud Deutschland) to Office 365 services in the new German datacenter region."
-# Migration phases actions and impacts for the migration from Microsoft Cloud Deutschland (advanced)
+# Migration phases actions and impacts for the migration from Microsoft Cloud Deutschland (advanced)
Tenant migrations from Microsoft Cloud Deutschland to the Germany region of Microsoft's Office 365 services are executed as a set of phases and their configured actions for each workload. This figure shows the nine phases of migration to the new German datacenters.
Tenant migrations from Microsoft Cloud Deutschland to the Germany region of Micr
The following sections provide additional information on customer experiences when moving from Microsoft Cloud Germany (Microsoft Cloud Deutschland) to Office 365 services in the new German datacenter region.
-## Office 365 Portal Services
+## Office 365 Portal Services between phase 2 and phase 3
-Between Phase 2 of 9 and Phase 3 of 9, Partner Portal may not be accessible. During this time, Partner may not be able to access the tenants information on the Partner Portal. Since each migration is different, the duration of in-accessibility could be in hours.
+Between Phase 2 and phase 3, Partner Portal may not be accessible. During this time, Partner may not be able to access the tenant's information on the Partner Portal. Since each migration is different, the duration of in-accessibility could be in hours.
-### Prework for Azure AD (Phase 2)
-
-| Step(s) | Description | Applies to | Impact |
-|:-|:--|:-|:-|
-| Azure AD tenant in Microsoft Cloud Deutschland copied to Office 365 Services. | Azure AD copies the tenant to Office 365 services. Tenant and user identifiers are preserved. Azure AD service calls are redirected from Microsoft Cloud Deutschland to Office 365 services and are transparent to services. | All Office customers | - General Data Protection Regulation (GDPR) Data Subject Requests (DSRs) are executed from the Azure Admin portal for future requests. Any legacy or non-customer diagnostic data that is resident in Microsoft Cloud Deutschland is deleted at or before 30 days elapse. <br><br> - Customers who use federated authentications with Active Directory Federation Services (AD FS) shouldn't make changes to issuer URIs that are used for all authentications with on-premises Active Directory during migration. Changing issuer URIs will lead to authentication failures for users in the domain. Issuer URIs can be changed directly in AD FS or when a domain is converted from _managed_ to _federated_ and vice-versa. We recommend that customers do not add, remove, or convert a federated domain in the Azure AD tenant that has been migrated. Issuer URIs can be changed after the migration is fully complete. <br><br> - Multi-factor authentication (MFA) requests that use Microsoft Authenticator display as the user ObjectID (a GUID) while the tenant is copied to Office 365 services. MFA requests will perform as expected despite this display behavior. Microsoft Authenticator accounts that were activated by using Office 365 services endpoints will display the user principal name (UPN). Accounts added by using Microsoft Cloud Deutschland endpoints will display the user ObjectID but will work with both Microsoft Cloud Deutschland and Office 365 services endpoints. |
-| Migration of Azure resources. | Customers who use Office 365 and Azure resources (for example, networking, compute, and storage) will perform the migration of resources to the Office 365 services instance. This migration is a responsibility for customers. Message Center posts will signal the start. Migration must be completed before finalization of the Azure AD organization in the Office 365 services environment. | Azure Customers | For Azure migrations, see the Azure migration playbook, [Overview of migration guidance for Azure Germany](/azure/germany/germany-migration-main). |
-|||||
-
-### Exchange Online before phase 5
+### eDiscovery phase 4 to the end of phase 9
-**Applies to:** All customers using an Exchange Hybrid Configuration with Exchange servers on premises
+**Applies to:** All customers using eDiscovery
| Step(s) | Description | Impact | |:-|:-|:-|
-| Establish AuthServer on-premises pointing to global STS service. | This ensures that requests from users who migrate to Microsoft Cloud Deutschland for Exchange availability requests that target the hybrid on-premises environment are authenticated to access the on-premises service. Similarly this will ensure authentication of requests from on-premises to Office 365 services endpoints. | After Azure AD migration is complete, the administrator of the on-premises Exchange (hybrid) topology must add a new authentication service endpoint for the Office 365 services. With this command from Exchange PowerShell, replace `<TenantID>` with your organization's tenant ID (found in Azure portal on **Azure Active Directory**).<br><br>`New-AuthServer GlobalMicrosoftSts -AuthMetadataUrl https://accounts.accesscontrol.windows.net/<TenantId>/metadata/json/1` <br> <br> Failing to complete this task may result in hybrid free-busy requests failing to provide information for mailbox users who have been migrated from Microsoft Cloud Deutschland to Office 365 services. |
-|Stop or delete any onboarding or offboarding mailbox moves, namely don't move mailboxes between Exchange on premises and Exchange Online | This ensures the mailbox move requests don't fail with an error. | Failure to do so may result in failure of the service or of software clients. |
+| From the beginning of phase 4 until phase 9 is completed, eDiscovery searches will fail or return 0 results for SharePoint Online, OneDrive for Business, and Exchange Online locations that have been migrated. | During migration, customers can continue to create cases, holds, searches, and exports in the [Security & Compliance Center](https://docs.microsoft.com/microsoft-365/compliance/manage-legal-investigations), including [Content Search](https://docs.microsoft.com/microsoft-365/compliance/search-for-content). However, searches against SharePoint Online, OneDrive for Business, and Exchange Online locations that have been migrated will either return 0 results or produce an error. For remediation, see the _Impact_ column. | In the event that a search returns zero results or an error during migration, please take the following action for SharePoint Online: <ul><li>Download sites directly from the SharePoint Online or OneDrive for Business site by following the instructions in [Download files and folders from OneDrive or SharePoint](https://support.office.com/article/download-files-and-folders-from-onedrive-or-sharepoint-5c7397b7-19c7-4893-84fe-d02e8fa5df05). This method will require SharePoint Online administrator permissions or read-only permissions on the site.</li><li>If limits are exceeded, as explained in [Download files and folders from OneDrive or SharePoint](https://support.office.com/article/download-files-and-folders-from-onedrive-or-sharepoint-5c7397b7-19c7-4893-84fe-d02e8fa5df05), customers can use the OneDrive for Business sync client by following the guidance in [Sync SharePoint and Teams files with your computer](https://support.office.com/article/sync-sharepoint-files-with-the-new-onedrive-sync-app-6de9ede8-5b6e-4503-80b2-6190f3354a88).</li><li>For more information, see [In-Place eDiscovery in Exchange Server](https://docs.microsoft.com/Exchange/policy-and-compliance/ediscovery/ediscovery) |
||||
-<!--
- Question from ckinder
- Not clear if this has to be done before, during or after phase 5
>
+## Exchange Online Set-UserPhoto during phase 5
**Applies to:** All customers storing user photos in Exchange Online and are using **Set-UserPhoto**:
Between Phase 2 of 9 and Phase 3 of 9, Partner Portal may not be accessible. Dur
| The new region "Germany" is added to an existing Exchange Online organization setup, and mailboxes are moved to Office 365 services. | Exchange Online configuration adds the new go-local German region to the transitioning organization. This Office 365 services region is set as default, which enables the internal load-balancing service to redistribute mailboxes to the appropriate default region in Office 365 services. In this transition, users on either side (Germany or Office 365 services) are in the same organization and can use either URL endpoint. | If a user mailbox has been migrated but an administrator mailbox hasn't been migrated, or vice-versa, administrators won't be able to run **Set-UserPhoto**, a PowerShell cmdlet. In this situation, an admin must pass an additional string in `ConnectionUri` during connection set up by using the following syntax: <br> `https://outlook.office.de/PowerShell-LiveID?email=<user_email>` <br> where `<user_email>` is the placeholder for the email-ID of the user whose photo needs to be changed by using **Set-UserPhoto**. | ||||
-## During migration
-
-### SharePoint Online phase 4
-
-**Applies to:** All customers using eDiscovery
-
-| Step(s) | Description | Impact |
-|:-|:-|:-|
-| SharePoint and OneDrive are transitioned. | SharePoint and OneDrive are migrated from Microsoft Cloud Deutschland to Office 365 Global services in phase 4. Existing Microsoft Cloud Deutschland URLs are preserved (`contoso.sharepoint.de`). Tokens issued by Microsoft Cloud Deutschland or Office 365 services are valid during the transition. | Inflight SharePoint 2013 workflows will be broken during migration and must be republished after migration. |
-||||
-
-### eDiscovery phase 4 to the end of phase 9
-
-**Applies to:** All customers using eDiscovery
-
-| Step(s) | Description | Impact |
-|:-|:-|:-|
-| From the beginning of phase 4 until phase 9 is completed, eDiscovery searches will fail or return 0 results for SharePoint Online, OneDrive for Business, and Exchange Online locations that have been migrated. | During migration, customers can continue to create cases, holds, searches, and exports in the [Security & Compliance Center](../compliance/manage-legal-investigations.md), including [Content Search](../compliance/search-for-content.md). However, searches against SharePoint Online, OneDrive for Business, and Exchange Online locations that have been migrated will either return 0 results or produce an error. For remediation, see the _Impact_ column. | In the event that a search returns zero results or an error during migration, please take the following action for SharePoint Online: <ul><li>Download sites directly from SharePoint Online/ OneDrive for Business site by following the instructions in [Download files and folders from OneDrive or SharePoint](https://support.office.com/article/download-files-and-folders-from-onedrive-or-sharepoint-5c7397b7-19c7-4893-84fe-d02e8fa5df05). This method will require SharePoint Online administrator permissions or read-only permissions on the site.</li><li>If limits are exceeded, as explained in [Download files and folders from OneDrive or SharePoint](https://support.office.com/article/download-files-and-folders-from-onedrive-or-sharepoint-5c7397b7-19c7-4893-84fe-d02e8fa5df05), customers can use the OneDrive for Business sync client by following the guidance in [Sync SharePoint and Teams files with your computer](https://support.office.com/article/sync-sharepoint-files-with-the-new-onedrive-sync-app-6de9ede8-5b6e-4503-80b2-6190f3354a88).</li><li>For more information see [In-Place eDiscovery in Exchange Server](/Exchange/policy-and-compliance/ediscovery/ediscovery) |
-||||
- ## Post-migration ### Azure AD phase 9
Between Phase 2 of 9 and Phase 3 of 9, Partner Portal may not be accessible. Dur
| Step(s) | Description | Impact | |:-|:-|:-|
-| Remove relying party trusts from Microsoft Cloud Deutschland AD FS. | After the cut over to Azure AD is complete, the organization is fully using Office 365 services and is no longer connected to Microsoft Cloud Deutschland. At this point, the customer needs to remove the relying party trust to the Microsoft Cloud Deutschland endpoints. This can only be done when no applications of the customer point to Microsoft Cloud Deutschland endpoints when Azure AD is leveraged as an Identity Provider (IdP). | Federated Authentication organizations | None. |
-|||||
+| Remove relying party trusts from Microsoft Cloud Deutschland AD FS. | After the cut-over to Azure AD is complete, the organization is fully using Office 365 services and is no longer connected to Microsoft Cloud Deutschland. At this point, the customer needs to remove the relying party trust to the Microsoft Cloud Deutschland endpoints. This can only be done when none of the customer's applications points to Microsoft Cloud Deutschland endpoints when Azure AD is leveraged as an Identity Provider (IdP). | Federated Authentication organizations | None. |
+||||
<!-- Question from ckinder The following paragraph is not clear -->
-For Azure AD:
+**Applies to:** End-users whose Azure AD group approval requests weren't approved in the last 30 days before migration
-| Step(s) | Description | Applies to | Impact |
-|:-|:--|:-|:-|
-| Requests to join an Azure AD group in the last 30 days before migration will need to be requested again if the original request wasn't approved. | End-user customers will need to use the Access panel to submit request to join an Azure AD group again if those requests weren't approved in the last 30 days before the migration. | End users whose Azure AD group approval requests weren't approved in last 30 days before migration | As an end user: <ol><li>Navigate to [Access panel](https://account.activedirectory.windowsazure.com/r#/joinGroups).</li><li>Find an Azure AD group for which membership approval was pending in 30 days before migration.</li><li>Request to join the Azure AD group again.</li></ol> Requests to join a group that are active less than 30 days before migration cannot be approved, unless they're re-requested after migration. |
-|||||
+| Step(s) | Description | Impact |
+|:-|:-|:-|
+| Requests to join an Azure AD group in the last 30 days before migration will need to be requested again if the original request wasn't approved. | End-user customers will need to use the Access panel to submit a request to join an Azure AD group again if those requests weren't approved in the last 30 days before the migration. | As an end-user: <ol><li>Navigate to [Access panel](https://account.activedirectory.windowsazure.com/r#/joinGroups).</li><li>Find an Azure AD group for which membership approval was pending during the 30 days before migration.</li><li>Request to join the Azure AD group again.</li></ol> Requests to join a group that are active less than 30 days before migration cannot be approved, unless they're requested again after migration. |
+||||
<!-- Question from ckinder
For Azure AD:
--> **Applies to:** All customer managing their own DNS zones
-| Step(s) | Description | Applies to | Impact |
-|:-|:--|:-|:-|
+| Step(s) | Description | Impact |
+|:|:-|:-|
| Update on-premises DNS services for Office 365 services endpoints. | Customer-managed DNS entries that point to Microsoft Cloud Deutschland need to be updated to point to the Office 365 Global services endpoints. | Failure to do so may result in failure of the service or of software clients. | ||||
-For third-party services for Office 365 services endpoints:
+**Applies to:** Customers using third-party services for Office 365 services endpoints
| Step(s) | Description | Impact | |:-|:-|:-|
For third-party services for Office 365 services endpoints:
### SharePoint Online post migration
-| Step(s) | Description | Applies to | Impact |
-|:-|:--|:-|:-|
+| Step(s) | Description | Impact |
+|:-|:-|:-|
| Republish SharePoint 2013 workflows. | In the pre-migration work, we reduced the number of SharePoint 2013 workflows. Now with migration complete, the customer can republish the workflows. | This is a required action. Failure to do so may result in user confusion and help desk calls. | | Share items via Outlook | Sharing items in SharePoint Online and OneDrive for Business via Outlook no longer works after tenant cutover. |<ul><li>In SharePoint Online and OneDrive for Business, you can share items via Outlook. After pressing the Outlook button, a shareable link is created and pushed into a new message in the Outlook Web App.</li><li>After tenant cutover, this method of sharing won't work. We recognize this is a known issue. However, since this Outlook feature is in the path of deprecation, fixing the issue is not planned until the deprecation is rolled out. </li></ul>| ||||
If you're using a hybrid Exchange configuration:
### eDiscovery post migration
-| Step(s) | Description | Applies to | Impact |
-|:-|:--|:-|:-|
-| All SharePoint Online, OneDrive for Business, and Exchange Online locations have been migrated along with Security and Compliance Center (SCC). | All eDiscovery activity should be run from the worldwide tenant. Searches will now be 100% successful. Any failures or errors should follow normal support channels. | All customers who use eDiscovery | None. |
-| Remove organization-wide retention policies that were created during pre-migration steps | Customers can remove the organization-wide retention policies that were created during the customers' pre-migration work. | All customers who applied a retention policy as part of pre-migration steps. | None. |
-|||||
+**Applies to:** All customers who use eDiscovery
+
+| Step(s) | Description | Impact |
+|:-|:-|:-|
+| All SharePoint Online, OneDrive for Business, and Exchange Online locations have been migrated along with Security and Compliance Center (SCC). | All eDiscovery activity should be run from the worldwide tenant. Searches will now be 100% successful. Any failures or errors should follow normal support channels. | None |
+||||
+
+**Applies to:** All customers who applied a retention policy as part of pre-migration steps
+
+| Step(s) | Description | Impact |
+|:-|:-|:-|
+| Remove organization-wide retention policies that were created during pre-migration steps | Customers can remove the organization-wide retention policies that were created during the customers' pre-migration work. | None |
+||||
## Next step
enterprise Ms Cloud Germany Transition Add Pre Work https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/ms-cloud-germany-transition-add-pre-work.md
description: "Summary: Pre-work when moving from Microsoft Cloud Germany (Micros
Use these links to get to the pre-work steps relevant to your organization: -- For all customers using Office 365 in Microsoft Cloud Deutschland, do [these steps](#applies-to-everyone).-- If you're using Exchange Online or Exchange hybrid, do [this step](#exchange-online).-- If you're using SharePoint Online, do [this step](#sharepoint-online).-- If you're using a third-party mobile device management (MDM) solution, do [this step](#mobile).-- If you're using third-party service or line-of-business (LOB) apps that are integrated with Office 365, do [this step](#line-of-business-apps).-- If you're also using Azure services beyond those included with your Office 365 subscription, do [this step](#microsoft-azure).-- If you're also using Dynamics 365, do [this step](#dynamics365).-- If you're also using Power BI, do [this step](#power-bi).-- For DNS changes, do [this step](#dns).-- If you're using federated identity, do [these steps](#federated-identity).-
-## Applies to everyone
+- For **all customers** using Office 365 in Microsoft Cloud Deutschland, do [these steps](#general-tenant-migration-considerations).
+- For **DNS changes**, do [this step](#dns).
+- If you're using **Active Directory Federation Services** on premises, do [these steps](#active-directory-federation-services-ad-fs).
+- If you're using **SharePoint Online**, do [this step](#sharepoint-online).
+- If you're using **Exchange Online** or **Exchange hybrid**, do [this step](#exchange-online).
+- If you 're using **Skype for Business Online**, do [this step](#skype-for-business-online)
+- If you're using a third-party mobile device management (MDM) solution, do [this step](#mobile-device-management).
+- If you're using **third-party services** or **line-of-business (LOB) apps** that are integrated with Office 365, do [this step](#line-of-business-apps).
+- If you're also using **Dynamics 365**, do [this step](#dynamics365).
+- If you're also using **Power BI**, do [this step](#power-bi).
+- If you're also using **Azure services** with your Office 365 subscription, do [this step](#microsoft-azure).
+
+## General tenant migration considerations
+
+**Applies to:** All customers using Office 365 in the Microsoft Deutschland Cloud instance
+
+Office 365 tenant and user identifiers are preserved during migration. Azure AD service calls are redirected from Microsoft Cloud Deutschland to Office 365 Global services and are transparent to Office 365 services.
+
+- General Data Protection Regulation (GDPR) Data Subject Requests (DSRs) are executed from the Azure Admin portal for future requests. Any legacy or non-customer diagnostic data that is resident in Microsoft Cloud Deutschland is deleted at or before 30 days elapse.
+- Multi-factor authentication (MFA) requests that use Microsoft Authenticator display as the user ObjectID (a GUID) while the tenant is copied to Office 365 services. MFA requests will perform as expected despite this display behavior. Microsoft Authenticator accounts that were activated by using Office 365 services endpoints will display the user principal name (UPN). Accounts added by using Microsoft Cloud Deutschland endpoints will display the user ObjectID but will work with both Microsoft Cloud Deutschland and Office 365 services endpoints.
| Step(s) | Description | Impact | |:-|:-|:-| | Prepare to notify users about restarting and signing in to and out of their clients after migration. | Office client licensing will transition from Microsoft Cloud Deutschland to Office 365 services in the migration. Clients pick up a new valid license after signing out of and in to Office clients. | Users' Office products need to refresh licenses from Office 365 services. If licenses aren't refreshed, Office products may experience license validation errors. |
-| Ensure network connectivity to [Office 365 services URLs and IP addresses](./urls-and-ip-address-ranges.md). | All clients and services hosted by the customer that are used to access Office 365 service must be able to access the Office 365 Global services endpoints. <br>In case, you or your collaboration partners have firewall rules in place that would prevent accessing the URLs and IP addresses listed in [Office 365 services URLs and IP addresses](./urls-and-ip-address-ranges.md) must change the firewall rules to permit access to the Office 365 Global service endpoints| Failures of the service or client software can occur if this is not done before Phase 4 |
+| Ensure network connectivity to [Office 365 services URLs and IP addresses](https://aka.ms/o365urls). | All clients and services hosted by the customer that are used to access Office 365 service must be able to access the Office 365 Global services endpoints. <br>In case you or your collaboration partners have firewall rules in place that would prevent accessing the URLs and IP addresses listed in [Office 365 services URLs and IP addresses](https://aka.ms/o365urls) must change the firewall rules to permit access to the Office 365 Global service endpoints| Failures of the service or client software can occur if this is not done before Phase 4 |
| Cancel any trial subscriptions. | Trial subscriptions will not be migrated and will block transfer of paid subscriptions. | Trial services are expired and non-functioning if accessed by users after cancellation. |
-| Analyze differences in license features between Microsoft Cloud Deutschland and Office 365 Services. | Office 365 services include additional features and services not available in the current Microsoft Cloud Deutschland. During subscription transfer, new features will be available to users. | <ul><li> Analyze the different features provided by the licenses for Microsoft Cloud Deutschland and Office 365 Services. Start with the [Office 365 platform Service Description](/office365/servicedescriptions/office-365-platform-service-description/office-365-platform-service-description). </li><li> Determine if any new features of Office 365 services should be initially disabled to limit effects on users or on user change management, and alter user license assignments as needed. </li><li>Prepare users and help desk staff for new services and features provided by Office 365 services. |
-| Create organization-wide [retention policies](../compliance/retention.md) to protect from inadvertent deletion of content during migration. |<ul><li>To ensure that content isn't inadvertently deleted by end users during the migration, customers may choose to enable an organization-wide retention policy. </li><li>Although retention isn't required, since holds placed at anytime during the migration should work as expected, having a retention policy is a back-up safety mechanism. At the same time, a retention policy might not be used by all customers, especially those who are concerned about over preservation.</li></ul>| Apply retention policy as described in [Learn about retention policies and retention labels](../compliance/retention.md). Failures of the service or client software can occur if this is not done before Phase 4 of 9. </li></ul>|
-| Correct license overages | In certain circumstances customers may be able to consume more services than are purchased. This condition is known as a license overage. Microsoft cannot migrate customers in a license overage condition from Microsoft Cloud Deutschland to the German datacenter regions. To ensure continuous access to the service and data, every assigned user requires a license. | All customers | Customers must evaluate and resolve the license overage condition through purchase of additional licenses or by unassigning licenses from users. |
+| Analyze differences in license features between Microsoft Cloud Deutschland and the Office 365 Global Services. | Office 365 services include additional features and services not available in the current Microsoft Cloud Deutschland. During subscription transfer, new features will be available to users. | <ul><li> Analyze the different features provided by the licenses for Microsoft Cloud Deutschland and Office 365 Global Services. Start with the [Office 365 platform Service Description](https://docs.microsoft.com/office365/servicedescriptions/office-365-platform-service-description/office-365-platform-service-description). </li><li> Determine if any new features of Office 365 services should be initially disabled to limit effects on users or on user change management, and alter user license assignments as needed. </li><li>Prepare users and help desk staff for new services and features provided by Office 365 services. |
+| Create organization-wide [retention policies](https://docs.microsoft.com/microsoft-365/compliance/retention) to protect from inadvertent deletion of content during migration. |<ul><li>To ensure that content isn't inadvertently deleted by end users during the migration, customers may choose to enable an organization-wide retention policy. </li><li>Although retention isn't required, since holds placed at anytime during the migration should work as expected, having a retention policy is a back-up safety mechanism. At the same time, a retention policy might not be used by all customers, especially those who are concerned about over preservation.</li></ul>| Apply retention policy as described in [Learn about retention policies and retention labels](https://docs.microsoft.com/microsoft-365/compliance/retention-policies). Failures of the service or client software can occur if this is not done before Phase 4 of 9. </li></ul>|
|||||
+## DNS
+
+<!-- before phase 9 -->
+
+**Applies to**: Customers who set a custom _msoid_ CNAME in their own DNS domain
+
+If configured, the _msoid_ CNAME affects only customers using Office Desktop client (Microsoft 365 Apps, Office 365 ProPlus, Office 2019, 2016, ...).
+
+In case you have set a DNS CNAME called _msoid_ in one or many DNS namespaces that you own, you have to remove the CNAME until the end of phase 8 at the latest. You can remove the CNAME _msoid_ any time before the end of phase 8.
+
+To verify if you have set a CNAME in your DNS namespace, follow the steps below and replace _contoso.com_ with your own domain name:
+
+```console
+nslookup -querytype=CNMAE msoid.contoso.com
+```
+
+If the command line returns a DNS record, remove the _msoid_ CNAME from your domain.
+ ## Active Directory Federation Services (AD FS)
-**Applies to**: Customers using AD FS on premises to authenticate users connecting to Microsoft Office 365
+<!-- before phase 4 -->
-| Step(s) | Description | Impact |
-|:-|:-|:-|
-| [Backup of Active Directory Federation Services (AD FS) farm](ms-cloud-germany-transition-add-adfs.md#backup) for disaster recovery scenarios. | Customers need to back up the AD FS farm appropriately to ensure the relying party trusts to global & Germany endpoints can be restored without touching the issuer URI of the domains. Microsoft recommends using AD FS Rapid Restore for a backup of the farm and the respective restore, if necessary. | Required Action. Inaction will result in service impact during the migration if the AD FS farm of the customer fails. For more information, refer to [ADFS Migration steps](./ms-cloud-germany-transition-add-adfs.md) |
-||||
+**Applies to**: Customers using AD FS on premises to authenticate users connecting to Microsoft Office 365<br>
+**When applied**: Any time before phase 4 starts
-## Exchange Online
+Read and apply the [ADFS Migration steps](ms-cloud-germany-transition-add-adfs.md)
-**Applies to**: Exchange Online customers who have enabled sharing calendar and availability address space.
+## SharePoint Online
+
+<!-- before phase 4 -->
+
+**Applies to**: Customers using SharePoint 2013 on-premises<br>
+**When applied**: Any time before phase 4 starts
| Step(s) | Description | Impact | |:-|:-|:-|
-| Notify external partners of the upcoming transition to Office 365 services. | Availability address space configurations allow sharing of free/busy information with Office 365. | Failure to do so may result in service or client failure at a later phase of customer migration. |
-|||||
+| Limit SharePoint 2013 workflows, use during the SharePoint Online migration. | Reduce SharePoint 2013 workflows and complete in-flight workflows before transitions. | Inaction may result in user confusion and help desk calls. |
+||||
-### Exchange Online Hybrid configuration
+## Exchange Online
+
+<!-- before phase 5 -->
-**Applies to**: Exchange Online customers with an active Exchange Hybrid configuration
+**Applies to**: Exchange Online customers who have enabled sharing calendar and availability address space<br>
+**When applied**: Any time before end of phase 9
| Step(s) | Description | Impact | |:-|:-|:-|
-| Update to the latest version of the Hybrid Configuration Wizard (HCW) anytime before your tenant is entering migration stage 5. You may start this activity immediately after receiving the message center notification that your Office 365 tenant migration has begun.<br><br> Microsoft Cloud Deutschland hybrid Exchange Online customers must uninstall previous versions of HCW, and then install and execute the latest version (17.0.5378.0 or higher) from [https://aka.ms/hybridwizard](https://aka.ms/hybridwizard). |<ul><li>The latest version of the HCW includes necessary updates to support customers who are transitioning from Microsoft Cloud Deutschland to Office 365 Services.</li><li> Updates include changes to on-premises certificate settings for the Send connector and the Receive connector.</li><li> Exchange administrators must re-install the HCW anytime before Phase 5 of 9 (Exchange migration) begins.<br>When executing the HCW before phase 5, select "Office 365 Germany" on the 2nd page of the HCW under _Office 365 Exchange Online_ in the listbox below _My Office 365 organization is hosted by_</li><li>**NOTE**: Upon completion of your Office 365 tenant migration, you will remove and re-install the HCW again, this time using "Office 365 Worldwide" settings on the 2nd page of the HCW to complete your Hybrid setup with the Exchange Online global service.</li></ul>|Failure to run the HCW before Phase 5 (Exchange migration) may result in service or client failure. |
+| Notify external partners of the upcoming transition to Office 365 services. | Availability address space configurations allow sharing of free/busy information with Office 365. | Failure to do so may result in service or client failure at a later phase of customer migration. |
||||
-## SharePoint Online
-
-**Applies to**: Customers using SharePoint 2013 on premises
+### Exchange Online Hybrid configuration
+**Applies to:** All customers using an active Exchange Hybrid Configuration with Exchange servers on-premises<br>
+**When applied**: Any time before phase 5 starts
| Step(s) | Description | Impact | |:-|:-|:-|
-| Limit SharePoint 2013 workflows, use during the SharePoint Online migration. | Reduce SharePoint 2013 workflows and complete in-flight workflows before transitions. | Inaction may result in user confusion and help desk calls. |
+| Update to the latest version of the Hybrid Configuration Wizard (HCW) anytime before your tenant is entering migration stage 5. You may start this activity immediately after receiving the message center notification that your Office 365 tenant migration has begun (phase 1).<br>Your Exchange administrator must uninstall previous versions of the HCW, and then install and execute the latest version (17.0.5378.0 or higher) from [https://aka.ms/hybridwizard](https://aka.ms/hybridwizard). |<ul><li>The latest version of the HCW includes necessary updates to support the Exchange Online migration from the Microsoft Cloud Deutschland instance to Office 365 Global Services.</li><li> Updates include changes to on-premises certificate settings for the _Send connector_ and the _Receive connector_.</li><li>When executing the HCW before phase 5, select "Office 365 Germany" on the 2nd page of the HCW under _Office 365 Exchange Online_ in the listbox below _My Office 365 organization is hosted by_</li><li>**NOTE**: Upon completion of your Office 365 tenant migration after phase 9, you will remove and re-install the HCW again, this time using "Office 365 Worldwide" settings on the 2nd page of the HCW to complete your Hybrid setup with the Exchange Online global service.</li></ul>|Failure to run the HCW before Phase 5 (Exchange migration) may result in service or client failure. |
+| Establish AuthServer on-premises pointing to global Security Token Service (STS) for authentication | This ensures that authentication requests for Exchange availability requests from users in migration state that target the hybrid on-premises environment are authenticated to access the on-premises service. Similarly, this will ensure authentication of requests from on-premises to Office 365 Global services endpoints. | After Azure AD migration (phase 2) is complete, the administrator of the on-premises Exchange (hybrid) topology must add a new authentication service endpoint for the Office 365 Global services. With this command from Exchange PowerShell, replace `<TenantID>` with your organization's tenant ID found in the Azure portal on Azure Active Directory.<br>`New-AuthServer GlobalMicrosoftSts -AuthMetadataUrl https://accounts.accesscontrol.windows.net/<TenantId>/metadata/json/1`<br> Failing to complete this task may result in hybrid free-busy requests failing to provide information for mailbox users who have been migrated from Microsoft Cloud Deutschland to Office 365 services. |
|||| ## Skype for Business Online
-**Applies to**: Skype For Business Online customers
+<!-- before phase 7 -->
+
+**Applies to**: Skype For Business Online customers<br>
+**When applied**: Any time before phase 7 starts
| Step(s) | Description | Impact | |:-|:-|:-|
Use these links to get to the pre-work steps relevant to your organization:
| Prepare End User and Administration training and readiness for the transition to Microsoft Teams. | Be successful in your transition from Skype to Teams by planning user communication and readiness. | <ul><li>Clients need to be aware of the new services and how to use once their services are transitioned to the Office 365 services. </li><li>After DNS changes are made for both the customer vanity domains and the initial domain, users would sign into Skype for Business and see that they now are migrated to Teams. This would also download the desktop client for Teams in the background. </li></ul>| ||||
-## Mobile
+## Mobile Device Management
-If you're using a third-party mobile device management (MDM) solution:
+<!-- before phase 5 -->
+**Applies to:** Customers using a third-party mobile device management (MDM) solution<br>
+**When applied**: Any time before phase 5 starts
| Step(s) | Description | Applies to | Impact | |:-|:--|:-|:-|
If you're using a third-party mobile device management (MDM) solution:
## Line-of-business apps
-If you're using a third-party service or line-of-business (LOB) apps that are integrated with Office 365:
+**Applies to:** Customers using line-of-business (LOB) apps with endpoints provided by Microsoft Cloud Deutschland<br>
+**When applied**: After completion of phase 2 and before end of phase 9
+
+If you're using a third-party service or line-of-business (LOB) apps that are integrated with Office 365, you must resolve any dependencies on endpoints provided by the Microsoft Cloud Deutschland instance. For example, if your LOB apps are connecting to `https://graph.microsoft.de/`, you must change the endpoint to `https://graph.microsoft.com/`. The endpoints of the Microsoft Office 365 Global service become available to your tenant after phase 2.
| Step(s) | Description | Impact | |:-|:-|:-|
If you're using a third-party service or line-of-business (LOB) apps that are in
## Dynamics 365
-**Applies to**: Customers using Microsoft Dynamics
+**Applies to**: Customers using Microsoft Dynamics 365
| Step(s) | Description | Impact | |:-|:-|:-|
If you're using a third-party service or line-of-business (LOB) apps that are in
## Power BI
-**Applies to**: Power BI customers
+**Applies to**: Customers using Power BI
| Step(s) | Description | Impact | |:-|:-|:-| | Removal of objects from Power BI subscriptions that won't be migrated from Power BI Microsoft Cloud Deutschland to Office 365 services. | Migration of Power BI services will require customer action to delete certain artifacts, such as datasets and dashboards. | <ul><li>Admins may have to remove the following items from their subscription: </li><li>Real-Time datasets (for example, streaming or push datasets) </li><li>Power BI on-premises Data Gateway configuration and data source </li></ul>| ||||
-## DNS
-
-**Applies to**: Customers using Office Desktop client (Microsoft 365 Apps, Office 365 ProPlus, Office 2019, 2016, ...)<br>
-Remove MSOID, CName from customer-owned DNS if it exists anytime before Azure Active Directory (Azure AD) cut-over. A TTL of 5 minutes can be set so that the change can take effect quickly.
-
-## Federated identity
-
-| Step(s) | Description | Impact |
-|:-|:-|:-|
-| Add an identifier for single sign-on (SSO) to an existing relying party trust and disable AD FS metadata auto-updates. | An ID must be added to the AD FS relying party trust before starting your migration. To avoid accidental removal of the relying party identifier, disable auto-update for metadata updates. <br><br> Run this command as a single command line on the AD FS server: <br>`Set-AdfsRelyingPartyTrust -TargetIdentifier urn:federation:microsoftonline.de -Identifier @('urn:federation:microsoftonline.de', 'https://login.microsoftonline.de/extSTS.srf', 'https://login.microsoftonline.de') -AutoUpdate $False`
-| Federated authentication organizations | Required Action. Inaction before Phase 4 of 9 (SharePoint) will result in service impact during the migration. |
-| Generate relying party trust for global Azure AD endpoints. | Customers need to manually create a relying party trust (RPT) to [global](https://nexus.microsoftonline-p.com/federationmetadata/2007-06/federationmetadata.xml) endpoints. This is done by adding a new RPT via GUI by leveraging the global federation metadata URL and then using [Azure AD RPT Claim Rules](https://adfshelp.microsoft.com/AadTrustClaims/ClaimsGenerator#:~:text=%20Azure%20AD%20RPT%20Claim%20Rules%20%201,Azure%20AD.%20This%20will%20be%20what...%20More%20) (in AD FS Help) to generate the claim rules and import them into the RPT. | Federated authentication organizations | Required Action. Inaction will result in service impact during the migration. |
-|||||
- ## Microsoft Azure If you are using the same Azure Active Directory identity partition for Office 365 and Microsoft Azure in the Microsoft Cloud Deutschland instance, make sure that you are preparing for the customer driven migration of Microsoft Azure services.
-The migration of your Microsoft Azure services must not be started before your Office 365 tenant has reached migration phase 3 and must be completed before migration phase 8 has been completed.
+
+> [!NOTE]
+> The migration of your Microsoft Azure services must not be started before your Office 365 tenant has reached migration phase 3 and must be completed before migration phase 8 has been completed.
+
+Customers who use Office 365 and Azure resources (for example, networking, compute, and storage) will perform the migration of resources to the Office 365 services instance. This migration is the customer's responsibility. Message Center posts will signal the start. Migration must be completed before finalization of the Azure AD organization in the Office 365 services environment. For Azure migrations, see the Azure migration playbook, [Overview of migration guidance for Azure Germany](https://docs.microsoft.com/azure/germany/germany-migration-main).
| Step(s) | Description | Impact | |:-|:-|:-|
Cloud apps:
- [Dynamics 365 migration program information](/dynamics365/get-started/migrate-data-german-region) - [Power BI migration program information](/power-bi/admin/service-admin-migrate-data-germany)-- [Getting started with your Microsoft Teams upgrade](/microsoftteams/upgrade-start-here)
+- [Getting started with your Microsoft Teams upgrade](/microsoftteams/upgrade-start-here)
enterprise Ms Cloud Germany Transition Phases https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/ms-cloud-germany-transition-phases.md
The following sections contain actions and effects for workloads as they progres
## Before the migration starts
-Make sure that you are familiar with the [migration preparation steps that are applying for all customers](ms-cloud-germany-transition-add-pre-work.md#applies-to-everyone).
+Make sure that you are familiar with the [migration preparation steps that apply to all customers](ms-cloud-germany-transition-add-pre-work.md).
In case you have set a DNS CNAME called _msoid_ in one or many DNS namespaces that you own, you have to remove the CNAME until the end of phase 8 at the latest. You can remove the CNAME _msoid_ any time before the end of phase 8. See the [prework for DNS](ms-cloud-germany-transition-add-pre-work.md#dns).
If you're using Exchange Online hybrid: Exchange Online Hybrid administrators *
Upon **completion of the migration phase 9** (when the Message Center notice is published), you need to run the HCW again using Office 365 Worldwide settings to point your on-premises systems to the Office 365 Global services.
-If you want to modify user photos during phase 5, see [Set-UserPhoto](ms-cloud-germany-transition-add-experience.md#exchange-online-before-phase-5)
+If you want to modify user photos during phase 5, see [Exchange Online Set-UserPhoto during phase 5](ms-cloud-germany-transition-add-experience.md#exchange-online-set-userphoto-during-phase-5)
| Step(s) | Description | Impact | |:-|:-|:-|
Customers with Dynamics 365 require additional engagement to migrate the organiz
Office 365 tenants transitioning to the region "Germany" require all users to close, sign out from Office 365 and back in for all Office desktop applications (Word, Excel, PowerPoint, Outlook, etc.) and OneDrive for Business client after the tenant migration has reached phase 9. Signing out and in, allows the Office services to obtain new authentication tokens from the global Azure AD service.
-Make sure you have completed the [prework for mobile devices](ms-cloud-germany-transition-add-pre-work.md#mobile) procedure.
+Make sure you have completed the [prework for mobile devices](ms-cloud-germany-transition-add-pre-work.md#mobile-device-management) procedure.
| Step(s) | Description | Impact | |:-|:-|:-|
-| Clients, Office Online during Office client cutover, Azure AD finalizes the tenant scope to point to the Office 365 services. | This configuration change enables Office clients to update and point to the Office 365 services endpoints. | <ul><li>Notify users to close _all_ Office apps and then sign back in (or force clients to restart and users to sign in) to enable Office clients to pick up the change. </li><li>Notify users and help desk staff that users *may* see an Office banner that prompts them to reactivate Office apps within 72 hours of the cutover. </li><li>All Office applications on personal machines must be closed, and users must sign out then sign in again. In the Yellow activation bar, sign in to reactivate against Office 365 services.</li><li>Shared machines will require actions that are similar to personal machines, and won't require a special procedure. </li><li>On mobile devices, users must sign out of apps, close them, and then sign in again. </li></ul>|
+| Clients, Office Online during Office client cutover, Azure AD finalizes the tenant scope to point to the Office 365 services. | This configuration change enables Office clients to update and point to the Office 365 services endpoints. | <ul><li>Notify users to close _all_ Office apps and then sign back in (or force clients to restart and users to sign in) to enable Office clients to pick up the change. </li><li>Notify users and help desk staff that users *may* see an Office banner that prompts them to reactivate Office apps within 72 hours of the cutover. </li><li>All Office applications on personal machines must be closed, and users must sign out then sign in again. In the Yellow activation bar, sign in to reactivate against Office 365 services.</li><li>Shared machines will require actions that are similar to personal machines, and won't require a special procedure. </li><li>On mobile devices, users must sign out of apps, close them, and then sign in again.</li></ul>|
|||| ## Line-of-business apps
enterprise Phs Prereqs M365 Test Environment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/phs-prereqs-m365-test-environment.md
description: Create a Microsoft 365 environment to test identity and device acce
*This Test Lab Guide can only be used for Microsoft 365 for enterprise test environments.*
-[Identity and device access configurations](../security/office-365-security/microsoft-365-policies-configurations.md) are a set of configurations and conditional access policies to protect access to all services in Microsoft 365 for enterprise that are integrated with Azure Active Directory (Azure AD).
+[Identity and device access configurations](../security/defender-365-security/microsoft-365-policies-configurations.md) are a set of configurations and conditional access policies to protect access to all services in Microsoft 365 for enterprise that are integrated with Azure Active Directory (Azure AD).
-This article describes how to configure a Microsoft 365 test environment that meets the requirements of the [hybrid with password hash sync authentication prerequisite configuration](../security/office-365-security/identity-access-prerequisites.md#prerequisites) for identity and device access.
+This article describes how to configure a Microsoft 365 test environment that meets the requirements of the [hybrid with password hash sync authentication prerequisite configuration](../security/defender-365-security/identity-access-prerequisites.md#prerequisites) for identity and device access.
There are ten phases to setting up this test environment:
For Skype for Business Online:
Get-CsOAuthConfiguration ```
-The result is a test environment that meets the requirements of the [Active Directory with password hash sync prerequisite configuration](../security/office-365-security/identity-access-prerequisites.md#prerequisites) for identity and device access.
+The result is a test environment that meets the requirements of the [Active Directory with password hash sync prerequisite configuration](../security/defender-365-security/identity-access-prerequisites.md#prerequisites) for identity and device access.
## Next step
-Use [Common identity and device access policies](../security/office-365-security/identity-access-policies.md) to configure the policies that build on the prerequisites and protect identities and devices.
+Use [Common identity and device access policies](../security/defender-365-security/identity-access-policies.md) to configure the policies that build on the prerequisites and protect identities and devices.
## See also
Use [Common identity and device access policies](../security/office-365-security
[Microsoft 365 for enterprise overview](microsoft-365-overview.md)
-[Microsoft 365 for enterprise documentation](/microsoft-365-enterprise/)
+[Microsoft 365 for enterprise documentation](/microsoft-365-enterprise/)
enterprise Pta Prereqs M365 Test Environment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/pta-prereqs-m365-test-environment.md
description: Create a Microsoft 365 environment to test identity and device acce
*This Test Lab Guide can only be used for Microsoft 365 for enterprise test environments.*
-[Identity and device access configurations](../security/office-365-security/microsoft-365-policies-configurations.md) are a set of configurations and conditional access policies to protect access to all services in Microsoft 365 for enterprise that are integrated with Azure Active Directory (Azure AD).
+[Identity and device access configurations](../security/defender-365-security/microsoft-365-policies-configurations.md) are a set of configurations and conditional access policies to protect access to all services in Microsoft 365 for enterprise that are integrated with Azure Active Directory (Azure AD).
-This article describes how you can configure a Microsoft 365 test environment that meets the requirements of the [Pass-through authentication prerequisite configuration](../security/office-365-security/identity-access-prerequisites.md#prerequisites) for identity and device access.
+This article describes how you can configure a Microsoft 365 test environment that meets the requirements of the [Pass-through authentication prerequisite configuration](../security/defender-365-security/identity-access-prerequisites.md#prerequisites) for identity and device access.
There are ten phases to setting up this test environment:
For Skype for Business Online:
Get-CsOAuthConfiguration ```
-The result is a test environment that meets the requirements of the [Pass-through authentication prerequisite configuration](../security/office-365-security/identity-access-prerequisites.md#prerequisites) for identity and device access.
+The result is a test environment that meets the requirements of the [Pass-through authentication prerequisite configuration](../security/defender-365-security/identity-access-prerequisites.md#prerequisites) for identity and device access.
## Next step
-Use [Common identity and device access policies](../security/office-365-security/identity-access-policies.md) to configure the policies that build on the prerequisites and protect identities and devices.
+Use [Common identity and device access policies](../security/defender-365-security/identity-access-policies.md) to configure the policies that build on the prerequisites and protect identities and devices.
## See also
Use [Common identity and device access policies](../security/office-365-security
[Microsoft 365 for enterprise overview](microsoft-365-overview.md)
-[Microsoft 365 for enterprise documentation](/microsoft-365-enterprise/)
+[Microsoft 365 for enterprise documentation](/microsoft-365-enterprise/)
includes Improve Request Performance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/improve-request-performance.md
+
+ Title: Improve request performance
+description: Improve request performance
+keywords: server, request, performance
+search.product: eADQiWindows 10XVcnh
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
++
+ms.localizationpriority: medium
+
+audience: ITPro
++++
+>[!TIP]
+>For better performance, you can use server closer to your geo location:
+> - api-us.securitycenter.microsoft.com
+> - api-eu.securitycenter.microsoft.com
+> - api-uk.securitycenter.microsoft.com
includes Machineactionsnote https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/machineactionsnote.md
+
+ Title: Perform a Machine Action via the Microsoft Defender for Endpoint API
+description: This page focuses on performing a machine action via the Microsoft Defender for Endpoint API.
Last updated : 08/28/2017++++++
+>[!Note]
+> This page focuses on performing a machine action via API. See [take response actions on a machine](/microsoft-365/security/defender-endpoint/respond-machine-alerts.md) for more information about response actions functionality via Microsoft Defender for Endpoint.
includes Microsoft 365 Content Updates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/microsoft-365-content-updates.md
<!-- This file is generated automatically each week. Changes made to this file will be overwritten.-->---
-## Week of March 15, 2021
--
-| Published On |Topic title | Change |
-|||--|
-| 3/15/2021 | [Wipe a mobile device in Basic Mobility and Security](/microsoft-365/admin/basic-mobility-security/wipe-mobile-device?view=o365-21vianet) | modified |
-| 3/15/2021 | [Using Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-using?view=o365-21vianet) | modified |
-| 3/15/2021 | [Insider risk management alerts](/microsoft-365/compliance/insider-risk-management-alerts?view=o365-21vianet) | modified |
-| 3/15/2021 | [Insider risk management audit log](/microsoft-365/compliance/insider-risk-management-audit-log?view=o365-21vianet) | added |
-| 3/15/2021 | [Insider risk management cases](/microsoft-365/compliance/insider-risk-management-cases?view=o365-21vianet) | modified |
-| 3/15/2021 | [Get started with insider risk management](/microsoft-365/compliance/insider-risk-management-configure?view=o365-21vianet) | modified |
-| 3/15/2021 | [Insider risk management Content explorer](/microsoft-365/compliance/insider-risk-management-content-explorer?view=o365-21vianet) | modified |
-| 3/15/2021 | [Plan for insider risk management](/microsoft-365/compliance/insider-risk-management-plan?view=o365-21vianet) | modified |
-| 3/15/2021 | [Insider risk management policies](/microsoft-365/compliance/insider-risk-management-policies?view=o365-21vianet) | modified |
-| 3/15/2021 | [Insider risk management settings](/microsoft-365/compliance/insider-risk-management-settings?view=o365-21vianet) | modified |
-| 3/15/2021 | [Insider risk management in Microsoft 365](/microsoft-365/compliance/insider-risk-management-solution-overview?view=o365-21vianet) | modified |
-| 3/15/2021 | [Insider risk management Users dashboard](/microsoft-365/compliance/insider-risk-management-users?view=o365-21vianet) | modified |
-| 3/15/2021 | [Learn about insider risk management](/microsoft-365/compliance/insider-risk-management?view=o365-21vianet) | modified |
-| 3/15/2021 | [Microsoft 365 tenant-to-tenant migrations](/microsoft-365/enterprise/microsoft-365-tenant-to-tenant-migrations?view=o365-21vianet) | modified |
-| 3/15/2021 | [Use the Page Diagnostics tool for SharePoint Online](/microsoft-365/enterprise/page-diagnostics-for-spo?view=o365-21vianet) | modified |
-| 3/15/2021 | [Anti-malware protection FAQ](/microsoft-365/security/office-365-security/anti-malware-protection-faq-eop?view=o365-21vianet) | modified |
-| 3/15/2021 | [Get started using Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-get-started?view=o365-21vianet) | modified |
-| 3/15/2021 | [Zero-hour auto purge (ZAP)](/microsoft-365/security/office-365-security/zero-hour-auto-purge?view=o365-21vianet) | modified |
-| 3/15/2021 | [Manage who can create Microsoft 365 Groups](/microsoft-365/solutions/manage-creation-of-groups?view=o365-21vianet) | modified |
-| 3/15/2021 | [About the Microsoft 365 Admin mobile app](/microsoft-365/admin/admin-overview/admin-mobile-app?view=o365-21vianet) | modified |
-| 3/15/2021 | [Get started with the Microsoft Compliance Extension (preview)](/microsoft-365/compliance/dlp-chrome-get-started?view=o365-21vianet) | added |
-| 3/15/2021 | [Learn about the Microsoft Compliance Extension (preview)](/microsoft-365/compliance/dlp-chrome-learn-about?view=o365-21vianet) | added |
-| 3/15/2021 | [Learn about the default data loss prevention policy in Microsoft Teams (preview)](/microsoft-365/compliance/dlp-teams-default-policy?view=o365-21vianet) | added |
-| 3/15/2021 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-21vianet) | modified |
-| 3/15/2021 | [Pre-work for the migration from Microsoft Cloud Deutschland](/microsoft-365/enterprise/ms-cloud-germany-transition-add-pre-work?view=o365-21vianet) | modified |
-| 3/15/2021 | [Migration phases actions and impacts for the migration from Microsoft Cloud Deutschland (general)](/microsoft-365/enterprise/ms-cloud-germany-transition-phases?view=o365-21vianet) | modified |
-| 3/15/2021 | [User submissions policy](/microsoft-365/security/office-365-security/user-submission?view=o365-21vianet) | modified |
-| 3/16/2021 | [Microsoft Productivity Score](/microsoft-365/admin/productivity/productivity-score?view=o365-worldwide) | modified |
-| 3/16/2021 | [Get started with the Microsoft Compliance Extension (preview)](/microsoft-365/compliance/dlp-chrome-get-started?view=o365-21vianet) | modified |
-| 3/16/2021 | [Define information barrier policies](/microsoft-365/compliance/information-barriers-policies?view=o365-21vianet) | modified |
-| 3/16/2021 | [Learn about insider risk management](/microsoft-365/compliance/insider-risk-management?view=o365-21vianet) | modified |
-| 3/16/2021 | [Insider risk solutions](/microsoft-365/compliance/insider-risk-solution-overview?view=o365-21vianet) | modified |
-| 3/16/2021 | [Learn about retention for Teams](/microsoft-365/compliance/retention-policies-teams?view=o365-21vianet) | modified |
-| 3/16/2021 | [Collection statistics and reports](/microsoft-365/compliance/collection-statistics-reports?view=o365-21vianet) | added |
-| 3/16/2021 | [Overview of collections in Advanced eDiscovery](/microsoft-365/compliance/collections-overview?view=o365-21vianet) | added |
-| 3/16/2021 | [Commit a draft collection to a review set](/microsoft-365/compliance/commit-draft-collection?view=o365-21vianet) | added |
-| 3/16/2021 | [Create a draft collection](/microsoft-365/compliance/create-draft-collection?view=o365-21vianet) | added |
-| 3/16/2021 | [Communication compliance feature reference](/microsoft-365/compliance/communication-compliance-feature-reference?view=o365-21vianet) | modified |
-| 3/16/2021 | [Review conversations in Advanced eDiscovery](/microsoft-365/compliance/conversation-review-sets?view=o365-21vianet) | modified |
-| 3/16/2021 | [Create and manage Advanced eDiscovery cases in Microsoft 365](/microsoft-365/compliance/create-and-manage-advanced-ediscoveryv2-case?view=o365-21vianet) | modified |
-| 3/16/2021 | [Customer Key for Microsoft 365 at the tenant level (public preview)](/microsoft-365/compliance/customer-key-tenant-level?view=o365-21vianet) | modified |
-| 3/16/2021 | [Manage holds in Advanced eDiscovery](/microsoft-365/compliance/managing-holds?view=o365-21vianet) | modified |
-| 3/16/2021 | [Overview of the Advanced eDiscovery solution in Microsoft 365](/microsoft-365/compliance/overview-ediscovery-20?view=o365-21vianet) | modified |
-| 3/16/2021 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-21vianet) | modified |
-| 3/16/2021 | [Learn about sensitivity labels](/microsoft-365/compliance/sensitivity-labels?view=o365-21vianet) | modified |
-| 3/16/2021 | [View keyword statistics for Content Search results](/microsoft-365/compliance/view-keyword-statistics-for-content-search?view=o365-21vianet) | modified |
-| 3/16/2021 | [Content stored in Exchange Online mailboxes](/microsoft-365/compliance/what-is-stored-in-exo-mailbox?view=o365-21vianet) | modified |
-| 3/16/2021 | [AD FS migration steps for the migration from Microsoft Cloud Deutschland](/microsoft-365/enterprise/ms-cloud-germany-transition-add-adfs?view=o365-21vianet) | modified |
-| 3/16/2021 | [Evaluate Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/office-365-evaluation?view=o365-21vianet) | modified |
-| 3/16/2021 | [What is collaboration governance?](/microsoft-365/solutions/collaboration-governance-overview?view=o365-21vianet) | modified |
-| 3/16/2021 | [Create a secure guest sharing environment](/microsoft-365/solutions/create-secure-guest-sharing-environment?view=o365-21vianet) | modified |
-| 3/16/2021 | [Governing access in Microsoft 365 groups, Teams, and SharePoint](/microsoft-365/solutions/groups-teams-access-governance?view=o365-21vianet) | modified |
-| 3/16/2021 | [Compliance options for Microsoft 365 groups, Teams, and SharePoint collaboration](/microsoft-365/solutions/groups-teams-compliance-governance?view=o365-21vianet) | modified |
-| 3/16/2021 | [Manage who can create Microsoft 365 Groups](/microsoft-365/solutions/manage-creation-of-groups?view=o365-21vianet) | modified |
-| 3/17/2021 | [About registration numbers and under review notifications](/microsoft-365/commerce/about-registration-numbers?view=o365-21vianet) | modified |
-| 3/17/2021 | [Manage auto-claim policies](/microsoft-365/commerce/licenses/manage-auto-claim-policies?view=o365-21vianet) | modified |
-| 3/17/2021 | Advanced eDiscovery alignment with the EDRM | removed |
-| 3/17/2021 | [Create and manage Advanced eDiscovery cases in Microsoft 365](/microsoft-365/compliance/create-and-manage-advanced-ediscoveryv2-case?view=o365-21vianet) | modified |
-| 3/17/2021 | [eDiscovery solution series Data spillage scenario - Search and purge](/microsoft-365/compliance/data-spillage-scenariosearch-and-purge?view=o365-21vianet) | modified |
-| 3/17/2021 | [Set up Advanced eDiscovery in Microsoft 365](/microsoft-365/compliance/get-started-with-advanced-ediscovery?view=o365-21vianet) | modified |
-| 3/17/2021 | [Overview of the Advanced eDiscovery solution in Microsoft 365](/microsoft-365/compliance/overview-ediscovery-20?view=o365-21vianet) | modified |
-| 3/17/2021 | [Search the audit log in the Security & Compliance Center](/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-21vianet) | modified |
-| 3/17/2021 | [Get started with communication compliance](/microsoft-365/compliance/communication-compliance-configure?view=o365-21vianet) | modified |
-| 3/17/2021 | [Learn about communication compliance](/microsoft-365/compliance/communication-compliance?view=o365-21vianet) | modified |
-| 3/17/2021 | [Records Management in Microsoft 365](/microsoft-365/compliance/records-management?view=o365-21vianet) | modified |
-| 3/17/2021 | [Learn about retention for SharePoint and OneDrive](/microsoft-365/compliance/retention-policies-sharepoint?view=o365-21vianet) | modified |
-| 3/17/2021 | [First-run experience with Autopilot and the Enrollment Status Page](/microsoft-365/managed-desktop/get-started/esp-first-run?view=o365-21vianet) | modified |
-| 3/17/2021 | [Insider risk management cases](/microsoft-365/compliance/insider-risk-management-cases?view=o365-21vianet) | modified |
-| 3/17/2021 | [Get started with insider risk management](/microsoft-365/compliance/insider-risk-management-configure?view=o365-21vianet) | modified |
-| 3/17/2021 | [Insider risk management policies](/microsoft-365/compliance/insider-risk-management-policies?view=o365-21vianet) | modified |
-| 3/17/2021 | [Learn about insider risk management](/microsoft-365/compliance/insider-risk-management?view=o365-21vianet) | modified |
-| 3/17/2021 | [Manage Microsoft Rewards](/microsoft-365/admin/manage/manage-microsoft-rewards?view=o365-21vianet) | added |
-| 3/17/2021 | [Microsoft Bing News for Work](/microsoft-365/admin/misc/microsoft-bing-news-for-work?view=o365-21vianet) | added |
-| 3/17/2021 | [Get details about Basic Mobility and Security managed devices](/microsoft-365/admin/basic-mobility-security/get-details-about-managed-devices?view=o365-21vianet) | modified |
-| 3/17/2021 | Create DNS records at Bluehost for Microsoft | removed |
-| 3/17/2021 | [Microsoft 365 Business Premium resources # < 60 chars](/microsoft-365/business/index?view=o365-21vianet) | modified |
-| 3/17/2021 | [Plan for Microsoft Viva Topics](/microsoft-365/knowledge/plan-topic-experiences) | modified |
-| 3/17/2021 | [Set up Microsoft Viva Topics](/microsoft-365/knowledge/set-up-topic-experiences) | modified |
-| 3/18/2021 | [Create retention labels and apply them in apps to retain or delete content](/microsoft-365/compliance/create-apply-retention-labels?view=o365-21vianet) | modified |
-| 3/18/2021 | [Create and publish sensitivity labels](/microsoft-365/compliance/create-sensitivity-labels?view=o365-21vianet) | modified |
-| 3/18/2021 | [Records Management in Microsoft 365](/microsoft-365/compliance/records-management?view=o365-21vianet) | modified |
-| 3/18/2021 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-21vianet) | modified |
-| 3/18/2021 | [Microsoft 365 Client App Support: Certificate-based Authentication](/microsoft-365/enterprise/microsoft-365-client-support-certificate-based-authentication?view=o365-21vianet) | modified |
-| 3/18/2021 | [Microsoft 365 Client App Support: Conditional Access](/microsoft-365/enterprise/microsoft-365-client-support-conditional-access?view=o365-21vianet) | modified |
-| 3/18/2021 | [Microsoft 365 Client App Support: Multi-factor authentication](/microsoft-365/enterprise/microsoft-365-client-support-multi-factor-authentication?view=o365-21vianet) | modified |
-| 3/18/2021 | [Microsoft 365 Client App Support: Single Sign-On](/microsoft-365/enterprise/microsoft-365-client-support-single-sign-on?view=o365-21vianet) | modified |
-| 3/18/2021 | [Choose between Basic Mobility and Security and Intune](/microsoft-365/admin/basic-mobility-security/choose-between-basic-mobility-and-security-and-intune?view=o365-21vianet) | modified |
-| 3/18/2021 | [Create a custom sensitive information type using PowerShell](/microsoft-365/compliance/create-a-custom-sensitive-information-type-in-scc-powershell?view=o365-21vianet) | modified |
-| 3/18/2021 | [Create a keyword dictionary](/microsoft-365/compliance/create-a-keyword-dictionary?view=o365-21vianet) | modified |
-| 3/18/2021 | [Sensitive information type entity definitions](/microsoft-365/compliance/sensitive-information-type-entity-definitions?view=o365-21vianet) | modified |
-| 3/18/2021 | [Create an app to access Microsoft 365 Defender without a user](/microsoft-365/security/mtp/api-create-app-web?view=o365-21vianet) | modified |
-| 3/18/2021 | [Microsoft cloud architecture models - enterprise resource planning](/microsoft-365/solutions/cloud-architecture-models?view=o365-21vianet) | modified |
-| 3/18/2021 | [Use file plan to manage retention labels throughout the content lifecycle](/microsoft-365/compliance/file-plan-manager?view=o365-21vianet) | modified |
-| 3/18/2021 | [Evaluate Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/office-365-evaluation?view=o365-21vianet) | modified |
-| 3/18/2021 | [Steps to configure threat protection capabilities across Microsoft 365](/microsoft-365/solutions/deploy-threat-protection-configure?view=o365-21vianet) | modified |
-| 3/18/2021 | [Deploy threat protection capabilities across Microsoft 365](/microsoft-365/solutions/deploy-threat-protection?view=o365-21vianet) | modified |
-| 3/18/2021 | [Microsoft 365 solution and architecture center # < 60 chars](/microsoft-365/solutions/index?view=o365-21vianet) | modified |
-| 3/18/2021 | [Use AllowSelfServicePurchase for the MSCommerce PowerShell module](/microsoft-365/commerce/subscriptions/allowselfservicepurchase-powershell?view=o365-21vianet) | modified |
-| 3/18/2021 | [Communication compliance feature reference](/microsoft-365/compliance/communication-compliance-feature-reference?view=o365-21vianet) | modified |
-| 3/18/2021 | [What's new in Microsoft 365 compliance](/microsoft-365/compliance/whats-new?view=o365-21vianet) | modified |
-| 3/19/2021 | [Create DNS records at 123-reg.co.uk for Microsoft](/microsoft-365/admin/dns/create-dns-records-at-123-reg-co-uk?view=o365-21vianet) | modified |
-| 3/19/2021 | [Define mail flow rules to encrypt email messages](/microsoft-365/compliance/define-mail-flow-rules-to-encrypt-email?view=o365-21vianet) | modified |
-| 3/19/2021 | [Double Key Encryption (DKE)](/microsoft-365/compliance/double-key-encryption?view=o365-21vianet) | modified |
-| 3/19/2021 | [Migration phases actions and impacts for the migration from Microsoft Cloud Deutschland (general)](/microsoft-365/enterprise/ms-cloud-germany-transition-phases?view=o365-21vianet) | modified |
-| 3/19/2021 | [Microsoft Viva Topics security trimming](/microsoft-365/knowledge/topic-experiences-security-trimming) | modified |
--
-## Week of February 15, 2021
--
-| Published On |Topic title | Change |
-|||--|
-| 2/16/2021 | [Automatically apply a retention label to retain or delete content](/microsoft-365/compliance/apply-retention-labels-automatically?view=o365-21vianet) | modified |
-| 2/16/2021 | [Limits for retention policies and retention label policies](/microsoft-365/compliance/retention-limits?view=o365-21vianet) | added |
-| 2/16/2021 | [Create and configure retention policies to automatically retain or delete content](/microsoft-365/compliance/create-retention-policies?view=o365-21vianet) | modified |
-| 2/16/2021 | [Restrict access to content using sensitivity labels to apply encryption](/microsoft-365/compliance/encryption-sensitivity-labels?view=o365-21vianet) | modified |
-| 2/16/2021 | [Get started with insider risk management](/microsoft-365/compliance/insider-risk-management-configure?view=o365-21vianet) | modified |
-| 2/16/2021 | [Plan for insider risk management](/microsoft-365/compliance/insider-risk-management-plan?view=o365-21vianet) | modified |
-| 2/16/2021 | [Learn about retention for Teams](/microsoft-365/compliance/retention-policies-teams?view=o365-21vianet) | modified |
-| 2/16/2021 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-21vianet) | modified |
-| 2/16/2021 | [Use sensitivity labels with Microsoft Teams, Microsoft 365 groups, and SharePoint sites](/microsoft-365/compliance/sensitivity-labels-teams-groups-sites?view=o365-21vianet) | modified |
-| 2/16/2021 | [Set up Microsoft Viva Topics](/microsoft-365/knowledge/set-up-topic-experiences) | modified |
-| 2/16/2021 | [Safe Attachments](/microsoft-365/security/office-365-security/atp-safe-attachments?view=o365-21vianet) | modified |
-| 2/16/2021 | [Protection features in Azure Information Protection rolling out to existing tenants](/microsoft-365/security/office-365-security/azure-ip-protection-features?view=o365-21vianet) | modified |
-| 2/16/2021 | [Application Guard for Office 365 for admins](/microsoft-365/security/office-365-security/install-app-guard?view=o365-21vianet) | modified |
-| 2/16/2021 | [Monitor for leaks of personal data](/microsoft-365/security/office-365-security/monitor-for-leaks-of-personal-data?view=o365-21vianet) | modified |
-| 2/16/2021 | [Remove blocked users from the Restricted Users portal](/microsoft-365/security/office-365-security/removing-user-from-restricted-users-portal-after-spam?view=o365-21vianet) | modified |
-| 2/16/2021 | [Collaborating with people outside your organization](/microsoft-365/solutions/collaborate-with-people-outside-your-organization?view=o365-21vianet) | modified |
-| 2/17/2021 | [Manage billing accounts](/microsoft-365/commerce/manage-billing-accounts?view=o365-21vianet) | modified |
-| 2/17/2021 | [Data loss prevention and Microsoft Teams](/microsoft-365/compliance/dlp-microsoft-teams?view=o365-21vianet) | modified |
-| 2/17/2021 | [Learn about Microsoft 365 Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-learn-about?view=o365-21vianet) | modified |
-| 2/17/2021 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-21vianet) | modified |
-| 2/17/2021 | [Enable sensitivity labels for Office files in SharePoint and OneDrive](/microsoft-365/compliance/sensitivity-labels-sharepoint-onedrive-files?view=o365-21vianet) | modified |
-| 2/17/2021 | [Create a new topic in Microsoft Viva Topics](/microsoft-365/knowledge/create-a-topic) | modified |
-| 2/17/2021 | [Edit an existing topic in Microsoft Viva Topics ](/microsoft-365/knowledge/edit-a-topic) | modified |
-| 2/17/2021 | [Microsoft Viva Topics security trimming](/microsoft-365/knowledge/topic-experiences-security-trimming) | modified |
-| 2/17/2021 | [Create a shared mailbox](/microsoft-365/admin/email/create-a-shared-mailbox?view=o365-21vianet) | modified |
-| 2/17/2021 | [Create a custom sensitive information type using PowerShell](/microsoft-365/compliance/create-a-custom-sensitive-information-type-in-scc-powershell?view=o365-21vianet) | modified |
-| 2/17/2021 | [Customer Key for Microsoft 365 at the tenant level (public preview)](/microsoft-365/compliance/customer-key-tenant-level?view=o365-21vianet) | modified |
-| 2/17/2021 | [Define information barrier policies](/microsoft-365/compliance/information-barriers-policies?view=o365-21vianet) | modified |
-| 2/17/2021 | [Create a DLP policy to protect documents with FCI or other properties](/microsoft-365/compliance/protect-documents-that-have-fci-or-other-properties?view=o365-21vianet) | modified |
-| 2/17/2021 | [Sensitive information type entity definitions](/microsoft-365/compliance/sensitive-information-type-entity-definitions?view=o365-21vianet) | modified |
-| 2/17/2021 | [Connect to Microsoft 365 with PowerShell](/microsoft-365/enterprise/connect-to-microsoft-365-powershell?view=o365-21vianet) | modified |
-| 2/17/2021 | [Optimize custom extensions in SharePoint Online modern site pages](/microsoft-365/enterprise/modern-custom-extensions?view=o365-21vianet) | modified |
-| 2/17/2021 | [Windows and Office deployment lab kit](/microsoft-365/enterprise/modern-desktop-deployment-and-management-lab?view=o365-21vianet) | modified |
-| 2/17/2021 | [Optimize web part performance in SharePoint Online modern site pages](/microsoft-365/enterprise/modern-web-part-optimization?view=o365-21vianet) | modified |
-| 2/17/2021 | [Protect your Microsoft 365 global administrator accounts](/microsoft-365/enterprise/protect-your-global-administrator-accounts?view=o365-21vianet) | modified |
-| 2/17/2021 | [Remove Microsoft 365 licenses from user accounts with PowerShell](/microsoft-365/enterprise/remove-licenses-from-user-accounts-with-microsoft-365-powershell?view=o365-21vianet) | modified |
-| 2/17/2021 | [Change history for Microsoft Managed Desktop documentation](/microsoft-365/managed-desktop/change-history-managed-desktop?view=o365-21vianet) | modified |
-| 2/17/2021 | [Compliance](/microsoft-365/managed-desktop/intro/compliance?view=o365-21vianet) | modified |
-| 2/17/2021 | [What's new in Microsoft Secure Score](/microsoft-365/security/mtp/microsoft-secure-score-whats-new?view=o365-21vianet) | modified |
-| 2/17/2021 | [Preview features in Microsoft 365 Defender](/microsoft-365/security/mtp/preview?view=o365-21vianet) | modified |
-| 2/17/2021 | [About the Microsoft Defender for Office 365 trial](/microsoft-365/security/office-365-security/about-defender-for-office-365-trial?view=o365-21vianet) | modified |
-| 2/17/2021 | [Address compromised user accounts with automated investigation and response](/microsoft-365/security/office-365-security/address-compromised-users-quickly?view=o365-21vianet) | modified |
-| 2/17/2021 | [Admin submissions](/microsoft-365/security/office-365-security/admin-submission?view=o365-21vianet) | modified |
-| 2/17/2021 | [ASF settings in EOP](/microsoft-365/security/office-365-security/advanced-spam-filtering-asf-options?view=o365-21vianet) | modified |
-| 2/17/2021 | [Custom reporting solutions with automated investigation and response](/microsoft-365/security/office-365-security/air-custom-reporting?view=o365-21vianet) | modified |
-| 2/17/2021 | [Remediation actions in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/air-remediation-actions?view=o365-21vianet) | modified |
-| 2/17/2021 | [How to report false positives or false negatives following automated investigation in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/air-report-false-positives-negatives?view=o365-21vianet) | modified |
-| 2/17/2021 | [Review and manage remediation actions in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/air-review-approve-pending-completed-actions?view=o365-21vianet) | modified |
-| 2/17/2021 | [View the results of an automated investigation in Microsoft 365](/microsoft-365/security/office-365-security/air-view-investigation-results?view=o365-21vianet) | modified |
-| 2/17/2021 | [Alerts in the Security & Compliance Center](/microsoft-365/security/office-365-security/alerts?view=o365-21vianet) | modified |
-| 2/17/2021 | [Anti-malware protection FAQ](/microsoft-365/security/office-365-security/anti-malware-protection-faq-eop?view=o365-21vianet) | modified |
-| 2/17/2021 | [Anti-malware protection](/microsoft-365/security/office-365-security/anti-malware-protection?view=o365-21vianet) | modified |
-| 2/17/2021 | [Anti-phishing protection](/microsoft-365/security/office-365-security/anti-phishing-protection?view=o365-21vianet) | modified |
-| 2/17/2021 | [Anti-spam and anti-malware protection](/microsoft-365/security/office-365-security/anti-spam-and-anti-malware-protection?view=o365-21vianet) | modified |
-| 2/17/2021 | [Anti-spam message headers](/microsoft-365/security/office-365-security/anti-spam-message-headers?view=o365-21vianet) | modified |
-| 2/17/2021 | [Anti-spam protection FAQ](/microsoft-365/security/office-365-security/anti-spam-protection-faq?view=o365-21vianet) | modified |
-| 2/17/2021 | [Anti-spam protection](/microsoft-365/security/office-365-security/anti-spam-protection?view=o365-21vianet) | modified |
-| 2/17/2021 | [Anti-spoofing protection FAQ](/microsoft-365/security/office-365-security/anti-spoofing-protection-faq?view=o365-21vianet) | modified |
-| 2/17/2021 | [Anti-spoofing protection](/microsoft-365/security/office-365-security/anti-spoofing-protection?view=o365-21vianet) | modified |
-| 2/17/2021 | [Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](/microsoft-365/security/office-365-security/atp-for-spo-odb-and-teams?view=o365-21vianet) | modified |
-| 2/17/2021 | [Safe Attachments](/microsoft-365/security/office-365-security/atp-safe-attachments?view=o365-21vianet) | modified |
-| 2/17/2021 | [Safe Links](/microsoft-365/security/office-365-security/atp-safe-links?view=o365-21vianet) | modified |
-| 2/17/2021 | [Get started using Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-get-started?view=o365-21vianet) | modified |
-| 2/17/2021 | [Gain insights through Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-insights?view=o365-21vianet) | modified |
-| 2/17/2021 | [Attack Simulator in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/attack-simulator?view=o365-21vianet) | modified |
-| 2/17/2021 | [Auditing reports in standalone EOP](/microsoft-365/security/office-365-security/auditing-reports-in-eop?view=o365-21vianet) | modified |
-| 2/17/2021 | [How automated investigation and response works in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/automated-investigation-response-office?view=o365-21vianet) | modified |
-| 2/17/2021 | [Protection features in Azure Information Protection rolling out to existing tenants](/microsoft-365/security/office-365-security/azure-ip-protection-features?view=o365-21vianet) | modified |
-| 2/17/2021 | [Backscatter in EOP](/microsoft-365/security/office-365-security/backscatter-messages-and-eop?view=o365-21vianet) | modified |
-| 2/17/2021 | [Best practices for configuring EOP](/microsoft-365/security/office-365-security/best-practices-for-configuring-eop?view=o365-21vianet) | modified |
-| 2/17/2021 | [Bulk complaint level values](/microsoft-365/security/office-365-security/bulk-complaint-level-values?view=o365-21vianet) | modified |
-| 2/17/2021 | [Campaign Views in Microsoft Defender for Office 365 Plan](/microsoft-365/security/office-365-security/campaigns?view=o365-21vianet) | modified |
-| 2/17/2021 | [Configuration analyzer for security policies](/microsoft-365/security/office-365-security/configuration-analyzer-for-security-policies?view=o365-21vianet) | modified |
-| 2/17/2021 | [Configure anti-malware policies](/microsoft-365/security/office-365-security/configure-anti-malware-policies?view=o365-21vianet) | modified |
-| 2/17/2021 | [Configure anti-phishing policies in EOP](/microsoft-365/security/office-365-security/configure-anti-phishing-policies-eop?view=o365-21vianet) | modified |
-| 2/17/2021 | [Configure anti-phishing policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/configure-atp-anti-phishing-policies?view=o365-21vianet) | modified |
-| 2/17/2021 | [Configure global settings for Safe Links settings in Defender for Office 365](/microsoft-365/security/office-365-security/configure-global-settings-for-safe-links?view=o365-21vianet) | modified |
-| 2/17/2021 | [Configure groups & users - Political campaign dev/test environment](/microsoft-365/security/office-365-security/configure-groups-and-users-for-a-political-campaign-dev-test-environment?view=o365-21vianet) | modified |
-| 2/17/2021 | [Configure junk email settings on Exchange Online mailboxes](/microsoft-365/security/office-365-security/configure-junk-email-settings-on-exo-mailboxes?view=o365-21vianet) | modified |
-| 2/17/2021 | [Configure S/MIME settings - Exchange Online for Outlook on web](/microsoft-365/security/office-365-security/configure-s-mime-settings-for-outlook-web-app?view=o365-21vianet) | modified |
-| 2/17/2021 | [Configure the default connection filter policy](/microsoft-365/security/office-365-security/configure-the-connection-filter-policy?view=o365-21vianet) | modified |
-| 2/17/2021 | [Configure outbound spam filtering](/microsoft-365/security/office-365-security/configure-the-outbound-spam-policy?view=o365-21vianet) | modified |
-| 2/17/2021 | [Configure spam filter policies](/microsoft-365/security/office-365-security/configure-your-spam-filter-policies?view=o365-21vianet) | modified |
-| 2/17/2021 | [Create blocked sender lists](/microsoft-365/security/office-365-security/create-block-sender-lists-in-office-365?view=o365-21vianet) | modified |
-| 2/17/2021 | [Create safe sender lists](/microsoft-365/security/office-365-security/create-safe-sender-lists-in-office-365?view=o365-21vianet) | modified |
-| 2/17/2021 | [Create team sites - Political campaign dev environment](/microsoft-365/security/office-365-security/create-team-sites-in-a-political-campaign-dev-test-environment?view=o365-21vianet) | modified |
-| 2/17/2021 | [Delegated administration FAQ](/microsoft-365/security/office-365-security/delegated-administration-faq?view=o365-21vianet) | modified |
-| 2/17/2021 | [Deploy an isolated SharePoint Online team site](/microsoft-365/security/office-365-security/deploy-an-isolated-sharepoint-online-team-site?view=o365-21vianet) | modified |
-| 2/17/2021 | [Design an isolated SharePoint Online team site](/microsoft-365/security/office-365-security/design-an-isolated-sharepoint-online-team-site?view=o365-21vianet) | modified |
-| 2/17/2021 | [Detect and Remediate Illicit Consent Grants](/microsoft-365/security/office-365-security/detect-and-remediate-illicit-consent-grants?view=o365-21vianet) | modified |
-| 2/17/2021 | [Detect and remediate the Outlook rules and custom forms injections attacks.](/microsoft-365/security/office-365-security/detect-and-remediate-outlook-rules-forms-attack?view=o365-21vianet) | modified |
-| 2/17/2021 | [Email authentication in Microsoft 365](/microsoft-365/security/office-365-security/email-validation-and-authentication?view=o365-21vianet) | modified |
-| 2/17/2021 | [Enable the Report Message add-in](/microsoft-365/security/office-365-security/enable-the-report-message-add-in?view=o365-21vianet) | modified |
-| 2/17/2021 | [Enable the Report Phish add-in](/microsoft-365/security/office-365-security/enable-the-report-phish-add-in?view=o365-21vianet) | modified |
-| 2/17/2021 | [Configure EOP to junk spam in hybrid environments](/microsoft-365/security/office-365-security/ensure-that-spam-is-routed-to-each-user-s-junk-email-folder?view=o365-21vianet) | modified |
-| 2/17/2021 | [EOP features](/microsoft-365/security/office-365-security/eop-features?view=o365-21vianet) | modified |
-| 2/17/2021 | [EOP general FAQ](/microsoft-365/security/office-365-security/eop-general-faq?view=o365-21vianet) | modified |
-| 2/17/2021 | [EOP queued, deferred, and bounced messages FAQ](/microsoft-365/security/office-365-security/eop-queued-deferred-and-bounced-messages-faq?view=o365-21vianet) | modified |
-| 2/17/2021 | [Exchange admin center in standalone EOP](/microsoft-365/security/office-365-security/exchange-admin-center-in-exchange-online-protection-eop?view=o365-21vianet) | modified |
-| 2/17/2021 | [Exchange Online Protection (EOP) overview](/microsoft-365/security/office-365-security/exchange-online-protection-overview?view=o365-21vianet) | modified |
-| 2/17/2021 | [Configuring and controlling external email forwarding, Automatic forwarding, 5.7.520 Access Denied, disable external forwarding, Your administrator has disabled external forwarding, outbound anti-spam policy](/microsoft-365/security/office-365-security/external-email-forwarding?view=o365-21vianet) | modified |
-| 2/17/2021 | [Feature permissions in EOP](/microsoft-365/security/office-365-security/feature-permissions-in-eop?view=o365-21vianet) | modified |
-| 2/17/2021 | [Find and release quarantined messages as a user](/microsoft-365/security/office-365-security/find-and-release-quarantined-messages-as-a-user?view=o365-21vianet) | modified |
-| 2/17/2021 | [Give users access to the Security & Compliance Center](/microsoft-365/security/office-365-security/grant-access-to-the-security-and-compliance-center?view=o365-21vianet) | modified |
-| 2/17/2021 | [Help and support for EOP](/microsoft-365/security/office-365-security/help-and-support-for-eop?view=o365-21vianet) | modified |
-| 2/17/2021 | [Outbound delivery pools](/microsoft-365/security/office-365-security/high-risk-delivery-pool-for-outbound-messages?view=o365-21vianet) | modified |
-| 2/17/2021 | [How Sender Policy Framework (SPF) prevents spoofing](/microsoft-365/security/office-365-security/how-office-365-uses-spf-to-prevent-spoofing?view=o365-21vianet) | modified |
-| 2/17/2021 | [How EOP validates the From address to prevent phishing](/microsoft-365/security/office-365-security/how-office-365-validates-the-from-address?view=o365-21vianet) | modified |
-| 2/17/2021 | [Order and precedence of email protection](/microsoft-365/security/office-365-security/how-policies-and-protections-are-combined?view=o365-21vianet) | modified |
-| 2/17/2021 | [Common identity and device access policies - Microsoft 365 for enterprise \| Microsoft Docs](/microsoft-365/security/office-365-security/identity-access-policies?view=o365-21vianet) | modified |
-| 2/17/2021 | [Prerequisite work for implementing identity and device access policies - Microsoft 365 for enterprise \| Microsoft Docs](/microsoft-365/security/office-365-security/identity-access-prerequisites?view=o365-21vianet) | modified |
-| 2/17/2021 | [Office 365 Security, Microsoft Defender for Office 365, EOP, MSDO](/microsoft-365/security/office-365-security/index?view=o365-21vianet) | modified |
-| 2/17/2021 | [Investigate malicious email that was delivered in Office 365, Find and investigate malicious email](/microsoft-365/security/office-365-security/investigate-malicious-email-that-was-delivered?view=o365-21vianet) | modified |
-| 2/17/2021 | [Isolated SharePoint Online team site dev/test environment](/microsoft-365/security/office-365-security/isolated-sharepoint-online-team-site-dev-test-environment?view=o365-21vianet) | modified |
-| 2/17/2021 | [Isolated SharePoint Online team sites](/microsoft-365/security/office-365-security/isolated-sharepoint-online-team-sites?view=o365-21vianet) | modified |
-| 2/17/2021 | [Install and use the Junk Email Reporting add-in for Microsoft Outlook](/microsoft-365/security/office-365-security/junk-email-reporting-add-in-for-microsoft-outlook?view=o365-21vianet) | modified |
-| 2/17/2021 | [Configure spoof intelligence](/microsoft-365/security/office-365-security/learn-about-spoof-intelligence?view=o365-21vianet) | modified |
-| 2/17/2021 | [Mail flow in EOP](/microsoft-365/security/office-365-security/mail-flow-in-eop?view=o365-21vianet) | modified |
-| 2/17/2021 | [Mail flow insights in the Mail flow dashboard](/microsoft-365/security/office-365-security/mail-flow-insights-v2?view=o365-21vianet) | modified |
-| 2/17/2021 | [Mail flow intelligence](/microsoft-365/security/office-365-security/mail-flow-intelligence-in-office-365?view=o365-21vianet) | modified |
-| 2/17/2021 | [Mail flow rules in EOP](/microsoft-365/security/office-365-security/mail-flow-rules-transport-rules-0?view=o365-21vianet) | modified |
-| 2/17/2021 | [Manage role groups in EOP](/microsoft-365/security/office-365-security/manage-admin-role-group-permissions-in-eop?view=o365-21vianet) | modified |
-| 2/17/2021 | [Manage an isolated SharePoint Online team site](/microsoft-365/security/office-365-security/manage-an-isolated-sharepoint-online-team-site?view=o365-21vianet) | modified |
-| 2/17/2021 | [Manage groups in EOP](/microsoft-365/security/office-365-security/manage-groups-in-eop?view=o365-21vianet) | modified |
-| 2/17/2021 | [Manage mail users in standalone EOP](/microsoft-365/security/office-365-security/manage-mail-users-in-eop?view=o365-21vianet) | modified |
-| 2/17/2021 | [Manage quarantined messages and files as an admin](/microsoft-365/security/office-365-security/manage-quarantined-messages-and-files?view=o365-21vianet) | modified |
-| 2/17/2021 | [Manage recipients in standalone EOP](/microsoft-365/security/office-365-security/manage-recipients-in-eop?view=o365-21vianet) | modified |
-| 2/17/2021 | [The Microsoft Defender for Office 365 (MDO) email entity page](/microsoft-365/security/office-365-security/mdo-email-entity-page?view=o365-21vianet) | modified |
-| 2/17/2021 | [Message trace in the Security & Compliance Center](/microsoft-365/security/office-365-security/message-trace-scc?view=o365-21vianet) | modified |
-| 2/17/2021 | [Auto-forwarded messages insight](/microsoft-365/security/office-365-security/mfi-auto-forwarded-messages-report?view=o365-21vianet) | modified |
-| 2/17/2021 | [Top domain mail flow status insight in the Mail flow dashboard](/microsoft-365/security/office-365-security/mfi-domain-mail-flow-status-insight?view=o365-21vianet) | modified |
-| 2/17/2021 | [Mail flow map](/microsoft-365/security/office-365-security/mfi-mail-flow-map-report?view=o365-21vianet) | modified |
-| 2/17/2021 | [Fix possible mail loop insight](/microsoft-365/security/office-365-security/mfi-mail-loop-insight?view=o365-21vianet) | modified |
-| 2/17/2021 | [New domains being forwarded email insight](/microsoft-365/security/office-365-security/mfi-new-domains-being-forwarded-email?view=o365-21vianet) | modified |
-| 2/17/2021 | [New users forwarding email insight](/microsoft-365/security/office-365-security/mfi-new-users-forwarding-email?view=o365-21vianet) | modified |
-| 2/17/2021 | [Non-accepted domain report in the Mail flow dashboard](/microsoft-365/security/office-365-security/mfi-non-accepted-domain-report?view=o365-21vianet) | modified |
-| 2/17/2021 | [Non-delivery report in the Mail flow dashboard](/microsoft-365/security/office-365-security/mfi-non-delivery-report?view=o365-21vianet) | modified |
-| 2/17/2021 | [Outbound and inbound mail flow insight in the Mail flow dashboard](/microsoft-365/security/office-365-security/mfi-outbound-and-inbound-mail-flow?view=o365-21vianet) | modified |
-| 2/17/2021 | [Queues insight in the Mail flow dashboard](/microsoft-365/security/office-365-security/mfi-queue-alerts-and-queues?view=o365-21vianet) | modified |
-| 2/17/2021 | [Fix slow mail flow rules insight](/microsoft-365/security/office-365-security/mfi-slow-mail-flow-rules-insight?view=o365-21vianet) | modified |
-| 2/17/2021 | [SMTP Auth clients insight and report in the Mail flow dashboard](/microsoft-365/security/office-365-security/mfi-smtp-auth-clients-report?view=o365-21vianet) | modified |
-| 2/17/2021 | [Identity and device access configurations - Microsoft 365 for enterprise](/microsoft-365/security/office-365-security/microsoft-365-policies-configurations?view=o365-21vianet) | modified |
-| 2/17/2021 | [Microsoft Report Message and Report Phishing Add-In license terms](/microsoft-365/security/office-365-security/microsoft-message-phishing-report-terms?view=o365-21vianet) | modified |
-| 2/17/2021 | [Microsoft Security Guidance - Political campaigns & nonprofits](/microsoft-365/security/office-365-security/microsoft-security-guidance-for-political-campaigns-nonprofits-and-other-agile-o?view=o365-21vianet) | modified |
-| 2/17/2021 | [Monitor for leaks of personal data](/microsoft-365/security/office-365-security/monitor-for-leaks-of-personal-data?view=o365-21vianet) | modified |
-| 2/17/2021 | [Move domains & settings from one EOP organization to another](/microsoft-365/security/office-365-security/move-domains-and-settings-from-one-eop-organization-to-another-eop-organization?view=o365-21vianet) | modified |
-| 2/17/2021 | [Automated investigation and response in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/office-365-air?view=o365-21vianet) | modified |
-| 2/17/2021 | [Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/office-365-atp?view=o365-21vianet) | modified |
-| 2/17/2021 | [Evaluate Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/office-365-evaluation?view=o365-21vianet) | modified |
-| 2/17/2021 | [Threat investigation & response capabilities - Microsoft Defender for Office 365 Plan 2](/microsoft-365/security/office-365-security/office-365-ti?view=o365-21vianet) | modified |
-| 2/17/2021 | [Security Incident Response](/microsoft-365/security/office-365-security/office365-security-incident-response-overview?view=o365-21vianet) | modified |
-| 2/17/2021 | [Outbound spam protection](/microsoft-365/security/office-365-security/outbound-spam-controls?view=o365-21vianet) | modified |
-| 2/17/2021 | [Permissions - Security & Compliance Center](/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center?view=o365-21vianet) | modified |
-| 2/17/2021 | [Permissions in the Microsoft 365 security and compliance centers](/microsoft-365/security/office-365-security/permissions-microsoft-365-compliance-security?view=o365-21vianet) | modified |
-| 2/17/2021 | [Preset security policies](/microsoft-365/security/office-365-security/preset-security-policies?view=o365-21vianet) | modified |
-| 2/17/2021 | [Protect against threats](/microsoft-365/security/office-365-security/protect-against-threats?view=o365-21vianet) | modified |
-| 2/17/2021 | [Protect on-premises mailboxes in China with standalone EOP](/microsoft-365/security/office-365-security/protect-on-premises-mailboxes-with-exchange-online-protection?view=o365-21vianet) | modified |
-| 2/17/2021 | [Quarantined email messages](/microsoft-365/security/office-365-security/quarantine-email-messages?view=o365-21vianet) | modified |
-| 2/17/2021 | [Quarantined messages FAQ](/microsoft-365/security/office-365-security/quarantine-faq?view=o365-21vianet) | modified |
-| 2/17/2021 | [Quarantine tags](/microsoft-365/security/office-365-security/quarantine-tags?view=o365-21vianet) | modified |
-| 2/17/2021 | [Microsoft recommendations for EOP and Defender for Office 365 security settings](/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365-atp?view=o365-21vianet) | modified |
-| 2/17/2021 | [Recover from a ransomware attack](/microsoft-365/security/office-365-security/recover-from-ransomware?view=o365-21vianet) | modified |
-| 2/17/2021 | [Use mail flow rules to block messages with executable attachments](/microsoft-365/security/office-365-security/reducing-malware-threats-through-file-attachment-blocking-in-exchange-online-pro?view=o365-21vianet) | modified |
-| 2/17/2021 | [Reference Policies, practices, and guidelines](/microsoft-365/security/office-365-security/reference-policies-practices-and-guidelines?view=o365-21vianet) | modified |
-| 2/17/2021 | [Remediate malicious email that was delivered in Office 365](/microsoft-365/security/office-365-security/remediate-malicious-email-delivered-office-365?view=o365-21vianet) | modified |
-| 2/17/2021 | [Remove blocked users from the Restricted Users portal](/microsoft-365/security/office-365-security/removing-user-from-restricted-users-portal-after-spam?view=o365-21vianet) | modified |
-| 2/17/2021 | [Report junk and phishing email in Outlook for iOS and Android](/microsoft-365/security/office-365-security/report-junk-email-and-phishing-scams-in-outlook-for-ios-and-android?view=o365-21vianet) | modified |
-| 2/17/2021 | [Report junk and phishing email in Outlook on the web](/microsoft-365/security/office-365-security/report-junk-email-and-phishing-scams-in-outlook-on-the-web-eop?view=o365-21vianet) | modified |
-| 2/17/2021 | [Report spam, non-spam, and phishing messages to Microsoft](/microsoft-365/security/office-365-security/report-junk-email-messages-to-microsoft?view=o365-21vianet) | modified |
-| 2/17/2021 | [Reporting and message trace](/microsoft-365/security/office-365-security/reporting-and-message-trace-in-exchange-online-protection?view=o365-21vianet) | modified |
-| 2/17/2021 | [Smart reports, insights - Microsoft 365 Security & Compliance Center](/microsoft-365/security/office-365-security/reports-and-insights-in-security-and-compliance?view=o365-21vianet) | modified |
-| 2/17/2021 | [Responding to a Compromised Email Account](/microsoft-365/security/office-365-security/responding-to-a-compromised-email-account?view=o365-21vianet) | modified |
-| 2/17/2021 | [Run an administrator role group report in standalone EOP](/microsoft-365/security/office-365-security/run-an-administrator-role-group-report-in-eop-eop?view=o365-21vianet) | modified |
-| 2/17/2021 | [S/MIME for encryption in Exchange Online - Office 365](/microsoft-365/security/office-365-security/s-mime-for-message-signing-and-encryption?view=o365-21vianet) | modified |
-| 2/17/2021 | [Safe Documents in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/safe-docs?view=o365-21vianet) | modified |
-| 2/17/2021 | [Safety tips in email messages](/microsoft-365/security/office-365-security/safety-tips-in-office-365?view=o365-21vianet) | modified |
-| 2/17/2021 | [Sample script for EOP settings - multiple tenants](/microsoft-365/security/office-365-security/sample-script-for-applying-eop-settings-to-multiple-tenants?view=o365-21vianet) | modified |
-| 2/17/2021 | [Secure by default in Office 365](/microsoft-365/security/office-365-security/secure-by-default?view=o365-21vianet) | modified |
-| 2/17/2021 | [Secure email recommended policies - Microsoft 365 for enterprise \| Microsoft Docs](/microsoft-365/security/office-365-security/secure-email-recommended-policies?view=o365-21vianet) | modified |
-| 2/17/2021 | [Security recommendations for priority accounts in Microsoft 365, priority accounts, priority accounts in Office 365, priority accounts in Microsoft 365](/microsoft-365/security/office-365-security/security-recommendations-for-priority-accounts?view=o365-21vianet) | modified |
-| 2/17/2021 | [Microsoft 365 security roadmap - Top priorities](/microsoft-365/security/office-365-security/security-roadmap?view=o365-21vianet) | modified |
-| 2/17/2021 | [Anti-phishing policies](/microsoft-365/security/office-365-security/set-up-anti-phishing-policies?view=o365-21vianet) | modified |
-| 2/17/2021 | [Set up Safe Attachments policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/set-up-atp-safe-attachments-policies?view=o365-21vianet) | modified |
-| 2/17/2021 | [Set up Safe Links policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/set-up-atp-safe-links-policies?view=o365-21vianet) | modified |
-| 2/17/2021 | [Set up SPF to help prevent spoofing](/microsoft-365/security/office-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing?view=o365-21vianet) | modified |
-| 2/17/2021 | [Set up your standalone EOP service](/microsoft-365/security/office-365-security/set-up-your-eop-service?view=o365-21vianet) | modified |
-| 2/17/2021 | [Recommended secure document policies - Microsoft 365 for enterprise \| Microsoft Docs](/microsoft-365/security/office-365-security/sharepoint-file-access-policies?view=o365-21vianet) | modified |
-| 2/17/2021 | [SIEM integration with Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/siem-integration-with-office-365-ti?view=o365-21vianet) | modified |
-| 2/17/2021 | [SIEM server integration with Microsoft 365 services and applications](/microsoft-365/security/office-365-security/siem-server-integration?view=o365-21vianet) | modified |
-| 2/17/2021 | [Spam confidence level](/microsoft-365/security/office-365-security/spam-confidence-levels?view=o365-21vianet) | modified |
-| 2/17/2021 | [Manually submit messages to Microsoft for analysis](/microsoft-365/security/office-365-security/submit-spam-non-spam-and-phishing-scam-messages-to-microsoft-for-analysis?view=o365-21vianet) | modified |
-| 2/17/2021 | [Submit malware and non-malware to Microsoft for analysis](/microsoft-365/security/office-365-security/submitting-malware-and-non-malware-to-microsoft-for-analysis?view=o365-21vianet) | modified |
-| 2/17/2021 | [Add support for anonymous inbound email over IPv6](/microsoft-365/security/office-365-security/support-for-anonymous-inbound-email-messages-over-ipv6?view=o365-21vianet) | modified |
-| 2/17/2021 | [Support for validation of Domain Keys Identified Mail (DKIM) signed messages](/microsoft-365/security/office-365-security/support-for-validation-of-dkim-signed-messages?view=o365-21vianet) | modified |
-| 2/17/2021 | [Switch to EOP from another protection service](/microsoft-365/security/office-365-security/switch-to-eop-from-google-postini-the-barracuda-spam-and-virus-firewall-or-cisco?view=o365-21vianet) | modified |
-| 2/17/2021 | [Manage your allows and blocks in the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list?view=o365-21vianet) | modified |
-| 2/17/2021 | [Configure your Microsoft 365 tenant for increased security](/microsoft-365/security/office-365-security/tenant-wide-setup-for-increased-security?view=o365-21vianet) | modified |
-| 2/17/2021 | [Views in Threat Explorer and real-time detections](/microsoft-365/security/office-365-security/threat-explorer-views?view=o365-21vianet) | modified |
-| 2/17/2021 | [Threat Explorer and Real-time detections](/microsoft-365/security/office-365-security/threat-explorer?view=o365-21vianet) | modified |
-| 2/17/2021 | [Threat Trackers - New and Noteworthy](/microsoft-365/security/office-365-security/threat-trackers?view=o365-21vianet) | modified |
-| 2/17/2021 | [Troubleshooting mail sent to Microsoft 365](/microsoft-365/security/office-365-security/troubleshooting-mail-sent-to-office-365?view=o365-21vianet) | modified |
-| 2/17/2021 | [Tune anti-phishing protection](/microsoft-365/security/office-365-security/tuning-anti-phishing?view=o365-21vianet) | modified |
-| 2/17/2021 | [Turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](/microsoft-365/security/office-365-security/turn-on-atp-for-spo-odb-and-teams?view=o365-21vianet) | modified |
-| 2/17/2021 | [How to use DKIM for email in your custom domain](/microsoft-365/security/office-365-security/use-dkim-to-validate-outbound-email?view=o365-21vianet) | modified |
-| 2/17/2021 | [Use DMARC to validate email](/microsoft-365/security/office-365-security/use-dmarc-to-validate-email?view=o365-21vianet) | modified |
-| 2/17/2021 | [Use mail flow rules to see what your users are reporting to Microsoft](/microsoft-365/security/office-365-security/use-mail-flow-rules-to-see-what-your-users-are-reporting-to-microsoft?view=o365-21vianet) | modified |
-| 2/17/2021 | [Use mail flow rules to the SCL in messages](/microsoft-365/security/office-365-security/use-mail-flow-rules-to-set-the-spam-confidence-level-scl-in-messages?view=o365-21vianet) | modified |
-| 2/17/2021 | [End-user spam notifications in Microsoft 365](/microsoft-365/security/office-365-security/use-spam-notifications-to-release-and-report-quarantined-messages?view=o365-21vianet) | modified |
-| 2/17/2021 | [Remove yourself from the blocked senders list](/microsoft-365/security/office-365-security/use-the-delist-portal-to-remove-yourself-from-the-office-365-blocked-senders-lis?view=o365-21vianet) | modified |
-| 2/17/2021 | [Use mail flow rules to filter bulk email](/microsoft-365/security/office-365-security/use-transport-rules-to-configure-bulk-email-filtering?view=o365-21vianet) | modified |
-| 2/17/2021 | [User submissions policy](/microsoft-365/security/office-365-security/user-submission?view=o365-21vianet) | modified |
-| 2/17/2021 | [User tags in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/user-tags?view=o365-21vianet) | modified |
-| 2/17/2021 | [View and release quarantined messages from shared mailboxes](/microsoft-365/security/office-365-security/view-and-release-quarantined-messages-from-shared-mailboxes?view=o365-21vianet) | modified |
-| 2/17/2021 | [View email security reports in the Security & Compliance Center](/microsoft-365/security/office-365-security/view-email-security-reports?view=o365-21vianet) | modified |
-| 2/17/2021 | [View mail flow reports in the Reports dashboard](/microsoft-365/security/office-365-security/view-mail-flow-reports?view=o365-21vianet) | modified |
-| 2/17/2021 | [View Defender for Office 365 reports in the Reports dashboard](/microsoft-365/security/office-365-security/view-reports-for-atp?view=o365-21vianet) | modified |
-| 2/17/2021 | [View the admin audit log in standalone EOP](/microsoft-365/security/office-365-security/view-the-admin-audit-log-eop?view=o365-21vianet) | modified |
-| 2/17/2021 | [Built-in virus protection in SharePoint Online, OneDrive, and Microsoft Teams](/microsoft-365/security/office-365-security/virus-detection-in-spo?view=o365-21vianet) | modified |
-| 2/17/2021 | [Walkthrough - Spoof intelligence insight](/microsoft-365/security/office-365-security/walkthrough-spoof-intelligence-insight?view=o365-21vianet) | modified |
-| 2/17/2021 | [What&apos;s the difference between junk email and bulk email?](/microsoft-365/security/office-365-security/what-s-the-difference-between-junk-email-and-bulk-email?view=o365-21vianet) | modified |
-| 2/17/2021 | [What's new in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/whats-new-in-office-365-atp?view=o365-21vianet) | modified |
-| 2/17/2021 | [Zero-hour auto purge (ZAP)](/microsoft-365/security/office-365-security/zero-hour-auto-purge?view=o365-21vianet) | modified |
++++
+## Week of March 15, 2021
++
+| Published On |Topic title | Change |
+|||--|
+| 3/15/2021 | [Wipe a mobile device in Basic Mobility and Security](/microsoft-365/admin/basic-mobility-security/wipe-mobile-device?view=o365-21vianet) | modified |
+| 3/15/2021 | [Using Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-using?view=o365-21vianet) | modified |
+| 3/15/2021 | [Insider risk management alerts](/microsoft-365/compliance/insider-risk-management-alerts?view=o365-21vianet) | modified |
+| 3/15/2021 | [Insider risk management audit log](/microsoft-365/compliance/insider-risk-management-audit-log?view=o365-21vianet) | added |
+| 3/15/2021 | [Insider risk management cases](/microsoft-365/compliance/insider-risk-management-cases?view=o365-21vianet) | modified |
+| 3/15/2021 | [Get started with insider risk management](/microsoft-365/compliance/insider-risk-management-configure?view=o365-21vianet) | modified |
+| 3/15/2021 | [Insider risk management Content explorer](/microsoft-365/compliance/insider-risk-management-content-explorer?view=o365-21vianet) | modified |
+| 3/15/2021 | [Plan for insider risk management](/microsoft-365/compliance/insider-risk-management-plan?view=o365-21vianet) | modified |
+| 3/15/2021 | [Insider risk management policies](/microsoft-365/compliance/insider-risk-management-policies?view=o365-21vianet) | modified |
+| 3/15/2021 | [Insider risk management settings](/microsoft-365/compliance/insider-risk-management-settings?view=o365-21vianet) | modified |
+| 3/15/2021 | [Insider risk management in Microsoft 365](/microsoft-365/compliance/insider-risk-management-solution-overview?view=o365-21vianet) | modified |
+| 3/15/2021 | [Insider risk management Users dashboard](/microsoft-365/compliance/insider-risk-management-users?view=o365-21vianet) | modified |
+| 3/15/2021 | [Learn about insider risk management](/microsoft-365/compliance/insider-risk-management?view=o365-21vianet) | modified |
+| 3/15/2021 | [Microsoft 365 tenant-to-tenant migrations](/microsoft-365/enterprise/microsoft-365-tenant-to-tenant-migrations?view=o365-21vianet) | modified |
+| 3/15/2021 | [Use the Page Diagnostics tool for SharePoint Online](/microsoft-365/enterprise/page-diagnostics-for-spo?view=o365-21vianet) | modified |
+| 3/15/2021 | [Anti-malware protection FAQ](/microsoft-365/security/defender-365-security/anti-malware-protection-faq-eop?view=o365-21vianet) | modified |
+| 3/15/2021 | [Get started using Attack simulation training](/microsoft-365/security/defender-365-security/attack-simulation-training-get-started?view=o365-21vianet) | modified |
+| 3/15/2021 | [Zero-hour auto purge (ZAP)](/microsoft-365/security/defender-365-security/zero-hour-auto-purge?view=o365-21vianet) | modified |
+| 3/15/2021 | [Manage who can create Microsoft 365 Groups](/microsoft-365/solutions/manage-creation-of-groups?view=o365-21vianet) | modified |
+| 3/15/2021 | [About the Microsoft 365 Admin mobile app](/microsoft-365/admin/admin-overview/admin-mobile-app?view=o365-21vianet) | modified |
+| 3/15/2021 | [Get started with the Microsoft Compliance Extension (preview)](/microsoft-365/compliance/dlp-chrome-get-started?view=o365-21vianet) | added |
+| 3/15/2021 | [Learn about the Microsoft Compliance Extension (preview)](/microsoft-365/compliance/dlp-chrome-learn-about?view=o365-21vianet) | added |
+| 3/15/2021 | [Learn about the default data loss prevention policy in Microsoft Teams (preview)](/microsoft-365/compliance/dlp-teams-default-policy?view=o365-21vianet) | added |
+| 3/15/2021 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-21vianet) | modified |
+| 3/15/2021 | [Pre-work for the migration from Microsoft Cloud Deutschland](/microsoft-365/enterprise/ms-cloud-germany-transition-add-pre-work?view=o365-21vianet) | modified |
+| 3/15/2021 | [Migration phases actions and impacts for the migration from Microsoft Cloud Deutschland (general)](/microsoft-365/enterprise/ms-cloud-germany-transition-phases?view=o365-21vianet) | modified |
+| 3/15/2021 | [User submissions policy](/microsoft-365/security/defender-365-security/user-submission?view=o365-21vianet) | modified |
+| 3/16/2021 | [Microsoft Productivity Score](/microsoft-365/admin/productivity/productivity-score?view=o365-worldwide) | modified |
+| 3/16/2021 | [Get started with the Microsoft Compliance Extension (preview)](/microsoft-365/compliance/dlp-chrome-get-started?view=o365-21vianet) | modified |
+| 3/16/2021 | [Define information barrier policies](/microsoft-365/compliance/information-barriers-policies?view=o365-21vianet) | modified |
+| 3/16/2021 | [Learn about insider risk management](/microsoft-365/compliance/insider-risk-management?view=o365-21vianet) | modified |
+| 3/16/2021 | [Insider risk solutions](/microsoft-365/compliance/insider-risk-solution-overview?view=o365-21vianet) | modified |
+| 3/16/2021 | [Learn about retention for Teams](/microsoft-365/compliance/retention-policies-teams?view=o365-21vianet) | modified |
+| 3/16/2021 | [Collection statistics and reports](/microsoft-365/compliance/collection-statistics-reports?view=o365-21vianet) | added |
+| 3/16/2021 | [Overview of collections in Advanced eDiscovery](/microsoft-365/compliance/collections-overview?view=o365-21vianet) | added |
+| 3/16/2021 | [Commit a draft collection to a review set](/microsoft-365/compliance/commit-draft-collection?view=o365-21vianet) | added |
+| 3/16/2021 | [Create a draft collection](/microsoft-365/compliance/create-draft-collection?view=o365-21vianet) | added |
+| 3/16/2021 | [Communication compliance feature reference](/microsoft-365/compliance/communication-compliance-feature-reference?view=o365-21vianet) | modified |
+| 3/16/2021 | [Review conversations in Advanced eDiscovery](/microsoft-365/compliance/conversation-review-sets?view=o365-21vianet) | modified |
+| 3/16/2021 | [Create and manage Advanced eDiscovery cases in Microsoft 365](/microsoft-365/compliance/create-and-manage-advanced-ediscoveryv2-case?view=o365-21vianet) | modified |
+| 3/16/2021 | [Customer Key for Microsoft 365 at the tenant level (public preview)](/microsoft-365/compliance/customer-key-tenant-level?view=o365-21vianet) | modified |
+| 3/16/2021 | [Manage holds in Advanced eDiscovery](/microsoft-365/compliance/managing-holds?view=o365-21vianet) | modified |
+| 3/16/2021 | [Overview of the Advanced eDiscovery solution in Microsoft 365](/microsoft-365/compliance/overview-ediscovery-20?view=o365-21vianet) | modified |
+| 3/16/2021 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-21vianet) | modified |
+| 3/16/2021 | [Learn about sensitivity labels](/microsoft-365/compliance/sensitivity-labels?view=o365-21vianet) | modified |
+| 3/16/2021 | [View keyword statistics for Content Search results](/microsoft-365/compliance/view-keyword-statistics-for-content-search?view=o365-21vianet) | modified |
+| 3/16/2021 | [Content stored in Exchange Online mailboxes](/microsoft-365/compliance/what-is-stored-in-exo-mailbox?view=o365-21vianet) | modified |
+| 3/16/2021 | [AD FS migration steps for the migration from Microsoft Cloud Deutschland](/microsoft-365/enterprise/ms-cloud-germany-transition-add-adfs?view=o365-21vianet) | modified |
+| 3/16/2021 | [Evaluate Microsoft Defender for Office 365](/microsoft-365/security/defender-365-security/office-365-evaluation?view=o365-21vianet) | modified |
+| 3/16/2021 | [What is collaboration governance?](/microsoft-365/solutions/collaboration-governance-overview?view=o365-21vianet) | modified |
+| 3/16/2021 | [Create a secure guest sharing environment](/microsoft-365/solutions/create-secure-guest-sharing-environment?view=o365-21vianet) | modified |
+| 3/16/2021 | [Governing access in Microsoft 365 groups, Teams, and SharePoint](/microsoft-365/solutions/groups-teams-access-governance?view=o365-21vianet) | modified |
+| 3/16/2021 | [Compliance options for Microsoft 365 groups, Teams, and SharePoint collaboration](/microsoft-365/solutions/groups-teams-compliance-governance?view=o365-21vianet) | modified |
+| 3/16/2021 | [Manage who can create Microsoft 365 Groups](/microsoft-365/solutions/manage-creation-of-groups?view=o365-21vianet) | modified |
+| 3/17/2021 | [About registration numbers and under review notifications](/microsoft-365/commerce/about-registration-numbers?view=o365-21vianet) | modified |
+| 3/17/2021 | [Manage auto-claim policies](/microsoft-365/commerce/licenses/manage-auto-claim-policies?view=o365-21vianet) | modified |
+| 3/17/2021 | Advanced eDiscovery alignment with the EDRM | removed |
+| 3/17/2021 | [Create and manage Advanced eDiscovery cases in Microsoft 365](/microsoft-365/compliance/create-and-manage-advanced-ediscoveryv2-case?view=o365-21vianet) | modified |
+| 3/17/2021 | [eDiscovery solution series Data spillage scenario - Search and purge](/microsoft-365/compliance/data-spillage-scenariosearch-and-purge?view=o365-21vianet) | modified |
+| 3/17/2021 | [Set up Advanced eDiscovery in Microsoft 365](/microsoft-365/compliance/get-started-with-advanced-ediscovery?view=o365-21vianet) | modified |
+| 3/17/2021 | [Overview of the Advanced eDiscovery solution in Microsoft 365](/microsoft-365/compliance/overview-ediscovery-20?view=o365-21vianet) | modified |
+| 3/17/2021 | [Search the audit log in the Security & Compliance Center](/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-21vianet) | modified |
+| 3/17/2021 | [Get started with communication compliance](/microsoft-365/compliance/communication-compliance-configure?view=o365-21vianet) | modified |
+| 3/17/2021 | [Learn about communication compliance](/microsoft-365/compliance/communication-compliance?view=o365-21vianet) | modified |
+| 3/17/2021 | [Records Management in Microsoft 365](/microsoft-365/compliance/records-management?view=o365-21vianet) | modified |
+| 3/17/2021 | [Learn about retention for SharePoint and OneDrive](/microsoft-365/compliance/retention-policies-sharepoint?view=o365-21vianet) | modified |
+| 3/17/2021 | [First-run experience with Autopilot and the Enrollment Status Page](/microsoft-365/managed-desktop/get-started/esp-first-run?view=o365-21vianet) | modified |
+| 3/17/2021 | [Insider risk management cases](/microsoft-365/compliance/insider-risk-management-cases?view=o365-21vianet) | modified |
+| 3/17/2021 | [Get started with insider risk management](/microsoft-365/compliance/insider-risk-management-configure?view=o365-21vianet) | modified |
+| 3/17/2021 | [Insider risk management policies](/microsoft-365/compliance/insider-risk-management-policies?view=o365-21vianet) | modified |
+| 3/17/2021 | [Learn about insider risk management](/microsoft-365/compliance/insider-risk-management?view=o365-21vianet) | modified |
+| 3/17/2021 | [Manage Microsoft Rewards](/microsoft-365/admin/manage/manage-microsoft-rewards?view=o365-21vianet) | added |
+| 3/17/2021 | [Microsoft Bing News for Work](/microsoft-365/admin/misc/microsoft-bing-news-for-work?view=o365-21vianet) | added |
+| 3/17/2021 | [Get details about Basic Mobility and Security managed devices](/microsoft-365/admin/basic-mobility-security/get-details-about-managed-devices?view=o365-21vianet) | modified |
+| 3/17/2021 | Create DNS records at Bluehost for Microsoft | removed |
+| 3/17/2021 | [Microsoft 365 Business Premium resources # < 60 chars](/microsoft-365/business/index?view=o365-21vianet) | modified |
+| 3/17/2021 | [Plan for Microsoft Viva Topics](/microsoft-365/knowledge/plan-topic-experiences) | modified |
+| 3/17/2021 | [Set up Microsoft Viva Topics](/microsoft-365/knowledge/set-up-topic-experiences) | modified |
+| 3/18/2021 | [Create retention labels and apply them in apps to retain or delete content](/microsoft-365/compliance/create-apply-retention-labels?view=o365-21vianet) | modified |
+| 3/18/2021 | [Create and publish sensitivity labels](/microsoft-365/compliance/create-sensitivity-labels?view=o365-21vianet) | modified |
+| 3/18/2021 | [Records Management in Microsoft 365](/microsoft-365/compliance/records-management?view=o365-21vianet) | modified |
+| 3/18/2021 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-21vianet) | modified |
+| 3/18/2021 | [Microsoft 365 Client App Support: Certificate-based Authentication](/microsoft-365/enterprise/microsoft-365-client-support-certificate-based-authentication?view=o365-21vianet) | modified |
+| 3/18/2021 | [Microsoft 365 Client App Support: Conditional Access](/microsoft-365/enterprise/microsoft-365-client-support-conditional-access?view=o365-21vianet) | modified |
+| 3/18/2021 | [Microsoft 365 Client App Support: Multi-factor authentication](/microsoft-365/enterprise/microsoft-365-client-support-multi-factor-authentication?view=o365-21vianet) | modified |
+| 3/18/2021 | [Microsoft 365 Client App Support: Single Sign-On](/microsoft-365/enterprise/microsoft-365-client-support-single-sign-on?view=o365-21vianet) | modified |
+| 3/18/2021 | [Choose between Basic Mobility and Security and Intune](/microsoft-365/admin/basic-mobility-security/choose-between-basic-mobility-and-security-and-intune?view=o365-21vianet) | modified |
+| 3/18/2021 | [Create a custom sensitive information type using PowerShell](/microsoft-365/compliance/create-a-custom-sensitive-information-type-in-scc-powershell?view=o365-21vianet) | modified |
+| 3/18/2021 | [Create a keyword dictionary](/microsoft-365/compliance/create-a-keyword-dictionary?view=o365-21vianet) | modified |
+| 3/18/2021 | [Sensitive information type entity definitions](/microsoft-365/compliance/sensitive-information-type-entity-definitions?view=o365-21vianet) | modified |
+| 3/18/2021 | [Create an app to access Microsoft 365 Defender without a user](/microsoft-365/security/mtp/api-create-app-web?view=o365-21vianet) | modified |
+| 3/18/2021 | [Microsoft cloud architecture models - enterprise resource planning](/microsoft-365/solutions/cloud-architecture-models?view=o365-21vianet) | modified |
+| 3/18/2021 | [Use file plan to manage retention labels throughout the content lifecycle](/microsoft-365/compliance/file-plan-manager?view=o365-21vianet) | modified |
+| 3/18/2021 | [Evaluate Microsoft Defender for Office 365](/microsoft-365/security/defender-365-security/office-365-evaluation?view=o365-21vianet) | modified |
+| 3/18/2021 | [Steps to configure threat protection capabilities across Microsoft 365](/microsoft-365/solutions/deploy-threat-protection-configure?view=o365-21vianet) | modified |
+| 3/18/2021 | [Deploy threat protection capabilities across Microsoft 365](/microsoft-365/solutions/deploy-threat-protection?view=o365-21vianet) | modified |
+| 3/18/2021 | [Microsoft 365 solution and architecture center # < 60 chars](/microsoft-365/solutions/index?view=o365-21vianet) | modified |
+| 3/18/2021 | [Use AllowSelfServicePurchase for the MSCommerce PowerShell module](/microsoft-365/commerce/subscriptions/allowselfservicepurchase-powershell?view=o365-21vianet) | modified |
+| 3/18/2021 | [Communication compliance feature reference](/microsoft-365/compliance/communication-compliance-feature-reference?view=o365-21vianet) | modified |
+| 3/18/2021 | [What's new in Microsoft 365 compliance](/microsoft-365/compliance/whats-new?view=o365-21vianet) | modified |
+| 3/19/2021 | [Create DNS records at 123-reg.co.uk for Microsoft](/microsoft-365/admin/dns/create-dns-records-at-123-reg-co-uk?view=o365-21vianet) | modified |
+| 3/19/2021 | [Define mail flow rules to encrypt email messages](/microsoft-365/compliance/define-mail-flow-rules-to-encrypt-email?view=o365-21vianet) | modified |
+| 3/19/2021 | [Double Key Encryption (DKE)](/microsoft-365/compliance/double-key-encryption?view=o365-21vianet) | modified |
+| 3/19/2021 | [Migration phases actions and impacts for the migration from Microsoft Cloud Deutschland (general)](/microsoft-365/enterprise/ms-cloud-germany-transition-phases?view=o365-21vianet) | modified |
+| 3/19/2021 | [Microsoft Viva Topics security trimming](/microsoft-365/knowledge/topic-experiences-security-trimming) | modified |
++
+## Week of February 15, 2021
++
+| Published On |Topic title | Change |
+|||--|
+| 2/16/2021 | [Automatically apply a retention label to retain or delete content](/microsoft-365/compliance/apply-retention-labels-automatically?view=o365-21vianet) | modified |
+| 2/16/2021 | [Limits for retention policies and retention label policies](/microsoft-365/compliance/retention-limits?view=o365-21vianet) | added |
+| 2/16/2021 | [Create and configure retention policies to automatically retain or delete content](/microsoft-365/compliance/create-retention-policies?view=o365-21vianet) | modified |
+| 2/16/2021 | [Restrict access to content using sensitivity labels to apply encryption](/microsoft-365/compliance/encryption-sensitivity-labels?view=o365-21vianet) | modified |
+| 2/16/2021 | [Get started with insider risk management](/microsoft-365/compliance/insider-risk-management-configure?view=o365-21vianet) | modified |
+| 2/16/2021 | [Plan for insider risk management](/microsoft-365/compliance/insider-risk-management-plan?view=o365-21vianet) | modified |
+| 2/16/2021 | [Learn about retention for Teams](/microsoft-365/compliance/retention-policies-teams?view=o365-21vianet) | modified |
+| 2/16/2021 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-21vianet) | modified |
+| 2/16/2021 | [Use sensitivity labels with Microsoft Teams, Microsoft 365 groups, and SharePoint sites](/microsoft-365/compliance/sensitivity-labels-teams-groups-sites?view=o365-21vianet) | modified |
+| 2/16/2021 | [Set up Microsoft Viva Topics](/microsoft-365/knowledge/set-up-topic-experiences) | modified |
+| 2/16/2021 | [Safe Attachments](/microsoft-365/security/defender-365-security/atp-safe-attachments?view=o365-21vianet) | modified |
+| 2/16/2021 | [Protection features in Azure Information Protection rolling out to existing tenants](/microsoft-365/security/defender-365-security/azure-ip-protection-features?view=o365-21vianet) | modified |
+| 2/16/2021 | [Application Guard for Office 365 for admins](/microsoft-365/security/defender-365-security/install-app-guard?view=o365-21vianet) | modified |
+| 2/16/2021 | [Monitor for leaks of personal data](/microsoft-365/security/defender-365-security/monitor-for-leaks-of-personal-data?view=o365-21vianet) | modified |
+| 2/16/2021 | [Remove blocked users from the Restricted Users portal](/microsoft-365/security/defender-365-security/removing-user-from-restricted-users-portal-after-spam?view=o365-21vianet) | modified |
+| 2/16/2021 | [Collaborating with people outside your organization](/microsoft-365/solutions/collaborate-with-people-outside-your-organization?view=o365-21vianet) | modified |
+| 2/17/2021 | [Manage billing accounts](/microsoft-365/commerce/manage-billing-accounts?view=o365-21vianet) | modified |
+| 2/17/2021 | [Data loss prevention and Microsoft Teams](/microsoft-365/compliance/dlp-microsoft-teams?view=o365-21vianet) | modified |
+| 2/17/2021 | [Learn about Microsoft 365 Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-learn-about?view=o365-21vianet) | modified |
+| 2/17/2021 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-21vianet) | modified |
+| 2/17/2021 | [Enable sensitivity labels for Office files in SharePoint and OneDrive](/microsoft-365/compliance/sensitivity-labels-sharepoint-onedrive-files?view=o365-21vianet) | modified |
+| 2/17/2021 | [Create a new topic in Microsoft Viva Topics](/microsoft-365/knowledge/create-a-topic) | modified |
+| 2/17/2021 | [Edit an existing topic in Microsoft Viva Topics ](/microsoft-365/knowledge/edit-a-topic) | modified |
+| 2/17/2021 | [Microsoft Viva Topics security trimming](/microsoft-365/knowledge/topic-experiences-security-trimming) | modified |
+| 2/17/2021 | [Create a shared mailbox](/microsoft-365/admin/email/create-a-shared-mailbox?view=o365-21vianet) | modified |
+| 2/17/2021 | [Create a custom sensitive information type using PowerShell](/microsoft-365/compliance/create-a-custom-sensitive-information-type-in-scc-powershell?view=o365-21vianet) | modified |
+| 2/17/2021 | [Customer Key for Microsoft 365 at the tenant level (public preview)](/microsoft-365/compliance/customer-key-tenant-level?view=o365-21vianet) | modified |
+| 2/17/2021 | [Define information barrier policies](/microsoft-365/compliance/information-barriers-policies?view=o365-21vianet) | modified |
+| 2/17/2021 | [Create a DLP policy to protect documents with FCI or other properties](/microsoft-365/compliance/protect-documents-that-have-fci-or-other-properties?view=o365-21vianet) | modified |
+| 2/17/2021 | [Sensitive information type entity definitions](/microsoft-365/compliance/sensitive-information-type-entity-definitions?view=o365-21vianet) | modified |
+| 2/17/2021 | [Connect to Microsoft 365 with PowerShell](/microsoft-365/enterprise/connect-to-microsoft-365-powershell?view=o365-21vianet) | modified |
+| 2/17/2021 | [Optimize custom extensions in SharePoint Online modern site pages](/microsoft-365/enterprise/modern-custom-extensions?view=o365-21vianet) | modified |
+| 2/17/2021 | [Windows and Office deployment lab kit](/microsoft-365/enterprise/modern-desktop-deployment-and-management-lab?view=o365-21vianet) | modified |
+| 2/17/2021 | [Optimize web part performance in SharePoint Online modern site pages](/microsoft-365/enterprise/modern-web-part-optimization?view=o365-21vianet) | modified |
+| 2/17/2021 | [Protect your Microsoft 365 global administrator accounts](/microsoft-365/enterprise/protect-your-global-administrator-accounts?view=o365-21vianet) | modified |
+| 2/17/2021 | [Remove Microsoft 365 licenses from user accounts with PowerShell](/microsoft-365/enterprise/remove-licenses-from-user-accounts-with-microsoft-365-powershell?view=o365-21vianet) | modified |
+| 2/17/2021 | [Change history for Microsoft Managed Desktop documentation](/microsoft-365/managed-desktop/change-history-managed-desktop?view=o365-21vianet) | modified |
+| 2/17/2021 | [Compliance](/microsoft-365/managed-desktop/intro/compliance?view=o365-21vianet) | modified |
+| 2/17/2021 | [What's new in Microsoft Secure Score](/microsoft-365/security/mtp/microsoft-secure-score-whats-new?view=o365-21vianet) | modified |
+| 2/17/2021 | [Preview features in Microsoft 365 Defender](/microsoft-365/security/mtp/preview?view=o365-21vianet) | modified |
+| 2/17/2021 | [About the Microsoft Defender for Office 365 trial](/microsoft-365/security/defender-365-security/about-defender-for-office-365-trial?view=o365-21vianet) | modified |
+| 2/17/2021 | [Address compromised user accounts with automated investigation and response](/microsoft-365/security/defender-365-security/address-compromised-users-quickly?view=o365-21vianet) | modified |
+| 2/17/2021 | [Admin submissions](/microsoft-365/security/defender-365-security/admin-submission?view=o365-21vianet) | modified |
+| 2/17/2021 | [ASF settings in EOP](/microsoft-365/security/defender-365-security/advanced-spam-filtering-asf-options?view=o365-21vianet) | modified |
+| 2/17/2021 | [Custom reporting solutions with automated investigation and response](/microsoft-365/security/defender-365-security/air-custom-reporting?view=o365-21vianet) | modified |
+| 2/17/2021 | [Remediation actions in Microsoft Defender for Office 365](/microsoft-365/security/defender-365-security/air-remediation-actions?view=o365-21vianet) | modified |
+| 2/17/2021 | [How to report false positives or false negatives following automated investigation in Microsoft Defender for Office 365](/microsoft-365/security/defender-365-security/air-report-false-positives-negatives?view=o365-21vianet) | modified |
+| 2/17/2021 | [Review and manage remediation actions in Microsoft Defender for Office 365](/microsoft-365/security/defender-365-security/air-review-approve-pending-completed-actions?view=o365-21vianet) | modified |
+| 2/17/2021 | [View the results of an automated investigation in Microsoft 365](/microsoft-365/security/defender-365-security/air-view-investigation-results?view=o365-21vianet) | modified |
+| 2/17/2021 | [Alerts in the Security & Compliance Center](/microsoft-365/security/defender-365-security/alerts?view=o365-21vianet) | modified |
+| 2/17/2021 | [Anti-malware protection FAQ](/microsoft-365/security/defender-365-security/anti-malware-protection-faq-eop?view=o365-21vianet) | modified |
+| 2/17/2021 | [Anti-malware protection](/microsoft-365/security/defender-365-security/anti-malware-protection?view=o365-21vianet) | modified |
+| 2/17/2021 | [Anti-phishing protection](/microsoft-365/security/defender-365-security/anti-phishing-protection?view=o365-21vianet) | modified |
+| 2/17/2021 | [Anti-spam and anti-malware protection](/microsoft-365/security/defender-365-security/anti-spam-and-anti-malware-protection?view=o365-21vianet) | modified |
+| 2/17/2021 | [Anti-spam message headers](/microsoft-365/security/defender-365-security/anti-spam-message-headers?view=o365-21vianet) | modified |
+| 2/17/2021 | [Anti-spam protection FAQ](/microsoft-365/security/defender-365-security/anti-spam-protection-faq?view=o365-21vianet) | modified |
+| 2/17/2021 | [Anti-spam protection](/microsoft-365/security/defender-365-security/anti-spam-protection?view=o365-21vianet) | modified |
+| 2/17/2021 | [Anti-spoofing protection FAQ](/microsoft-365/security/defender-365-security/anti-spoofing-protection-faq?view=o365-21vianet) | modified |
+| 2/17/2021 | [Anti-spoofing protection](/microsoft-365/security/defender-365-security/anti-spoofing-protection?view=o365-21vianet) | modified |
+| 2/17/2021 | [Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](/microsoft-365/security/defender-365-security/atp-for-spo-odb-and-teams?view=o365-21vianet) | modified |
+| 2/17/2021 | [Safe Attachments](/microsoft-365/security/defender-365-security/atp-safe-attachments?view=o365-21vianet) | modified |
+| 2/17/2021 | [Safe Links](/microsoft-365/security/defender-365-security/atp-safe-links?view=o365-21vianet) | modified |
+| 2/17/2021 | [Get started using Attack simulation training](/microsoft-365/security/defender-365-security/attack-simulation-training-get-started?view=o365-21vianet) | modified |
+| 2/17/2021 | [Gain insights through Attack simulation training](/microsoft-365/security/defender-365-security/attack-simulation-training-insights?view=o365-21vianet) | modified |
+| 2/17/2021 | [Attack Simulator in Microsoft Defender for Office 365](/microsoft-365/security/defender-365-security/attack-simulator?view=o365-21vianet) | modified |
+| 2/17/2021 | [Auditing reports in standalone EOP](/microsoft-365/security/defender-365-security/auditing-reports-in-eop?view=o365-21vianet) | modified |
+| 2/17/2021 | [How automated investigation and response works in Microsoft Defender for Office 365](/microsoft-365/security/defender-365-security/automated-investigation-response-office?view=o365-21vianet) | modified |
+| 2/17/2021 | [Protection features in Azure Information Protection rolling out to existing tenants](/microsoft-365/security/defender-365-security/azure-ip-protection-features?view=o365-21vianet) | modified |
+| 2/17/2021 | [Backscatter in EOP](/microsoft-365/security/defender-365-security/backscatter-messages-and-eop?view=o365-21vianet) | modified |
+| 2/17/2021 | [Best practices for configuring EOP](/microsoft-365/security/defender-365-security/best-practices-for-configuring-eop?view=o365-21vianet) | modified |
+| 2/17/2021 | [Bulk complaint level values](/microsoft-365/security/defender-365-security/bulk-complaint-level-values?view=o365-21vianet) | modified |
+| 2/17/2021 | [Campaign Views in Microsoft Defender for Office 365 Plan](/microsoft-365/security/defender-365-security/campaigns?view=o365-21vianet) | modified |
+| 2/17/2021 | [Configuration analyzer for security policies](/microsoft-365/security/defender-365-security/configuration-analyzer-for-security-policies?view=o365-21vianet) | modified |
+| 2/17/2021 | [Configure anti-malware policies](/microsoft-365/security/defender-365-security/configure-anti-malware-policies?view=o365-21vianet) | modified |
+| 2/17/2021 | [Configure anti-phishing policies in EOP](/microsoft-365/security/defender-365-security/configure-anti-phishing-policies-eop?view=o365-21vianet) | modified |
+| 2/17/2021 | [Configure anti-phishing policies in Microsoft Defender for Office 365](/microsoft-365/security/defender-365-security/configure-atp-anti-phishing-policies?view=o365-21vianet) | modified |
+| 2/17/2021 | [Configure global settings for Safe Links settings in Defender for Office 365](/microsoft-365/security/defender-365-security/configure-global-settings-for-safe-links?view=o365-21vianet) | modified |
+| 2/17/2021 | [Configure groups & users - Political campaign dev/test environment](/microsoft-365/security/defender-365-security/configure-groups-and-users-for-a-political-campaign-dev-test-environment?view=o365-21vianet) | modified |
+| 2/17/2021 | [Configure junk email settings on Exchange Online mailboxes](/microsoft-365/security/defender-365-security/configure-junk-email-settings-on-exo-mailboxes?view=o365-21vianet) | modified |
+| 2/17/2021 | [Configure S/MIME settings - Exchange Online for Outlook on web](/microsoft-365/security/defender-365-security/configure-s-mime-settings-for-outlook-web-app?view=o365-21vianet) | modified |
+| 2/17/2021 | [Configure the default connection filter policy](/microsoft-365/security/defender-365-security/configure-the-connection-filter-policy?view=o365-21vianet) | modified |
+| 2/17/2021 | [Configure outbound spam filtering](/microsoft-365/security/defender-365-security/configure-the-outbound-spam-policy?view=o365-21vianet) | modified |
+| 2/17/2021 | [Configure spam filter policies](/microsoft-365/security/defender-365-security/configure-your-spam-filter-policies?view=o365-21vianet) | modified |
+| 2/17/2021 | [Create blocked sender lists](/microsoft-365/security/defender-365-security/create-block-sender-lists-in-office-365?view=o365-21vianet) | modified |
+| 2/17/2021 | [Create safe sender lists](/microsoft-365/security/defender-365-security/create-safe-sender-lists-in-office-365?view=o365-21vianet) | modified |
+| 2/17/2021 | [Create team sites - Political campaign dev environment](/microsoft-365/security/defender-365-security/create-team-sites-in-a-political-campaign-dev-test-environment?view=o365-21vianet) | modified |
+| 2/17/2021 | [Delegated administration FAQ](/microsoft-365/security/defender-365-security/delegated-administration-faq?view=o365-21vianet) | modified |
+| 2/17/2021 | [Deploy an isolated SharePoint Online team site](/microsoft-365/security/defender-365-security/deploy-an-isolated-sharepoint-online-team-site?view=o365-21vianet) | modified |
+| 2/17/2021 | [Design an isolated SharePoint Online team site](/microsoft-365/security/defender-365-security/design-an-isolated-sharepoint-online-team-site?view=o365-21vianet) | modified |
+| 2/17/2021 | [Detect and Remediate Illicit Consent Grants](/microsoft-365/security/defender-365-security/detect-and-remediate-illicit-consent-grants?view=o365-21vianet) | modified |
+| 2/17/2021 | [Detect and remediate the Outlook rules and custom forms injections attacks.](/microsoft-365/security/defender-365-security/detect-and-remediate-outlook-rules-forms-attack?view=o365-21vianet) | modified |
+| 2/17/2021 | [Email authentication in Microsoft 365](/microsoft-365/security/defender-365-security/email-validation-and-authentication?view=o365-21vianet) | modified |
+| 2/17/2021 | [Enable the Report Message add-in](/microsoft-365/security/defender-365-security/enable-the-report-message-add-in?view=o365-21vianet) | modified |
+| 2/17/2021 | [Enable the Report Phish add-in](/microsoft-365/security/defender-365-security/enable-the-report-phish-add-in?view=o365-21vianet) | modified |
+| 2/17/2021 | [Configure EOP to junk spam in hybrid environments](/microsoft-365/security/defender-365-security/ensure-that-spam-is-routed-to-each-user-s-junk-email-folder?view=o365-21vianet) | modified |
+| 2/17/2021 | [EOP features](/microsoft-365/security/defender-365-security/eop-features?view=o365-21vianet) | modified |
+| 2/17/2021 | [EOP general FAQ](/microsoft-365/security/defender-365-security/eop-general-faq?view=o365-21vianet) | modified |
+| 2/17/2021 | [EOP queued, deferred, and bounced messages FAQ](/microsoft-365/security/defender-365-security/eop-queued-deferred-and-bounced-messages-faq?view=o365-21vianet) | modified |
+| 2/17/2021 | [Exchange admin center in standalone EOP](/microsoft-365/security/defender-365-security/exchange-admin-center-in-exchange-online-protection-eop?view=o365-21vianet) | modified |
+| 2/17/2021 | [Exchange Online Protection (EOP) overview](/microsoft-365/security/defender-365-security/exchange-online-protection-overview?view=o365-21vianet) | modified |
+| 2/17/2021 | [Configuring and controlling external email forwarding, Automatic forwarding, 5.7.520 Access Denied, disable external forwarding, Your administrator has disabled external forwarding, outbound anti-spam policy](/microsoft-365/security/defender-365-security/external-email-forwarding?view=o365-21vianet) | modified |
+| 2/17/2021 | [Feature permissions in EOP](/microsoft-365/security/defender-365-security/feature-permissions-in-eop?view=o365-21vianet) | modified |
+| 2/17/2021 | [Find and release quarantined messages as a user](/microsoft-365/security/defender-365-security/find-and-release-quarantined-messages-as-a-user?view=o365-21vianet) | modified |
+| 2/17/2021 | [Give users access to the Security & Compliance Center](/microsoft-365/security/defender-365-security/grant-access-to-the-security-and-compliance-center?view=o365-21vianet) | modified |
+| 2/17/2021 | [Help and support for EOP](/microsoft-365/security/defender-365-security/help-and-support-for-eop?view=o365-21vianet) | modified |
+| 2/17/2021 | [Outbound delivery pools](/microsoft-365/security/defender-365-security/high-risk-delivery-pool-for-outbound-messages?view=o365-21vianet) | modified |
+| 2/17/2021 | [How Sender Policy Framework (SPF) prevents spoofing](/microsoft-365/security/defender-365-security/how-office-365-uses-spf-to-prevent-spoofing?view=o365-21vianet) | modified |
+| 2/17/2021 | [How EOP validates the From address to prevent phishing](/microsoft-365/security/defender-365-security/how-office-365-validates-the-from-address?view=o365-21vianet) | modified |
+| 2/17/2021 | [Order and precedence of email protection](/microsoft-365/security/defender-365-security/how-policies-and-protections-are-combined?view=o365-21vianet) | modified |
+| 2/17/2021 | [Common identity and device access policies - Microsoft 365 for enterprise \| Microsoft Docs](/microsoft-365/security/defender-365-security/identity-access-policies?view=o365-21vianet) | modified |
+| 2/17/2021 | [Prerequisite work for implementing identity and device access policies - Microsoft 365 for enterprise \| Microsoft Docs](/microsoft-365/security/defender-365-security/identity-access-prerequisites?view=o365-21vianet) | modified |
+| 2/17/2021 | [Office 365 Security, Microsoft Defender for Office 365, EOP, MSDO](/microsoft-365/security/defender-365-security/index?view=o365-21vianet) | modified |
+| 2/17/2021 | [Investigate malicious email that was delivered in Office 365, Find and investigate malicious email](/microsoft-365/security/defender-365-security/investigate-malicious-email-that-was-delivered?view=o365-21vianet) | modified |
+| 2/17/2021 | [Isolated SharePoint Online team site dev/test environment](/microsoft-365/security/defender-365-security/isolated-sharepoint-online-team-site-dev-test-environment?view=o365-21vianet) | modified |
+| 2/17/2021 | [Isolated SharePoint Online team sites](/microsoft-365/security/defender-365-security/isolated-sharepoint-online-team-sites?view=o365-21vianet) | modified |
+| 2/17/2021 | [Install and use the Junk Email Reporting add-in for Microsoft Outlook](/microsoft-365/security/defender-365-security/junk-email-reporting-add-in-for-microsoft-outlook?view=o365-21vianet) | modified |
+| 2/17/2021 | [Configure spoof intelligence](/microsoft-365/security/defender-365-security/learn-about-spoof-intelligence?view=o365-21vianet) | modified |
+| 2/17/2021 | [Mail flow in EOP](/microsoft-365/security/defender-365-security/mail-flow-in-eop?view=o365-21vianet) | modified |
+| 2/17/2021 | [Mail flow insights in the Mail flow dashboard](/microsoft-365/security/defender-365-security/mail-flow-insights-v2?view=o365-21vianet) | modified |
+| 2/17/2021 | [Mail flow intelligence](/microsoft-365/security/defender-365-security/mail-flow-intelligence-in-office-365?view=o365-21vianet) | modified |
+| 2/17/2021 | [Mail flow rules in EOP](/microsoft-365/security/defender-365-security/mail-flow-rules-transport-rules-0?view=o365-21vianet) | modified |
+| 2/17/2021 | [Manage role groups in EOP](/microsoft-365/security/defender-365-security/manage-admin-role-group-permissions-in-eop?view=o365-21vianet) | modified |
+| 2/17/2021 | [Manage an isolated SharePoint Online team site](/microsoft-365/security/defender-365-security/manage-an-isolated-sharepoint-online-team-site?view=o365-21vianet) | modified |
+| 2/17/2021 | [Manage groups in EOP](/microsoft-365/security/defender-365-security/manage-groups-in-eop?view=o365-21vianet) | modified |
+| 2/17/2021 | [Manage mail users in standalone EOP](/microsoft-365/security/defender-365-security/manage-mail-users-in-eop?view=o365-21vianet) | modified |
+| 2/17/2021 | [Manage quarantined messages and files as an admin](/microsoft-365/security/defender-365-security/manage-quarantined-messages-and-files?view=o365-21vianet) | modified |
+| 2/17/2021 | [Manage recipients in standalone EOP](/microsoft-365/security/defender-365-security/manage-recipients-in-eop?view=o365-21vianet) | modified |
+| 2/17/2021 | [The Microsoft Defender for Office 365 (MDO) email entity page](/microsoft-365/security/defender-365-security/mdo-email-entity-page?view=o365-21vianet) | modified |
+| 2/17/2021 | [Message trace in the Security & Compliance Center](/microsoft-365/security/defender-365-security/message-trace-scc?view=o365-21vianet) | modified |
+| 2/17/2021 | [Auto-forwarded messages insight](/microsoft-365/security/defender-365-security/mfi-auto-forwarded-messages-report?view=o365-21vianet) | modified |
+| 2/17/2021 | [Top domain mail flow status insight in the Mail flow dashboard](/microsoft-365/security/defender-365-security/mfi-domain-mail-flow-status-insight?view=o365-21vianet) | modified |
+| 2/17/2021 | [Mail flow map](/microsoft-365/security/defender-365-security/mfi-mail-flow-map-report?view=o365-21vianet) | modified |
+| 2/17/2021 | [Fix possible mail loop insight](/microsoft-365/security/defender-365-security/mfi-mail-loop-insight?view=o365-21vianet) | modified |
+| 2/17/2021 | [New domains being forwarded email insight](/microsoft-365/security/defender-365-security/mfi-new-domains-being-forwarded-email?view=o365-21vianet) | modified |
+| 2/17/2021 | [New users forwarding email insight](/microsoft-365/security/defender-365-security/mfi-new-users-forwarding-email?view=o365-21vianet) | modified |
+| 2/17/2021 | [Non-accepted domain report in the Mail flow dashboard](/microsoft-365/security/defender-365-security/mfi-non-accepted-domain-report?view=o365-21vianet) | modified |
+| 2/17/2021 | [Non-delivery report in the Mail flow dashboard](/microsoft-365/security/defender-365-security/mfi-non-delivery-report?view=o365-21vianet) | modified |
+| 2/17/2021 | [Outbound and inbound mail flow insight in the Mail flow dashboard](/microsoft-365/security/defender-365-security/mfi-outbound-and-inbound-mail-flow?view=o365-21vianet) | modified |
+| 2/17/2021 | [Queues insight in the Mail flow dashboard](/microsoft-365/security/defender-365-security/mfi-queue-alerts-and-queues?view=o365-21vianet) | modified |
+| 2/17/2021 | [Fix slow mail flow rules insight](/microsoft-365/security/defender-365-security/mfi-slow-mail-flow-rules-insight?view=o365-21vianet) | modified |
+| 2/17/2021 | [SMTP Auth clients insight and report in the Mail flow dashboard](/microsoft-365/security/defender-365-security/mfi-smtp-auth-clients-report?view=o365-21vianet) | modified |
+| 2/17/2021 | [Identity and device access configurations - Microsoft 365 for enterprise](/microsoft-365/security/defender-365-security/microsoft-365-policies-configurations?view=o365-21vianet) | modified |
+| 2/17/2021 | [Microsoft Report Message and Report Phishing Add-In license terms](/microsoft-365/security/defender-365-security/microsoft-message-phishing-report-terms?view=o365-21vianet) | modified |
+| 2/17/2021 | [Microsoft Security Guidance - Political campaigns & nonprofits](/microsoft-365/security/defender-365-security/microsoft-security-guidance-for-political-campaigns-nonprofits-and-other-agile-o?view=o365-21vianet) | modified |
+| 2/17/2021 | [Monitor for leaks of personal data](/microsoft-365/security/defender-365-security/monitor-for-leaks-of-personal-data?view=o365-21vianet) | modified |
+| 2/17/2021 | [Move domains & settings from one EOP organization to another](/microsoft-365/security/defender-365-security/move-domains-and-settings-from-one-eop-organization-to-another-eop-organization?view=o365-21vianet) | modified |
+| 2/17/2021 | [Automated investigation and response in Microsoft Defender for Office 365](/microsoft-365/security/defender-365-security/office-365-air?view=o365-21vianet) | modified |
+| 2/17/2021 | [Microsoft Defender for Office 365](/microsoft-365/security/defender-365-security/office-365-atp?view=o365-21vianet) | modified |
+| 2/17/2021 | [Evaluate Microsoft Defender for Office 365](/microsoft-365/security/defender-365-security/office-365-evaluation?view=o365-21vianet) | modified |
+| 2/17/2021 | [Threat investigation & response capabilities - Microsoft Defender for Office 365 Plan 2](/microsoft-365/security/defender-365-security/office-365-ti?view=o365-21vianet) | modified |
+| 2/17/2021 | [Security Incident Response](/microsoft-365/security/defender-365-security/office365-security-incident-response-overview?view=o365-21vianet) | modified |
+| 2/17/2021 | [Outbound spam protection](/microsoft-365/security/defender-365-security/outbound-spam-controls?view=o365-21vianet) | modified |
+| 2/17/2021 | [Permissions - Security & Compliance Center](/microsoft-365/security/defender-365-security/permissions-in-the-security-and-compliance-center?view=o365-21vianet) | modified |
+| 2/17/2021 | [Permissions in the Microsoft 365 security and compliance centers](/microsoft-365/security/defender-365-security/permissions-microsoft-365-compliance-security?view=o365-21vianet) | modified |
+| 2/17/2021 | [Preset security policies](/microsoft-365/security/defender-365-security/preset-security-policies?view=o365-21vianet) | modified |
+| 2/17/2021 | [Protect against threats](/microsoft-365/security/defender-365-security/protect-against-threats?view=o365-21vianet) | modified |
+| 2/17/2021 | [Protect on-premises mailboxes in China with standalone EOP](/microsoft-365/security/defender-365-security/protect-on-premises-mailboxes-with-exchange-online-protection?view=o365-21vianet) | modified |
+| 2/17/2021 | [Quarantined email messages](/microsoft-365/security/defender-365-security/quarantine-email-messages?view=o365-21vianet) | modified |
+| 2/17/2021 | [Quarantined messages FAQ](/microsoft-365/security/defender-365-security/quarantine-faq?view=o365-21vianet) | modified |
+| 2/17/2021 | [Quarantine tags](/microsoft-365/security/defender-365-security/quarantine-tags?view=o365-21vianet) | modified |
+| 2/17/2021 | [Microsoft recommendations for EOP and Defender for Office 365 security settings](/microsoft-365/security/defender-365-security/recommended-settings-for-eop-and-office365-atp?view=o365-21vianet) | modified |
+| 2/17/2021 | [Recover from a ransomware attack](/microsoft-365/security/defender-365-security/recover-from-ransomware?view=o365-21vianet) | modified |
+| 2/17/2021 | [Use mail flow rules to block messages with executable attachments](/microsoft-365/security/defender-365-security/reducing-malware-threats-through-file-attachment-blocking-in-exchange-online-pro?view=o365-21vianet) | modified |
+| 2/17/2021 | [Reference Policies, practices, and guidelines](/microsoft-365/security/defender-365-security/reference-policies-practices-and-guidelines?view=o365-21vianet) | modified |
+| 2/17/2021 | [Remediate malicious email that was delivered in Office 365](/microsoft-365/security/defender-365-security/remediate-malicious-email-delivered-office-365?view=o365-21vianet) | modified |
+| 2/17/2021 | [Remove blocked users from the Restricted Users portal](/microsoft-365/security/defender-365-security/removing-user-from-restricted-users-portal-after-spam?view=o365-21vianet) | modified |
+| 2/17/2021 | [Report junk and phishing email in Outlook for iOS and Android](/microsoft-365/security/defender-365-security/report-junk-email-and-phishing-scams-in-outlook-for-ios-and-android?view=o365-21vianet) | modified |
+| 2/17/2021 | [Report junk and phishing email in Outlook on the web](/microsoft-365/security/defender-365-security/report-junk-email-and-phishing-scams-in-outlook-on-the-web-eop?view=o365-21vianet) | modified |
+| 2/17/2021 | [Report spam, non-spam, and phishing messages to Microsoft](/microsoft-365/security/defender-365-security/report-junk-email-messages-to-microsoft?view=o365-21vianet) | modified |
+| 2/17/2021 | [Reporting and message trace](/microsoft-365/security/defender-365-security/reporting-and-message-trace-in-exchange-online-protection?view=o365-21vianet) | modified |
+| 2/17/2021 | [Smart reports, insights - Microsoft 365 Security & Compliance Center](/microsoft-365/security/defender-365-security/reports-and-insights-in-security-and-compliance?view=o365-21vianet) | modified |
+| 2/17/2021 | [Responding to a Compromised Email Account](/microsoft-365/security/defender-365-security/responding-to-a-compromised-email-account?view=o365-21vianet) | modified |
+| 2/17/2021 | [Run an administrator role group report in standalone EOP](/microsoft-365/security/defender-365-security/run-an-administrator-role-group-report-in-eop-eop?view=o365-21vianet) | modified |
+| 2/17/2021 | [S/MIME for encryption in Exchange Online - Office 365](/microsoft-365/security/defender-365-security/s-mime-for-message-signing-and-encryption?view=o365-21vianet) | modified |
+| 2/17/2021 | [Safe Documents in Microsoft Defender for Office 365](/microsoft-365/security/defender-365-security/safe-docs?view=o365-21vianet) | modified |
+| 2/17/2021 | [Safety tips in email messages](/microsoft-365/security/defender-365-security/safety-tips-in-office-365?view=o365-21vianet) | modified |
+| 2/17/2021 | [Sample script for EOP settings - multiple tenants](/microsoft-365/security/defender-365-security/sample-script-for-applying-eop-settings-to-multiple-tenants?view=o365-21vianet) | modified |
+| 2/17/2021 | [Secure by default in Office 365](/microsoft-365/security/defender-365-security/secure-by-default?view=o365-21vianet) | modified |
+| 2/17/2021 | [Secure email recommended policies - Microsoft 365 for enterprise \| Microsoft Docs](/microsoft-365/security/defender-365-security/secure-email-recommended-policies?view=o365-21vianet) | modified |
+| 2/17/2021 | [Security recommendations for priority accounts in Microsoft 365, priority accounts, priority accounts in Office 365, priority accounts in Microsoft 365](/microsoft-365/security/defender-365-security/security-recommendations-for-priority-accounts?view=o365-21vianet) | modified |
+| 2/17/2021 | [Microsoft 365 security roadmap - Top priorities](/microsoft-365/security/defender-365-security/security-roadmap?view=o365-21vianet) | modified |
+| 2/17/2021 | [Anti-phishing policies](/microsoft-365/security/defender-365-security/set-up-anti-phishing-policies?view=o365-21vianet) | modified |
+| 2/17/2021 | [Set up Safe Attachments policies in Microsoft Defender for Office 365](/microsoft-365/security/defender-365-security/set-up-atp-safe-attachments-policies?view=o365-21vianet) | modified |
+| 2/17/2021 | [Set up Safe Links policies in Microsoft Defender for Office 365](/microsoft-365/security/defender-365-security/set-up-atp-safe-links-policies?view=o365-21vianet) | modified |
+| 2/17/2021 | [Set up SPF to help prevent spoofing](/microsoft-365/security/defender-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing?view=o365-21vianet) | modified |
+| 2/17/2021 | [Set up your standalone EOP service](/microsoft-365/security/defender-365-security/set-up-your-eop-service?view=o365-21vianet) | modified |
+| 2/17/2021 | [Recommended secure document policies - Microsoft 365 for enterprise \| Microsoft Docs](/microsoft-365/security/defender-365-security/sharepoint-file-access-policies?view=o365-21vianet) | modified |
+| 2/17/2021 | [SIEM integration with Microsoft Defender for Office 365](/microsoft-365/security/defender-365-security/siem-integration-with-office-365-ti?view=o365-21vianet) | modified |
+| 2/17/2021 | [SIEM server integration with Microsoft 365 services and applications](/microsoft-365/security/defender-365-security/siem-server-integration?view=o365-21vianet) | modified |
+| 2/17/2021 | [Spam confidence level](/microsoft-365/security/defender-365-security/spam-confidence-levels?view=o365-21vianet) | modified |
+| 2/17/2021 | [Manually submit messages to Microsoft for analysis](/microsoft-365/security/defender-365-security/submit-spam-non-spam-and-phishing-scam-messages-to-microsoft-for-analysis?view=o365-21vianet) | modified |
+| 2/17/2021 | [Submit malware and non-malware to Microsoft for analysis](/microsoft-365/security/defender-365-security/submitting-malware-and-non-malware-to-microsoft-for-analysis?view=o365-21vianet) | modified |
+| 2/17/2021 | [Add support for anonymous inbound email over IPv6](/microsoft-365/security/defender-365-security/support-for-anonymous-inbound-email-messages-over-ipv6?view=o365-21vianet) | modified |
+| 2/17/2021 | [Support for validation of Domain Keys Identified Mail (DKIM) signed messages](/microsoft-365/security/defender-365-security/support-for-validation-of-dkim-signed-messages?view=o365-21vianet) | modified |
+| 2/17/2021 | [Switch to EOP from another protection service](/microsoft-365/security/defender-365-security/switch-to-eop-from-google-postini-the-barracuda-spam-and-virus-firewall-or-cisco?view=o365-21vianet) | modified |
+| 2/17/2021 | [Manage your allows and blocks in the Tenant Allow/Block List](/microsoft-365/security/defender-365-security/tenant-allow-block-list?view=o365-21vianet) | modified |
+| 2/17/2021 | [Configure your Microsoft 365 tenant for increased security](/microsoft-365/security/defender-365-security/tenant-wide-setup-for-increased-security?view=o365-21vianet) | modified |
+| 2/17/2021 | [Views in Threat Explorer and real-time detections](/microsoft-365/security/defender-365-security/threat-explorer-views?view=o365-21vianet) | modified |
+| 2/17/2021 | [Threat Explorer and Real-time detections](/microsoft-365/security/defender-365-security/threat-explorer?view=o365-21vianet) | modified |
+| 2/17/2021 | [Threat Trackers - New and Noteworthy](/microsoft-365/security/defender-365-security/threat-trackers?view=o365-21vianet) | modified |
+| 2/17/2021 | [Troubleshooting mail sent to Microsoft 365](/microsoft-365/security/defender-365-security/troubleshooting-mail-sent-to-office-365?view=o365-21vianet) | modified |
+| 2/17/2021 | [Tune anti-phishing protection](/microsoft-365/security/defender-365-security/tuning-anti-phishing?view=o365-21vianet) | modified |
+| 2/17/2021 | [Turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](/microsoft-365/security/defender-365-security/turn-on-atp-for-spo-odb-and-teams?view=o365-21vianet) | modified |
+| 2/17/2021 | [How to use DKIM for email in your custom domain](/microsoft-365/security/defender-365-security/use-dkim-to-validate-outbound-email?view=o365-21vianet) | modified |
+| 2/17/2021 | [Use DMARC to validate email](/microsoft-365/security/defender-365-security/use-dmarc-to-validate-email?view=o365-21vianet) | modified |
+| 2/17/2021 | [Use mail flow rules to see what your users are reporting to Microsoft](/microsoft-365/security/defender-365-security/use-mail-flow-rules-to-see-what-your-users-are-reporting-to-microsoft?view=o365-21vianet) | modified |
+| 2/17/2021 | [Use mail flow rules to the SCL in messages](/microsoft-365/security/defender-365-security/use-mail-flow-rules-to-set-the-spam-confidence-level-scl-in-messages?view=o365-21vianet) | modified |
+| 2/17/2021 | [End-user spam notifications in Microsoft 365](/microsoft-365/security/defender-365-security/use-spam-notifications-to-release-and-report-quarantined-messages?view=o365-21vianet) | modified |
+| 2/17/2021 | [Remove yourself from the blocked senders list](/microsoft-365/security/defender-365-security/use-the-delist-portal-to-remove-yourself-from-the-office-365-blocked-senders-lis?view=o365-21vianet) | modified |
+| 2/17/2021 | [Use mail flow rules to filter bulk email](/microsoft-365/security/defender-365-security/use-transport-rules-to-configure-bulk-email-filtering?view=o365-21vianet) | modified |
+| 2/17/2021 | [User submissions policy](/microsoft-365/security/defender-365-security/user-submission?view=o365-21vianet) | modified |
+| 2/17/2021 | [User tags in Microsoft Defender for Office 365](/microsoft-365/security/defender-365-security/user-tags?view=o365-21vianet) | modified |
+| 2/17/2021 | [View and release quarantined messages from shared mailboxes](/microsoft-365/security/defender-365-security/view-and-release-quarantined-messages-from-shared-mailboxes?view=o365-21vianet) | modified |
+| 2/17/2021 | [View email security reports in the Security & Compliance Center](/microsoft-365/security/defender-365-security/view-email-security-reports?view=o365-21vianet) | modified |
+| 2/17/2021 | [View mail flow reports in the Reports dashboard](/microsoft-365/security/defender-365-security/view-mail-flow-reports?view=o365-21vianet) | modified |
+| 2/17/2021 | [View Defender for Office 365 reports in the Reports dashboard](/microsoft-365/security/defender-365-security/view-reports-for-atp?view=o365-21vianet) | modified |
+| 2/17/2021 | [View the admin audit log in standalone EOP](/microsoft-365/security/defender-365-security/view-the-admin-audit-log-eop?view=o365-21vianet) | modified |
+| 2/17/2021 | [Built-in virus protection in SharePoint Online, OneDrive, and Microsoft Teams](/microsoft-365/security/defender-365-security/virus-detection-in-spo?view=o365-21vianet) | modified |
+| 2/17/2021 | [Walkthrough - Spoof intelligence insight](/microsoft-365/security/defender-365-security/walkthrough-spoof-intelligence-insight?view=o365-21vianet) | modified |
+| 2/17/2021 | [What&apos;s the difference between junk email and bulk email?](/microsoft-365/security/defender-365-security/what-s-the-difference-between-junk-email-and-bulk-email?view=o365-21vianet) | modified |
+| 2/17/2021 | [What's new in Microsoft Defender for Office 365](/microsoft-365/security/defender-365-security/whats-new-in-office-365-atp?view=o365-21vianet) | modified |
+| 2/17/2021 | [Zero-hour auto purge (ZAP)](/microsoft-365/security/defender-365-security/zero-hour-auto-purge?view=o365-21vianet) | modified |
includes Microsoft Defender Api Usgov https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/microsoft-defender-api-usgov.md
+
+ Title: Microsoft Defender for Endpoint API URIs for US Government
+description: Microsoft Defender for Endpoint API URIs for US Government
+keywords: defender, endpoint, api, government, gov
+search.product: eADQiWindows 10XVcnh
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
++
+ms.localizationpriority: medium
+
+audience: ITPro
++++
+>[!NOTE]
+>If you are a US Government customer, please use the URIs listed in [Microsoft Defender for Endpoint for US Government customers](/microsoft-365/security/defender-endpoint/gov.md#api).
includes Microsoft Defender https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/microsoft-defender.md
+
+ Title: Microsoft Defender important guidance
+description: A note in regard to important Microsoft Defender guidance.
Last updated : 09/21/2020++++++
includes Prerelease https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/prerelease.md
+
+ Title: Microsoft Defender for Endpoint Pre-release Disclaimer
+description: Disclaimer for pre-release version of Microsoft Defender for Endpoint.
Last updated : 08/28/2017++++++
+> [!IMPORTANT]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
knowledge Create A Topic https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/knowledge/create-a-topic.md
localization_priority: Normal
-# Create a new topic
+# Create a new topic in Microsoft Viva Topics
In Viva Topics, you can create a new topic if one is not discovered through indexing or if the AI technology did not find enough evidence to establish it as a topic.
knowledge Edit A Topic https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/knowledge/edit-a-topic.md
localization_priority: Normal
-# Edit an existing topic
+# Edit an existing topic in Microsoft Viva Topics
</br>
managed-desktop Network https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/get-ready/network.md
ms.localizationpriority: normal
+audience: Admin
# Network configuration for Microsoft Managed Desktop
Get Help | \*.support.services.microsoft.com <br>inprod.support.services.micros
Quick Assist | remoteassistance.support.services.microsoft.com <br>relay.support.services.microsoft.com <br>channelwebsdks.azureedge.net <br>web.vortex.data.microsoft.com <br>gateway.channelservices.microsoft.com <br>\*.lync.com | SharePoint Online | \*.sharepoint.com <br>\ *.svc.ms <br>\<tenant\>.sharepoint.com <br>\<tenant\>-my.sharepoint.com <br>\<tenant\>-files.sharepoint.com <br>\<tenant\>-myfiles.sharepoint.com <br>\*.sharepointonline.com <br>cdn.sharepointonline.com <br>static.sharepointonline.com <br>spoprod-a.akamaihd.net <br>publiccdn.sharepointonline.com <br>privatecdn.sharepointonline.com | [SharePoint Online and OneDrive for Business](../../enterprise/urls-and-ip-address-ranges.md) OneDrive for Business | admin.onedrive.com <br>officeclient.microsoft.com <br>odc.officeapps.live.com <br>skydrive.wns.windows.com <br>g.live.com <br>oneclient.sfx.ms <br>\*.log.optimizely.com <br>click.email.microsoftonline.com <br>ssw.live.com <br>storage.live.com | | [SharePoint Online and OneDrive for Business](../../enterprise/urls-and-ip-address-ranges.md)
-Microsoft Teams | \*.teams.skype.com <br>\*.teams.microsoft.com <br>teams.microsoft.com <br>\*.asm.skype.com <br>\ *.cc.skype.com <br>\*.conv.skype.com <br>\*.dc.trouter.io <br>\*.msg.skype.com <br>prod.registrar.skype.com <br>prod.tpc.skype.com <br>\*.broker.skype.com <br>\*.config.skype.com <br>\*.pipe.skype.com <br>\*.pipe.aria.microsoft.com <br>config.edge.skype.com <br>pipe.skype.com <br>s-0001.s-msedge.net <br>s-0004.s-msedge.net <br>scsinstrument-ss-us.trafficmanager.net <br>scsquery-ss- <br>us.trafficmanager.net <br>scsquery-ss-eu.trafficmanager.net <br>scsquery-ss-asia.trafficmanager.net <br>\*.msedge.net <br>compass-ssl.microsoft.com <br>feedback.skype.com <br>\*.secure.skypeassets.com <br>mlccdnprod.azureedge.net <br>videoplayercdn.osi.office.net <br>\*.mstea.ms | [Microsoft Teams](../../enterprise/urls-and-ip-address-ranges.md#bkmk_teams)
+Microsoft Teams | \*.teams.skype.com <br>\*.teams.microsoft.com <br>teams.microsoft.com <br>\*.asm.skype.com <br>\ *.cc.skype.com <br>\*.conv.skype.com <br>\*.dc.trouter.io <br>\*.msg.skype.com <br>prod.registrar.skype.com <br>prod.tpc.skype.com <br>\*.broker.skype.com <br>\*.config.skype.com <br>\*.pipe.skype.com <br>\*.pipe.aria.microsoft.com <br>config.edge.skype.com <br>pipe.skype.com <br>s-0001.s-msedge.net <br>s-0004.s-msedge.net <br>scsinstrument-ss-us.trafficmanager.net <br>scsquery-ss- <br>us.trafficmanager.net <br>scsquery-ss-eu.trafficmanager.net <br>scsquery-ss-asia.trafficmanager.net <br>\*.msedge.net <br>compass-ssl.microsoft.com <br>feedback.skype.com <br>\*.secure.skypeassets.com <br>mlccdnprod.azureedge.net <br>videoplayercdn.osi.office.net <br>\*.mstea.ms | [Microsoft Teams](../../enterprise/urls-and-ip-address-ranges.md)
Power BI | maxcdn.bootstrapcdn.com <br>ajax.aspnetcdn.com <br>netdna.bootstrapcdn.com <br>cdn.optimizely.com <br>google-analytics.com <br>\*.mktoresp.com <br>\*.aadcdn.microsoftonline-p.com <br>\*.msecnd.com <br>\*.localytics.com <br>ajax.aspnetcdn.com <br>\*.localytics.com <br>\*.virtualearth.net <br>platform.bing.com <br>powerbi.microsoft.com <br>c.microsoft.com <br>app.powerbi.com <br>\*.powerbi.com <br>dc.services.visualstudio.com <br>support.powerbi.com <br>powerbi.uservoice.com <br>go.microsoft.com <br>c1.microsoft.com <br>\*.azureedge.net |[ Power BI & Express Route](/power-bi/service-admin-power-bi-expressroute) OneNote | apis.live.net <br>www.onedrive.com <br>login.microsoft.com <br>www.onenote.com <br>\*.onenote.com <br>\*.msecnd.net <br>\*.microsoft.com <br>\*.office.net <br>cdn.onenote.net <br>site-cdn.onenote.net <br>cdn.optimizely.com <br>Ajax.aspnetcdn.com <br>officeapps.live.com <br>\\*.onenote.com <br>\*cdn.onenote.net <br>contentstorage.osi.office.net <br>\*onenote.officeapps.live.com <br>\*.microsoft.com | [OneNote](../../enterprise/urls-and-ip-address-ranges.md)
managed-desktop Device Images https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/service-description/device-images.md
+
+ Title: Device images
+description: Image requirements when ordering new devices or reusing existing devices
+keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation
++
+f1.keywords:
+- NOCSH
+
+ms.localizationpriority: normal
+++
+audience: Admin
++
+# Device images
++
+Whether you order [new devices](#new-devices) or reuse [existing](#existing-devices) ones, you have several options to ensure the image on the device meets our [device requirements](device-requirements.md#check-hardware-requirements).
+
+## New devices
+When you order a new device from an [approved manufacturer](device-requirements.md#minimum-requirements), follow these steps to make sure they ship devices with the right Microsoft Managed Desktop image and software configuration.
+
+### Dell
+Work directly with the Dell sales representative, who will make sure that the image approved by Microsoft Managed Desktop is applied to devices for your order. For more questions on Dell devices, the image, and the ordering process, contact MMD_at_dell@dell.com.
+
+### HP
+When you order new devices from HP, be sure to use the specific SKU listed in the Additional requirements section for each model as shown in [Program devices](device-list.md#hp).
+
+If you're ordering a device from HP that has been approved as an [exception](customizing.md) but isn't currently listed on the Device List page, be sure to request the SKU to be used for your model. We'll work with HP to get you this information by using your exception request. You can also contact HP directly for any questions about devices and device ordering instructions by using these addresses:
+
+- Americas: mmd-americas@hp.com
+- Europe/Middle East/Africa: mmd-emea@hp.com
+- Asia Pacific/Japan: mmd-apj@hp.com
+- Global: mmd@hp.com
+
+### Lenovo
+When you order devices from Lenovo for use in Microsoft Managed Desktop, you'll need to indicate a specific part number included as part of the order. Contact your Lenovo sales representative or Lenovo Channel Partner and ask them to create a "*special bid model*" with a system that meets our [device requirements](device-requirements.md#minimum-requirements). To include a pre-loaded image compatible with Microsoft Managed Desktop, ask the sales representative to reference "*system building block part number SBB0Q94938 – MMD Enablement*."
+
+The following products are currently enabled for Microsoft Managed Desktop support:
+
+- L13 Gen 1
+- L13 Yoga Gen 1
+- L14 Gen 1 (Intel)
+- L14 Gen 1 (AMD)
+- L15 Gen 1 (Intel)
+- L15 Gen 1 (AMD)
+- X1 Carbon Gen 8
+- X1 Yoga Gen 5
+- T14 Gen 1 (Intel)
+- T14 Gen 1 (AMD)
+- T15 Gen 1
+- X13 Gen 1 (Intel)
++
+### Microsoft
+All Microsoft devices that meet device requirements come with an image that works with Microsoft Managed Desktop. No other steps are required.
+
+To get the latest image available in the factory on a Microsoft device, work with your Surface specialist to use the Surface "Pegged PO" process.
+
+## Existing devices
+
+You can reuse existing devices as long as they meet both the [device requirements](device-requirements.md#minimum-requirements) and the [software requirements](device-requirements.md#installed-software). Follow the steps relevant to your manufacturer.
+
+You can reimage devices either with an image from the manufacturer or by using the Microsoft Managed Desktop "universal image." To get an appropriate manufacturer image, you could order at least one [new device](#new-devices) of the model you are reusing. Then you can obtain the image from that device and apply it to other devices of the exact same model.
+
+> [!NOTE]
+> It's your the responsibility to create, test, and deploy images. We also recommend using appropriate images provided by the manufacturer whenever possible instead of custom images--including the "universal image."
+
+### HP
+
+HP Commercial PCs shipped with the HP Corporate Ready Image include a .WIM file for recovery. You can use this image to apply the factory restoration image to other devices of the same model.
+
+These steps will remove all data on the device, so before starting you should back up any data on you want to keep.
+
+1. [Create a bootable USB drive](https://docs.microsoft.com/windows-hardware/manufacture/desktop/winpe-create-usb-bootable-drive) with WinPE.
+2. Copy these files from C:\\SOURCES to the USB drive:
+ - The factory recovery WIM file (for example, HP\_EliteBook\_840\_G7\_Notebook\_PC\_CR\_2004.wim)
+ - DEPLOY.CMD
+ - ReCreatePartitions.txt
+3. [Boot the device to WinPE](https://store.hp.com/us/en/tech-takes/how-to-boot-from-usb-drive-on-windows-10-pcs) USB drive.
+4. In a command prompt, run [Diskpart.exe](https://docs.microsoft.com/windows-server/administration/windows-commands/diskpart#additional-references).
+5. In Diskpart, run `list disk`, and then note the primary storage disk number (typically, Disk 0).
+6. Exit Diskpart by typing `exit`.
+7. In the command prompt, run `deploy.cmd <sys_disk> <recovery_wim>`, where *sys_disk* is the disk number of the primary storage disk you just determined and *recovery_wim* is the filename of the .WIM file you copied earlier.
+8. Remove the USB drive, and then restart the device.
+
+### Microsoft
+
+Microsoft Surface devices include "bare metal recovery" [images](https://support.microsoft.com/en-us/surfacerecoveryimage) that are specific to each model. You can use these images to reimage devices.
+
+These images use the Windows Recovery Environment (WinRE) and this is a manual process (not automated). Follow the steps in [Creating and using a USB recovery drive for Surface](https://support.microsoft.com/surface/creating-and-using-a-usb-recovery-drive-for-surface-677852e2-ed34-45cb-40ef-398fc7d62c07).
++
+### Universal image
+Microsoft Managed Desktop has created an image containing Windows 10 Pro and Microsoft 365 Apps for Enterprise that you can use with Microsoft Managed Desktop. However, it's best to use images appropriate to Microsoft Managed Desktop provided by the manufacturer whenever possible, even if that means an older Windows version that then needs to update once the user signs in. Using the Microsoft Managed Desktop Universal image should be a final option.
+
+- We update the image with the latest Windows monthly quality updates every 30-60 days and Microsoft 365 Apps for Enterprise updates at least twice a year.
+- The image contains a recovery provisioning package to ensure Microsoft 365 Apps for Enterprise is restored following Windows recovery scenarios.
+- You can deploy the image with USB drives. It contains a scriptable process to insert drivers (outlined in the documentation included with the image).
+- You can modify the included scripts and folders for use with other customizations, such as adding specific cumulative updates, file copy code, or performing other checks.
+- Drivers and quality updates are added to Windows during deployment from the USB drive.
+
+> [!NOTE]
+> It's your responsibility to add all necessary drivers, perform all testing, and ensure there are no issues with the final deployed image. We provide the Universal Image "as-is" but will provide technical guidance and answer questions. Contact MMDImage@microsoft.com.
+
+Submit requests for the Universal Image content and documentation by creating a change request at the [Admin portal](../get-started/access-admin-portal.md).
++
managed-desktop Regions Languages https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/service-description/regions-languages.md
description: Regions and languages supported by Microsoft Managed Desktop
keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation
+f1.keywords:
+- NOCSH
ms.localizationpriority: normal ++
+audience: Admin
# Microsoft Managed Desktop supported regions and languages
This article provides details about regions and languages supported by Microsoft
English is the only language available to users of Microsoft Managed Desktop. This policy includes all user interfaces for both users and administrators and all interactions with both [admin support](../working-with-managed-desktop/admin-support.md) and [user support](../working-with-managed-desktop/end-user-support.md).
-You can still use managed devices outside of English-speaking regions without an interruption to the Microsoft Managed Desktop service. For example, an employee based in the United Kingdom can work securely and receive updates on their managed device while traveling Asia, Europe, or South America.
+You can still use managed devices outside of English-speaking regions without any interruption to the Microsoft Managed Desktop service. For example, an employee based in the United Kingdom can work securely and receive updates on their managed device while traveling in Asia, Europe, or South America.
For more information about user support with Microsoft Managed Desktop, see [Support for Microsoft Managed Desktop](./support.md).
security Microsoft 365 Security For Bdm https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/Microsoft-365-security-for-bdm.md
This article is organized by priority of work, starting with protecting those ac
[![Thumb image Microsoft 365 BDM security recommendations spreadsheet](../downloads/microsoft-365-bdm-security-recommendations-spreadsheet-thumb.png)](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/downloads/Microsoft-365-BDM-security-recommendations-spreadsheet.xlsx)
-Microsoft provides you with the Secure Score tool within your tenant to automatically analyze your security posture based on your regular activities, assign a score, and provide security improvement recommendations. Before taking the actions recommended in this article, take note of your current score and recommendations. The actions recommended in this article will increase your score. The goal is not to achieve the max score, but to be aware of opportunities to protect your environment in a way that do not negatively affect productivity for your users. See [Microsoft Secure Score](mtp/microsoft-secure-score.md).
+Microsoft provides you with the Secure Score tool within your tenant to automatically analyze your security posture based on your regular activities, assign a score, and provide security improvement recommendations. Before taking the actions recommended in this article, take note of your current score and recommendations. The actions recommended in this article will increase your score. The goal is not to achieve the max score, but to be aware of opportunities to protect your environment in a way that do not negatively affect productivity for your users. See [Microsoft Secure Score](defender/microsoft-secure-score.md).
![Follow these steps to mitigate risks to your business.](../media/security/security-for-bdms-overview.png)
Known threats include malware, compromised accounts, and phishing. Some protecti
|Recommendation |E3 |E5 | ||||
-|**Setup multi-factor authentication and use recommended conditional access policies, including sign-in risk policies**. Microsoft recommends and has tested a set of policies that work together to protect all cloud apps, including Office 365 and Microsoft 365 services. See [Identity and device access configurations](./office-365-security/microsoft-365-policies-configurations.md). | |![green check mark](../media/green-check-mark.png)|
+|**Setup multi-factor authentication and use recommended conditional access policies, including sign-in risk policies**. Microsoft recommends and has tested a set of policies that work together to protect all cloud apps, including Office 365 and Microsoft 365 services. See [Identity and device access configurations](./defender-365-security/microsoft-365-policies-configurations.md). | |![green check mark](../media/green-check-mark.png)|
|**Require multi-factor authentication for all users**. If you don't have the licensing required to implement the recommended conditional access policies, at a minimum require multi-factor authentication for all users.|![green check mark](../media/green-check-mark.png)|![green check mark](../media/green-check-mark.png)| |**Raise the level of protection against malware in mail**. Your Office 365 or Microsoft 365 environment includes protection against malware, but you can increase this protection by blocking attachments with file types that are commonly used for malware.|![green check mark](../media/green-check-mark.png)|![green check mark](../media/green-check-mark.png)| |**Protect your email from targeted phishing attacks**. If you've configured one or more custom domains for your Office 365 or Microsoft 365 environment, you can configure targeted anti-phishing protection. Anti-phishing protection, part of Defender for Office 365, can help protect your organization from malicious impersonation-based phishing attacks and other phishing attacks. If you haven't configured a custom domain, you do not need to do this.| |![green check mark](../media/green-check-mark.png)|
Microsoft 365 information protection capabilities can help you discover what inf
|Recommendation |E3|E5 | ||||
-|**Review and optimize your conditional access and related policies to align with your objectives for a zero trust network**. Protecting against known threats includes implementing a set of [recommended policies](./office-365-security/microsoft-365-policies-configurations.md). Review your implementation of these policies to ensure you're protecting your apps and data against hackers who have gained access to your network. Note that the recommended Intune app protection policy for Windows 10 enables Windows Information Protection (WIP). WIP protects against accidental leaks of your organization data through apps and services, like email, social media, and the public cloud. | |![green check mark](../media/green-check-mark.png)|
+|**Review and optimize your conditional access and related policies to align with your objectives for a zero trust network**. Protecting against known threats includes implementing a set of [recommended policies](./defender-365-security/microsoft-365-policies-configurations.md). Review your implementation of these policies to ensure you're protecting your apps and data against hackers who have gained access to your network. Note that the recommended Intune app protection policy for Windows 10 enables Windows Information Protection (WIP). WIP protects against accidental leaks of your organization data through apps and services, like email, social media, and the public cloud. | |![green check mark](../media/green-check-mark.png)|
|**Disable external email forwarding**. Hackers who gain access to a user's mailbox can steal your mail by setting the mailbox to automatically forward email. This can happen even without the user's awareness. You can prevent this from happening by configuring a mail flow rule.|![green check mark](../media/green-check-mark.png) |![green check mark](../media/green-check-mark.png)| |**Disable anonymous external calendar sharing**. By default external anonymous calendar sharing is allowed. [Disable calendar sharing](/exchange/sharing/sharing-policies/modify-a-sharing-policy) to reduce potential leaks of sensitive information.|![green check mark](../media/green-check-mark.png) |![green check mark](../media/green-check-mark.png)| |**Configure data loss prevention policies for sensitive data**. Create a Data Loss Prevention Policy in the Security &amp; Compliance center to discover and protect sensitive data such as credit card numbers, Social Security numbers and bank account numbers. Microsoft 365 includes many predefined sensitive information types you can use in data loss prevention policies. You can also create your own sensitive information types for sensitive data that is custom to your environment. |![green check mark](../media/green-check-mark.png)|![green check mark](../media/green-check-mark.png)|
security About Defender For Office 365 Trial https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-365-security/about-defender-for-office-365-trial.md
+
+ Title: "About the Microsoft Defender for Office 365 trial"
+f1.keywords:
+++
+audience: Admin
++
+localization_priority: Normal
+search.appverid:
+- MET150
+ms.assetid:
+
+- M365-security-compliance
+- m365initiative-defender-office365
+
+- seo-marvel-apr2020
+
+description: "Admins can learn about the trial mode of Microsoft Defender for Office 365"
++
+# About the Microsoft Defender for Office 365 trial
+
+Microsoft Defender for Office 365 safeguards your organization against malicious threats that are posed by email messages, links (URLs), and collaboration tools. Defender for Office 365 includes:
+
+- **Threat protection policies**: Define threat-protection policies to set the appropriate level of protection for your organization.
+- **Reports**: View real-time reports to monitor Defender for Office 365 performance in your organization.
+- **Threat investigation and response capabilities**: Use leading-edge tools to investigate, understand, simulate, and prevent threats.
+- **Automated investigation and response capabilities**: Save time and effort investigating and mitigating threats.
+
+A Microsoft Defender for Office 365 trial is the easiest way to try the capabilities of Defender for Office 365, and setting it up only takes a couple of clicks. After the trial setup is complete, all Defender for Office 365 Plan 1 and Plan 2 capabilities are available in the organization for up to 90 days.
+
+> [!NOTE]
+> The automated configuration that's described in this article is currently in Public Preview and might not be available in your location.
+
+## Terms and conditions
+
+The Defender for Office 365 trial is available for 90 days and can be initiated for all of your users. For more information, see [Microsoft Defender for Office 365 Trial Terms & Conditions](defender-for-office-365-trial-terms-and-conditions.md).
+
+## Set up a Defender for Office 365 trial
+
+A trial allows organizations to easily set up and configure the Defender for Office 365 capabilities. During setup, policies that are exclusive to Defender for Office 365 (specifically, [Safe Attachments](safe-attachments.md), [Safe Links](safe-links.md), and [impersonation protection in anti-spam policies](set-up-anti-phishing-policies.md#impersonation-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365)) are applied using the Standard template for [preset security policies](preset-security-policies.md).
+
+By default, these policies are scoped to all users in the organization, but admins can customize the policies during or after setup so they apply only to specific users.
+
+During setup, MDO response functionality (found in MDO P2 or equivalent) is also set up for the entire organization. No policy scoping is required.
+
+## Licensing
+
+As part of the trial setup, the Defender for Office 365 licenses are automatically applied to the organization. The licenses are free of charge for the first 90 days.
+
+## Permissions
+
+To start or end the trial, you need to be a member of the **Global Administrator** or **Security Administrator** roles in Azure Active Directory. For details, see [About admin roles](../../admin/add-users/about-admin-roles.md).
+
+## Additional information
+
+After you enroll in the trial, it might take up to 2 hours for the changes and updates to be available. And, admins must log out and log back in to see the changes.
+
+Admins can disable the trial at any point by going to the <> card.
+
+## Availability
+
+The Defender for Office 365 trial is gradually rolling out to existing customers who meet specific criteria (including geography) and who don't have existing Defender for Office 365 Plan 1 or Plan 2 licenses (included in their subscription or as an add-on).
+
+## Learn more about Defender for Office 365
+
+Defender for Office 365 helps organizations secure their enterprise by offering a comprehensive slate of capabilities.
+
+You can also learn more about Defender for Office 365 at this [interactive guide](https://techcommunity.microsoft.com/t5/video-hub/protect-your-organization-with-microsoft-365-defender/m-p/1671189).
+
+![Microsoft Defender for Office 365 conceptual diagram](../../media/microsoft-defender-for-office-365.png)
+
+### Prevention
+
+A robust filtering stack prevents a wide variety of volume-based and targeted attacks including business email compromise, credential phishing, ransomware, and advanced malware.
+
+- [Anti-phishing policies: Exclusive settings in Defender for Office 365](set-up-anti-phishing-policies.md#exclusive-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365)
+- [Safe Attachments](safe-attachments.md)
+- [Safe Links](safe-links.md)
+
+### Detection
+
+Industry-leading AI detects malicious and suspicious content and correlates attack patterns to identify campaigns designed to evade protection.
+
+- [Campaign Views in Microsoft Defender for Office 365](campaigns.md)
+
+### Investigation and hunting
+
+Powerful experiences help identify, prioritize, and investigate threats, with advanced hunting capabilities to track attacks across Office 365.
+
+- [Threat Explorer and Real-time detections](threat-explorer.md)
+- [Real-time reports in Defender for Office 365](view-reports-for-mdo.md)
+- [Threat Trackers - New and Noteworthy](threat-trackers.md)
+- Integration with [Microsoft 365 Defender](https://docs.microsoft.com/microsoft-365/security/defender/microsoft-threat-protection)
+
+### Response and remediation
+
+Extensive incident response and automation capabilities amplify your security teamΓÇÖs effectiveness and efficiency.
+
+- [Automated investigation and response (AIR) in Microsoft Defender for Office 365](office-365-air.md)
+
+### Awareness and training
+
+Rich simulation and training capabilities along with integrated experiences within client applications build user awareness.
+
+- [Get started using Attack simulation training](attack-simulation-training-get-started.md)
+
+### Secure posture
+
+Recommended templates and configuration insights help customers get and stay secure.
+
+- [Preset security policies in EOP and Microsoft Defender for Office 365](preset-security-policies.md)
+- [Configuration analyzer for protection policies in EOP and Microsoft Defender for Office 365](configuration-analyzer-for-security-policies.md).
+
+## Give feedback
+
+Your feedback helps us get better at protecting your environment from advanced attacks. Share your experience and impressions of product capabilities and trial results.
security Address Compromised Users Quickly https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-365-security/address-compromised-users-quickly.md
+
+ Title: Address compromised user accounts with automated investigation and response
+keywords: AIR, autoIR, ATP, automated, investigation, response, remediation, threats, advanced, threat, protection, compromised
+++
+audience: ITPro
+
+localization_priority: Normal
+search.appverid:
+ - MET150
+ - MOE150
+ Last updated : 02/25/2020
+description: Learn how to speed up the process of detecting and addressing compromised user accounts with automated investigation and response capabilities in Microsoft Defender for Office 365 Plan 2.
+ms.technology: mdo
++
+# Address compromised user accounts with automated investigation and response
++
+**Applies to**
+- [Exchange Online Protection](exchange-online-protection-overview.md)
+- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
+- [Microsoft 365 Defender](../defender/microsoft-365-defender.md)
++
+[Microsoft Defender for Office 365 Plan 2](defender-for-office-365.md#microsoft-defender-for-office-365-plan-1-and-plan-2) includes powerful [automated investigation and response](office-365-air.md) (AIR) capabilities. Such capabilities can save your security operations team a lot of time and effort dealing with threats. Microsoft continues to improve security capabilities. Recently, AIR capabilities were enhanced to include a compromised user security playbook (currently in preview). Read this article to learn more about the compromised user security playbook. And see the blog post [Speed up time to detect and respond to user compromise and limit breach scope with Microsoft Defender for Office 365](https://techcommunity.microsoft.com/t5/Security-Privacy-and-Compliance/Speed-up-time-to-detect-and-respond-to-user-compromise-and-limit/ba-p/977053) for additional details.
+
+![Automated investigation for a compromised user](/microsoft-365/media/office365atp-compduserinvestigation.jpg)
+
+The compromised user security playbook enables your organization's security team to:
+
+- Speed up detection of compromised user accounts;
+
+- Limit the scope of a breach when an account is compromised; and
+
+- Respond to compromised users more effectively and efficiently.
+
+## Compromised user alerts
+
+When a user account is compromised, atypical or anomalous behaviors occur. For example, phishing and spam messages might be sent internally from a trusted user account. Defender for Office 365 can detect such anomalies in email patterns and collaboration activity within Office 365. When this happens, alerts are triggered, and the threat mitigation process begins.
+
+For example, here's an alert that was triggered because of suspicious email sending:
+
+![Alert triggered because of suspicious email sending](/microsoft-365/media/office365atp-suspiciousemailsendalert.jpg)
+
+And here's an example of an alert that was triggered when a sending limit was reached for a user:
+
+![Alert triggered by sending limit reached](/microsoft-365/media/office365atp-sendinglimitreached.jpg)
+
+## Investigate and respond to a compromised user
+
+When a user account is compromised, alerts are triggered. And in some cases, that user account is blocked and prevented from sending any further email messages until the issue is resolved by your organization's security operations team. In other cases, an automated investigation begins which can result in recommended actions that your security team should take.
+
+- [View and investigate restricted users](#view-and-investigate-restricted-users)
+
+- [View details about automated investigations](#view-details-about-automated-investigations)
+
+> [!IMPORTANT]
+> You must have appropriate permissions to perform the following tasks. See [Required permissions to use AIR capabilities](office-365-air.md#required-permissions-to-use-air-capabilities).
+
+### View and investigate restricted users
+
+You have a few options for navigating to a list of restricted users. For example, in the Security & Compliance Center, you can go to **Threat management** \> **Review** \> **Restricted Users**. The following procedure describes navigation using the **Alerts** dashboard, which is a good way to see various kinds of alerts that might have been triggered.
+
+1. Go to <https://protection.office.com> and sign in.
+
+2. In the navigation pane, choose **Alerts** \> **Dashboard**.
+
+3. In the **Other alerts** widget, choose **Restricted Users**.
+
+ ![Other alerts widget](/microsoft-365/media/office365atp-otheralertswidget.jpg)
+
+ This opens the list of restricted users.
+
+ ![Restricted users in Office 365](/microsoft-365/media/office365atp-restrictedusers.jpg)
+
+4. Select a user account in the list to view details and take action, such as [releasing the restricted user](removing-user-from-restricted-users-portal-after-spam.md).
+
+### View details about automated investigations
+
+When an automated investigation has begun, you can see its details and results in the Security & Compliance Center. Go to **Threat management** \> **Investigations**, and then select an investigation to view its details.
+
+To learn more, see [View details of an investigation](air-view-investigation-results.md).
+
+## Keep the following points in mind
+
+- **Stay on top of your alerts**. As you know, the longer a compromise goes undetected, the larger the potential for widespread impact and cost to your organization, customers, and partners. Early detection and timely response are critical to mitigate threats, and especially when a user's account is compromised.
+
+- **Automation assists, but does not replace, your security operations team**. Automated investigation and response capabilities can detect a compromised user early on, but your security operations team will likely need to engage and do some investigation and remediation. Need some help with this? See [Review and approve actions](air-review-approve-pending-completed-actions.md).
+
+- **Don't rely on a suspicious login alert as your only indicator**. When a user account is compromised, it might or might not trigger a suspicious login alert. Sometimes it's the series of activities that occur after an account is compromised that triggers an alert. Want to know more about alerts? See [Alert policies](../../compliance/alert-policies.md).
+
+## Next steps
+
+- [Review the required permissions to use AIR capabilities](office-365-air.md#required-permissions-to-use-air-capabilities)
+
+- [Find and investigate malicious email in Office 365](investigate-malicious-email-that-was-delivered.md)
+
+- [Learn about AIR in Microsoft Defender for Endpoint](/windows/security/threat-protection/microsoft-defender-atp/automated-investigations)
+
+- [Visit the Microsoft 365 Roadmap to see what's coming soon and rolling out](https://www.microsoft.com/microsoft-365/roadmap?filters=)
security Admin Submission https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-365-security/admin-submission.md
+
+ Title: Admin submissions
+f1.keywords:
+ - NOCSH
+++ Last updated :
+audience: ITPro
+
+localization_priority: Normal
+search.appverid:
+ - MET150
+
+ - M365-security-compliance
+ - m365initiative-defender-office365
+
+ - seo-marvel-apr2020
+description: Admins can learn how to use the Submissions portal in the Security & Compliance Center to submit suspicious emails, suspected phishing mails, spam, and other potentially harmful messages, URLs, and files to Microsoft for scanning.
+ms.technology: mdo
++
+# Use Admin Submission to submit suspected spam, phish, URLs, and files to Microsoft
++
+**Applies to**
+- [Exchange Online Protection](exchange-online-protection-overview.md)
+- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
++
+In Microsoft 365 organizations with mailboxes in Exchange Online, admins can use the Submissions portal in the Security & Compliance Center to submit email messages, URLs, and attachments to Microsoft for scanning.
+
+When you submit an email message, you will get:
+
+1. **Email authentication check**: Details on whether email authentication passed or failed when it was delivered.
+2. **Policy hits**: Information about any policies that may have allowed or blocked the incoming email into your tenant, overriding our service filter verdicts.
+3. **Payload reputation/detonation**: Examination of any URLs and attachments in the message.
+4. **Grader analysis**: Review done by human graders in order to confirm whether or not messages are malicious.
+
+> [!IMPORTANT]
+> Payload reputation/detonation and grader analysis are not done in all tenants. Information is blocked from going outside the organization when data is not supposed to leave the tenant boundary for compliance purposes.
+
+For other ways to submit email messages, URLs, and attachments to Microsoft, see [Report messages and files to Microsoft](report-junk-email-messages-to-microsoft.md).
+
+## What do you need to know before you begin?
+
+- You open the Security & Compliance Center at <https://protection.office.com/>. To go directly to the **Submission** page, use <https://protection.office.com/reportsubmission>.
+
+- To submit messages and files to Microsoft, you need to be a member of one of the following role groups:
+
+ - **Organization Management** or **Security Administrator** in the [Security & Compliance Center](permissions-in-the-security-and-compliance-center.md).
+
+ - **Organization Management** in [Exchange Online](/Exchange/permissions-exo/permissions-exo#role-groups).
+
+ Note that membership in this role group is required to [View user submissions to the custom mailbox](#view-user-submissions-to-the-custom-mailbox) as described later in this article.
+
+- For more information about how users can submit messages and files to Microsoft, see [Report messages and files to Microsoft](report-junk-email-messages-to-microsoft.md).
+
+## Report suspicious content to Microsoft
+
+1. In the Security & Compliance Center, go to **Threat management** \> **Submissions**, verify that you're on the **Admin submissions** tab, and then click **New submission**.
+
+2. Use **New submission** flyout that appears to submit the message, URL, or attachment as described in the following sections.
+
+### Submit a questionable email to Microsoft
+
+1. In the **Object type** section, select **Email**. In the **Submission format** section, use one of the following options:
+
+ - **Network Message ID**: This is a GUID value that's available in the **X-MS-Exchange-Organization-Network-Message-Id** header in the message, or in the **X-MS-Office365-Filtering-Correlation-Id** header in quarantined messages.
+
+ - **File**: Click **Choose file**. In the dialog that opens, find and select the .eml or .msg file, and then click **Open**.
+
+ > [!NOTE]
+ > Admins with Defender for Office 365 Plan 1 or Plan 2 are able to submit messages as old as 30 days. Other admins will only be able to go back 7 days.
+
+2. In the **Recipients** section, specify one or more recipients that you would like to run a policy check against. The policy check will determine if the email bypassed scanning due to user or organization policies.
+
+3. In the **Reason for submission** section, select one of the following options:
+
+ - **Should not have been blocked**
+
+ - **Should have been blocked**: Select **Spam**, **Phishing**, or **Malware**. If you're not sure, use your best judgment.
+
+4. When you're finished, click the **Submit** button.
+
+ ![URL submission example](../../media/submission-flyout-email.PNG)
+
+### Send a suspect URL to Microsoft
+
+1. In the **Object type** section, select **URL**. In the box that appears, enter the full URL (for example, `https://www.fabrikam.com/marketing.html`).
+
+2. In the **Reason for submission** section, select one of the following options:
+
+ - **Should not have been blocked**
+
+ - **Should have been blocked**: Select **Phishing** or **Malware**.
+
+3. When you're finished, click the **Submit** button.
+
+ ![Email submission example](../../media/submission-url-flyout.png)
+
+### Submit a suspected file to Microsoft
+
+1. In the **Object type** section, select **Attachment**.
+
+2. Click **Choose File**. In the dialog that opens, find and select the file, and then click **Open**.
+
+3. In the **Reason for submission** section, select one of the following options:
+
+ - **Should not have been blocked**
+
+ - **Should have been blocked**: **Malware** is the only choice, and is automatically selected..
+
+4. When you're finished, click the **Submit** button.
+
+ ![Attachment submission example](../../media/submission-file-flyout.PNG)
+
+## View admin submissions
+
+In the Security & Compliance Center, go to **Threat management** \> **Submissions**, verify that you're on the **Admin submissions** tab, and then click **New submission**.
+
+Near the top of the page, you can enter a start date, an end date, and (by default) you can filter by **Submission ID** (a GUID value that's assigned to every submission) by entering a value in the box and clicking ![Refresh button](../../media/scc-quarantine-refresh.png). You can enter multiple values separated by commas.
+
+To change the filter criteria, click the **Submission ID** button and choose one of the following values:
+
+- **Sender**
+- **Subject/URL/File name**
+- **Submitted by**
+- **Submission type**
+- **Status**
+
+![Filter options for admin submissions](../../media/admin-submission-email-filter-options.png)
+
+To export the results, click **Export** near the top of the page and select **Chart data** or **Table**. In the dialog that appears, save the .csv file.
+
+Below the graph, there are three tabs: **Email** (default), **URL**, and **Attachment**.
+
+### View admin email submissions
+
+Click the **Email** tab.
+
+You can click the **Column options** button near the bottom of the page to add or remove columns from the view:
+
+- **Date**
+- **Submission ID**: A GUID value that's assigned to every submission.
+- **Submitted by**<sup>\*</sup>
+- **Subject**<sup>\*</sup>
+- **Sender**
+- **Sender IP**<sup>\*</sup>
+- **Submission type**
+- **Delivery reason**
+- **Status**<sup>\*</sup>
+
+ <sup>\*</sup> If you click this value, detailed information is displayed in a flyout.
+
+#### Admin submission rescan details
+
+Messages that are submitted in admin submissions are rescanned and results shown in the details flyout:
+
+- If there was a failure in the sender's email authentication at the time of delivery.
+- Information about any policy hits that could have affected or overridden the verdict of a message.
+- Current detonation results to see if the URLs or files contained in the message were malicious or not.
+- Feedback from graders.
+
+If an override was found, the rescan should complete in several minutes. If there wasn't a problem in email authentication or delivery wasn't affected by an override, then the feedback from graders could take up to a day.
+
+### View admin URL submissions
+
+Click the **URL** tab.
+
+You can click the **Column options** button near the bottom of the page to add or remove columns from the view:
+
+- **Date**
+- **Submission ID**
+- **Submitted by**<sup>\*</sup>
+- **URL**<sup>\*</sup>
+- **Submission type**
+- **Status**<sup>\*</sup>
+
+ <sup>\*</sup> If you click this value, detailed information is displayed in a flyout.
+
+### View admin attachment submissions
+
+Click the **Attachments** tab.
+
+You can click the **Column options** button near the bottom of the page to add or remove columns from the view:
+
+- **Date**
+- **Submission ID**
+- **Submitted by**<sup>\*</sup>
+- **File name**<sup>\*</sup>
+- **Submission type**
+- **Status**<sup>\*</sup>
+
+ <sup>\*</sup> If you click this value, detailed information is displayed in a flyout.
+
+## View user submissions to Microsoft
+
+If you've deployed the [Report Message add-in](enable-the-report-message-add-in.md), the [Report Phishing add-in](enable-the-report-phish-add-in.md), or people use the [built-in reporting in Outlook on the web](report-junk-email-and-phishing-scams-in-outlook-on-the-web-eop.md), you can see what users are reporting on the **User submissions** tab.
+
+1. In the Security & Compliance Center, go to **Threat management** \> **Submissions**.
+
+2. Select the **User submissions** tab, and then click **New submission**.
+
+You can click the **Column options** button near the bottom of the page to add or remove columns from the view:
+
+- **Submitted on**
+- **Submitted by**<sup>\*</sup>
+- **Subject**<sup>\*</sup>
+- **Sender**
+- **Sender IP**<sup>\*</sup>
+- **Submission type**
+
+<sup>\*</sup> If you click this value, detailed information is displayed in a flyout.
+
+Near the top of the page, you can enter a start date, an end date, and (by default) you can filter by **Sender** by entering a value in the box and clicking ![Refresh button](../../media/scc-quarantine-refresh.png). You can enter multiple values separated by commas.
+
+To change the filter criteria, click the **Sender** button and choose one of the following values:
+
+- **Sender domain**
+- **Subject**
+- **Submitted by**
+- **Submission type**
+- **Sender IP**
+
+![Filter options for user submissions](../../media/user-submissions-filter-options.png)
+
+To export the results, click **Export** near the top of the page and select **Chart data** or **Table**. In the dialog that appears, save the .csv file.
+
+## View user submissions to the custom mailbox
+
+**If** you've [configured a custom mailbox](user-submission.md) to receive user reported messages, you can view and also submit messages that were delivered to the reporting mailbox.
+
+1. In the Security & Compliance Center, go to **Threat management** \> **Submissions**.
+
+2. Select the **Custom mailbox** tab.
+
+You can click the **Column options** button near the bottom of the page to add or remove columns from the view:
+
+- **Submitted on**
+- **Submitted by**<sup>\*</sup>
+- **Subject**<sup>\*</sup>
+- **Sender**
+- **Sender IP**<sup>\*</sup>
+- **Submission type**
+
+Near the top of the page, you can enter a start date, an end date, and you can filter by **Submitted by** by entering a value in the box and clicking ![Refresh button](../../media/scc-quarantine-refresh.png). You can enter multiple values separated by commas.
+
+To export the results, click **Export** near the top of the page and select **Chart data** or **Table**. In the dialog that appears, save the .csv file.
+
+## Undo user submissions
+
+Once a user submits a suspicious email to the custom mailbox, the user and admin don't have an option to undo the submission. If the user would like to recover the email, it will be available for recovery in the Deleted Items or Junk Email folders.
+
+### Submit messages to Microsoft from the custom mailbox
+
+If you've configured the custom mailbox to intercept user-reported messages without sending the messages to Microsoft, you can find and send specific messages to Microsoft for analysis. This effectively moves a user submission to an admin submission.
+
+On the **Custom mailbox** tab, select a message in the list, click the **Action** button, and make one of the following selections:
+
+- **Report clean**
+- **Report phishing**
+- **Report malware**
+- **Report spam**
+
+![Options on the Action button](../../media/user-submission-custom-mailbox-action-button.png)
security Advanced Spam Filtering Asf Options https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-365-security/advanced-spam-filtering-asf-options.md
+
+ Title: ASF settings in EOP
+f1.keywords:
+ - NOCSH
+++ Last updated :
+audience: ITPro
+
+localization_priority: Normal
+search.appverid:
+ - MET150
+ms.assetid: b286f853-b484-4af0-b01f-281fffd85e7a
+
+ - M365-security-compliance
+
+ - seo-marvel-apr2020
+description: Admins can learn about the Advanced Spam Filter (ASF) settings that are available in anti-spam policies in Exchange Online Protection (EOP).
+ms.technology: mdo
++
+# Advanced Spam Filter (ASF) settings in EOP
++
+**Applies to**
+- [Exchange Online Protection](exchange-online-protection-overview.md)
+- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
+- [Microsoft 365 Defender](../defender/microsoft-365-defender.md)
+
+> [!NOTE]
+> ASF settings that are currently available in anti-spam policies are in the process of being deprecated. We recommend that you don't use these settings in anti-spam policies. The functionality of these ASF settings is being incorporated into other parts of the filtering stack. For more information, see [EOP anti-spam policy settings](recommended-settings-for-eop-and-office365.md#eop-anti-spam-policy-settings).
+
+In all Microsoft 365 organizations, the Advanced Spam Filter (ASF) settings in anti-spam policies in EOP allow admins to mark messages as spam based on specific message properties. ASF specifically targets these properties because they're commonly found in spam. Depending on the property, ASF detections will either mark the message as **Spam** or **High confidence spam**.
+
+> [!NOTE]
+> Enabling one or more of the ASF settings is an aggressive approach to spam filtering. You can't report messages that are filtered by ASF as false positives. You can identify messages that were filtered by ASF by:
+>
+> - Periodic end-user spam quarantine notifications.
+>
+> - The presence of filtered messages in quarantine.
+>
+> - The specific `X-CustomSpam:` X-header fields that are added to messages as described in this article.
+
+The following sections describe the ASF settings and options that are available in anti-spam policies in the Security & Compliance Center, and in Exchange Online PowerShell or standalone EOP PowerShell ([New-HostedContentFilterPolicy](/powershell/module/exchange/new-hostedcontentfilterpolicy) and [Set-HostedContentFilterPolicy](/powershell/module/exchange/set-hostedcontentfilterpolicy)). For more information, see [Configure anti-spam policies in EOP](configure-your-spam-filter-policies.md).
+
+## Enable, disable, or test ASF settings
+
+For each ASF setting, the following options are available in anti-spam policies:
+
+- **On**: ASF adds the corresponding X-header field to the message, and either marks the message as **Spam** (SCL 5 or 6 for [Increase spam score settings](#increase-spam-score-settings)) or **High confidence spam** (SCL 9 for [Mark as spam settings](#mark-as-spam-settings)).
+
+- **Off**: The ASF setting is disabled. This is the default value, and we recommend that you don't change it.
+
+- **Test**: ASF adds the corresponding X-header field to the message. What happens to the message is determined by the **Test mode options** (*TestModeAction*) value:
+
+ - **None**: Message delivery is unaffected by the ASF detection. The message is still subject to other types of filtering and rules in EOP.
+
+ - **Add default X-header text (*AddXHeader*)**: The X-header value `X-CustomSpam: This message was filtered by the custom spam filter option` is added to the message. You can use this value in Inbox rules or mail flow rules (also known as transport rules) to affect the delivery of the message.
+
+ - **Send Bcc message (*BccMessage*)**: The specified email addresses (the *TestModeBccToRecipients* parameter value in PowerShell) are added to the Bcc field of the message, and the message is delivered to the additional Bcc recipients. In the Security & Compliance Center, you separate multiple email addresses by semicolons (;). In PowerShell, you separate multiple email addresses by commas.
+
+ **Notes**:
+
+ - Test mode is not available for the following ASF settings:
+
+ - **Conditional Sender ID filtering: hard fail** (*MarkAsSpamFromAddressAuthFail*)
+ - **NDR backscatter**(*MarkAsSpamNdrBackscatter*)
+ - **SPF record: hard fail** (*MarkAsSpamSpfRecordHardFail*)
+
+ - The same test mode action is applied to *all* ASF settings that are set to **Test**. You can't configure different test mode actions for different ASF settings.
+
+## Increase spam score settings
+
+The following ASF settings set the spam confidence level (SCL) of detected messages to 5 or 6, which corresponds to the **Spam** filter verdict and the corresponding action in anti-spam policies.
+
+****
+
+|Anti-spam policy setting|Description|X-header added|
+||||
+|**Image links to remote sites** <p> *IncreaseScoreWithImageLinks*|Messages that contain `<Img>` HTML tag links to remote sites (for example, using http) are marked as spam.|`X-CustomSpam: Image links to remote sites`|
+|**URL redirect to other port** <p> *IncreaseScoreWithRedirectToOtherPort*|Message that contain hyperlinks that redirect to TCP ports other than 80 (HTTP), 8080 (alternate HTTP), or 443 (HTTPS) are marked as spam.|`X-CustomSpam: URL redirect to other port`|
+|**Numeric IP address in URL** <p> *IncreaseScoreWithNumericIps*|Messages that contain numeric-based URLs (typically, IP addresses) are marked as spam.|`X-CustomSpam: Numeric IP in URL`|
+|**URL to .biz or .info websites** <p> *IncreaseScoreWithBizOrInfoUrls*|Messages that contain `.biz` or `.info` links in the body of the message are marked as spam.|`X-CustomSpam: URL to .biz or .info websites`|
+|
+
+## Mark as spam settings
+
+The following ASF settings set the SCL of detected messages to 9, which corresponds to the **High confidence spam** filter verdict and the corresponding action in anti-spam policies.
+
+****
+
+|Anti-spam policy setting|Description|X-header added|
+||||
+|**Empty messages** <p> *MarkAsSpamEmptyMessages*|Messages with no subject, no content in the message body, and no attachments are marked as high confidence spam.|`X-CustomSpam: Empty Message`|
+|**JavaScript or VBScript in HTML** <p> *MarkAsSpamJavaScriptInHtml*|Messages that use JavaScript or Visual Basic Script Edition in HTML are marked as high confidence spam. <p> These scripting languages are used in email messages to cause specific actions to automatically occur.|`X-CustomSpam: Javascript or VBscript tags in HTML`|
+|**Frame or IFrame tags in HTML** <p> *MarkAsSpamFramesInHtml*|Messages that contain `<frame>` or `<iframe>` HTML tags are marked as high confidence spam. <p> These tags are used in email messages to format the page for displaying text or graphics.|`X-CustomSpam: IFRAME or FRAME in HTML`|
+|**Object tags in HTML** <p> *MarkAsSpamObjectTagsInHtml*|Messages that contain `<object>` HTML tags are marked as high confidence spam. <p> This tag allows plug-ins or applications to run in an HTML window.|`X-CustomSpam: Object tag in html`|
+|**Embed tags in HTML** <p> *MarkAsSpamEmbedTagsInHtml*|Message that contain `<embed>` HTML tags are marked as high confidence spam. <p> This tag allows the embedding of different kinds of documents in an HTML document (for example, sounds, videos, or pictures).|`X-CustomSpam: Embed tag in html`|
+|**Form tags in HTML** <p> *MarkAsSpamFormTagsInHtml*|Messages that contain `<form>` HTML tags are marked as high confidence spam. <p> This tag is used to create website forms. Email advertisements often include this tag to solicit information from the recipient.|`X-CustomSpam: Form tag in html`|
+|**Web bugs in HTML** <p> *MarkAsSpamWebBugsInHtml*|A *web bug* (also known as a *web beacon*) is a graphic element (often as small as one pixel by one pixel) that's used in email messages to determine whether the message was read by the recipient. <p> Messages that contain web bugs are marked as high confidence spam. <p> Legitimate newsletters might use web bugs, although many consider this an invasion of privacy. |`X-CustomSpam: Web bug`|
+|**Apply sensitive word list** <p> *MarkAsSpamSensitiveWordList*|Microsoft maintains a dynamic but non-editable list of words that are associated with potentially offensive messages. <p> Messages that contain words from the sensitive word list in the subject or message body are marked as high confidence spam.|`X-CustomSpam: Sensitive word in subject/body`|
+|**SPF record: hard fail** <p> *MarkAsSpamSpfRecordHardFail*|Messages sent from an IP address that isn't specified in the SPF Sender Policy Framework (SPF) record in DNS for the source email domain are marked as high confidence spam. <p> Test mode is not available for this setting.|`X-CustomSpam: SPF Record Fail`|
+|**Conditional Sender ID filtering: hard fail** <p> *MarkAsSpamFromAddressAuthFail*|Messages that hard fail a conditional Sender ID check are marked as spam. <p> This setting combines an SPF check with a Sender ID check to help protect against message headers that contain forged senders. <p> Test mode is not available for this setting.|`X-CustomSpam: SPF From Record Fail`|
+|**NDR backscatter** <p> *MarkAsSpamNdrBackscatter*|*Backscatter* is useless non-delivery reports (also known as NDRs or bounce messages) caused by forged senders in email messages. For more information, see [Backscatter messages and EOP](backscatter-messages-and-eop.md). <p> You don't need to configure this setting in the following environments, because legitimate NDRs are delivered, and backscatter is marked as spam: <ul><li>Microsoft 365 organizations with Exchange Online mailboxes.</li><li>On-premises email organizations where you route *outbound* email through EOP.</li></ul> <p> In standalone EOP environments that protect inbound email to on-premises mailboxes, turning this setting on or off has the following result: <ul><li> **On**: Legitimate NDRs are delivered, and backscatter is marked as spam.</li><li>**Off**: Legitimate NDRs and backscatter go through normal spam filtering. Most legitimate NDRs will be delivered to the original message sender. Some, but not all, backscatter are marked as high confidence spam. By definition, backscatter can only be delivered to the spoofed sender, not to the original sender.</li></ul> <p> Test mode is not available for this setting.|`X-CustomSpam: Backscatter NDR`|
+|
security Air Custom Reporting https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-365-security/air-custom-reporting.md
+
+ Title: Custom reporting solutions with automated investigation and response
+keywords: SIEM, API, AIR, autoIR, ATP, automated investigation, integration, custom report
+f1.keywords:
+- NOCSH
+++
+audience: ITPro
+
+localization_priority: Normal
+search.appverid:
+- MET150
+- MOE150
+
+- M365-security-compliance
+- m365initiative-defender-office365
+description: Learn how to integrate automated investigation and response with a custom or third-party reporting solution.
Last updated : 01/29/2021+
+- air
+ms.technology: mdo
++
+# Custom or third-party reporting solutions for Microsoft Defender for Office 365
+
+With [Microsoft Defender for Office 365](defender-for-office-365.md), you get [detailed information about automated investigations](air-view-investigation-results.md). However, some organizations also use a custom or third-party reporting solution. If your organization wants to integrate information about [automated investigations](office-365-air.md) with such a solution, you can use the Office 365 Management Activity API.
+
+**Applies to**
+- [Microsoft Defender for Office 365 plan 2](defender-for-office-365.md)
+- [Microsoft 365 Defender](../defender/microsoft-365-defender.md)
+
+With [Microsoft Defender for Office 365](defender-for-office-365.md), you get [detailed information about automated investigations](air-view-investigation-results.md). However, some organizations also use a custom or third-party reporting solution. If your organization wants to integrate information about automated investigations with such a solution, you can use the Office 365 Management Activity API.
+
+|Resource|Description|
+|:|:|
+|[Office 365 Management APIs overview](/office/office-365-management-api/office-365-management-apis-overview)|The Office 365 Management Activity API provides information about various user, admin, system, and policy actions and events from Microsoft 365 and Azure Active Directory activity logs.|
+|[Get started with Office 365 Management APIs](/office/office-365-management-api/get-started-with-office-365-management-apis)|The Office 365 Management API uses Azure AD to provide authentication services for your application to access Microsoft 365 data. Follow the steps in this article to set this up.|
+|[Office 365 Management Activity API reference](/office/office-365-management-api/office-365-management-activity-api-reference)|You can use the Office 365 Management Activity API to retrieve information about user, admin, system, and policy actions and events from Microsoft 365 and Azure AD activity logs. Read this article to learn more about how this works.|
+|[Office 365 Management Activity API schema](/office/office-365-management-api/office-365-management-activity-api-schema)|Get an overview of the [Common schema](/office/office-365-management-api/office-365-management-activity-api-schema#common-schema) and the [Defender for Office 365 and threat investigation and response schema](/office/office-365-management-api/office-365-management-activity-api-schema#office-365-advanced-threat-protection-and-threat-investigation-and-response-schema) to learn about specific kinds of data available through the Office 365 Management Activity API.|
+|
+
+## See also
+
+- [Microsoft Defender for Office 365](defender-for-office-365.md)
+- [Automated investigation and response in Microsoft 365 Defender](/microsoft-365/security/defender/m365d-autoir)
security Air Remediation Actions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-365-security/air-remediation-actions.md
+
+ Title: Remediation actions in Microsoft Defender for Office 365
+keywords: AIR, autoIR, ATP, automated, investigation, response, remediation, threats, advanced, threat, protection
+f1.keywords:
+- NOCSH
+++
+audience: ITPro
+
+localization_priority: Normal
+search.appverid:
+- MET150
+- MOE150
+
+- M365-security-compliance
+- m365initiative-defender-office365
+description: "Learn about remediation actions following automated investigation in Microsoft Defender for Office 365."
Last updated : 02/09/2021+
+- air
+ms.technology: mdo
++
+# Remediation actions in Microsoft Defender for Office 365
++
+**Applies to**
+- [Microsoft Defender for Office 365 plan 2](defender-for-office-365.md)
+- [Microsoft 365 Defender](../defender/microsoft-365-defender.md)
+
+## Remediation actions
+
+Threat protection features in [Microsoft Defender for Office 365](defender-for-office-365.md) include certain remediation actions. Such remediation actions can include:
+
+- Soft delete email messages or clusters
+- Block URL (time-of-click)
+- Turn off external mail forwarding
+- Turn off delegation
+
+In Microsoft Defender for Office 365, remediation actions are not taken automatically. Instead, remediation actions are taken only upon approval by your organization's security operations team.
+
+## Threats and remediation actions
+
+Microsoft Defender for Office 365 includes remediation actions to address various threats. Automated investigations often result in one or more remediation actions to review and approve. In some cases, an automated investigation does not result in a specific remediation action. To further investigate and take appropriate actions, use the guidance in the following table.
+
+|Category|Threat/risk|Remediation action(s)|
+|:|:|:|
+|Email|Malware|Soft delete email/clusterΓÇï <p> If more than a handful of email messages in a cluster contain malware, the cluster is considered to be malicious.ΓÇï|
+|Email|Malicious URLΓÇï<br/>(A malicious URL was detected by [Safe Links](safe-links.md).)|Soft delete email/clusterΓÇï <br/>Block URL (time-of-click verification)<p> Email that contains a malicious URL is considered to be maliciousΓÇï.|
+|Email|Phish|Soft delete email/clusterΓÇï <p> If more than a handful of email messages in a cluster contain phishing attempts, the whole cluster is considered a phishing attempt.ΓÇï|
+|Email|Zapped phishΓÇï <br>(Email messages were delivered and then [zappedΓÇï](zero-hour-auto-purge.md).)|Soft delete email/clusterΓÇï <p>Reports are available to view zapped messages. [See if ZAP moved a message and FAQs](zero-hour-auto-purge.md#how-to-see-if-zap-moved-your-message).|
+|Email|Missed phish email [reported](enable-the-report-message-add-in.md) by a user|[Automated investigation triggered by the user's report](automated-investigation-response-office.md#example-a-user-reported-phish-message-launches-an-investigation-playbook)|
+|Email|Volume anomalyΓÇï <br> (Recent email quantities exceed the previous 7-10 days for matching criteria.ΓÇï)|Automated investigation does not result in a specific pending action. <p>Volume anomaly is not a clear threat, but is merely an indication of larger email volumes in recent days compared to the last 7-10 days. <p>Although a high volume of email can indicate potential issues, confirmation is needed in terms of either malicious verdicts or a manual review of email messages/clusters. See [Find suspicious email that was delivered](investigate-malicious-email-that-was-delivered.md#find-suspicious-email-that-was-delivered).|
+|Email|No threats found <br> (The system did not find any threats based on files, URLs, or analysis of email cluster verdicts.ΓÇï)|Automated investigation does not result in a specific pending action. <p>Threats found and [zapped](zero-hour-auto-purge.md) after an investigation is complete are not reflected in an investigation's numerical findings, but such threats are viewable in [Threat Explorer](threat-explorer.md).ΓÇï|
+|User|A user clicked a malicious URL <br> (A user navigated to a page that was later found to be malicious, or a user bypassed a [Safe Links warning page](safe-links.md#warning-pages-from-safe-links) to get to a malicious page.ΓÇï)|Automated investigation does not result in a specific pending action. <p>Block URL (time-of-click) <p>Use Threat Explorer to [view data about URLs and click verdicts](threat-explorer.md#view-phishing-url-and-click-verdict-data). <p>If your organization is using [Microsoft Defender for Endpoint](/windows/security/threat-protection/), consider [investigating the user](/microsoft-365/security/defender-endpoint/investigate-user) to determine if their account is compromised.|
+|User|A user is sending malware/phish|Automated investigation does not result in a specific pending action. <p> The user might be reporting malware/phish, or someone could be [spoofing the user](anti-spoofing-protection.md) as part of an attack. Use [Threat Explorer](threat-explorer.md) to view and handle email containing [malware](threat-explorer-views.md#email--malware) or [phish](threat-explorer-views.md#email--phish).|
+|User|Email forwarding <br> (Mailbox forwarding rules are configured, which could be used for data exfiltrationΓÇï.)|Remove forwarding ruleΓÇï <p> Use [mail flow insights](mail-flow-insights-v2.md), including the [Autoforwarded messages report](mfi-auto-forwarded-messages-report.md), to view more specific details about forwarded email.|
+|User|Email delegation rulesΓÇï <br> (A user's account has delegation set up.)|Remove delegation ruleΓÇï <p> If your organization is using [Microsoft Defender for Endpoint](/windows/security/threat-protection/), consider [investigating the user](/microsoft-365/security/defender-endpoint/investigate-user) who's getting the delegation permission.ΓÇï|
+|User|Data exfiltration <br> (A user violated email or file-sharing [DLP policies](../../compliance/data-loss-prevention-policies.md).)|Automated investigation does not result in a specific pending action. <p> [View DLP reports and take action](../../compliance/view-the-dlp-reports.md).|
+|User|Anomalous email sending <br> (A user recently sent more email than during the previous 7-10 days.)|Automated investigation does not result in a specific pending action. <p> Sending a large volume of email isn't malicious by itself; the user might just have sent email to a large group of recipients for an event. To investigate, use [mail flow insights](mail-flow-insights-v2.md), including the [mail flow map report](mfi-mail-flow-map-report.md) to determine what's going on and take action.|
+
+## Next steps
+
+- [View details and results of an automated investigation in Microsoft Defender for Office 365](air-view-investigation-results.md)
+- [View pending or completed remediation actions following an automated investigation in Microsoft Defender for Office 365](air-review-approve-pending-completed-actions.md)
+
+## Related articles
+
+- [Learn about automated investigation in Microsoft Defender for Endpoint](/windows/security/threat-protection/microsoft-defender-atp/automated-investigations)
+- [Learn about capabilities in Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-defender)
security Air Report False Positives Negatives https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-365-security/air-report-false-positives-negatives.md
+
+ Title: "How to report false positives or false negatives following automated investigation in Microsoft Defender for Office 365"
+description: Was something missed or wrongly detected by AIR in Microsoft Defender for Office 365? Learn how to submit false positives or false negatives to Microsoft for analysis.
+keywords: automated, investigation, alert, trigger, action, remediation, false positive, false negative
+search.appverid: met150
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+f1.keywords:
+- NOCSH
++ Last updated : 01/29/2021
+localization_priority: Normal
+
+audience: ITPro
+
+- M365-security-compliance
+- m365initiative-defender-office365
++
+- autoir
+ms.technology: mdo
++
+# How to report false positives/negatives in automated investigation and response capabilities
++
+**Applies to**
+- [Microsoft Defender for Office 365 plan 2](defender-for-office-365.md)
+- [Microsoft 365 Defender](../defender/microsoft-365-defender.md)
+
+If [automated investigation and response (AIR) capabilities in Office 365](automated-investigation-response-office.md) missed or wrongly detected something, there are steps your security operations team can take to fix it. Such actions include:
+
+- [Reporting a false positive/negative to Microsoft](#report-a-false-positivenegative-to-microsoft-for-analysis);
+- [Adjusting alerts](#adjust-an-alert-to-prevent-false-positives-from-recurring) (if needed); and
+- [Undoing remediation actions that were taken](#undo-a-remediation-action).
+
+Use this article as a guide.
+
+## Report a false positive/negative to Microsoft for analysis
+
+If AIR in Microsoft Defender for Office 365 missed an email message, an email attachment, a URL in an email message, or a URL in an Office file, you can [submit suspected spam, phish, URLs, and files to Microsoft for Office 365 scanning](admin-submission.md).
+
+You can also [Submit a file to Microsoft for malware analysis](https://www.microsoft.com/wdsi/filesubmission).
+
+## Adjust an alert to prevent false positives from recurring
+
+If an alert is triggered by legitimate use, or the alert is inaccurate, you can [Manage alerts in the Cloud App Security portal](/cloud-app-security/managing-alerts).
+
+If your organization is using [Microsoft Defender for Endpoint](/windows/security/threat-protection) in addition to Office 365, and a file, IP address, URL, or domain is treated as malware on a device, even though it's safe, you can [create a custom indicator with an "Allow" action for your device](/windows/security/threat-protection/microsoft-defender-atp/manage-indicators).
+
+## Undo a remediation action
+
+In most cases, if a remediation action was taken on an email message, email attachment, or URL, and the item is actually not a threat, your security operations team can undo the remediation action and take steps to prevent the false positive from recurring. You can either use [Threat Explorer](#undo-an-action-using-threat-explorer) or the [Actions tab for an investigation](#undo-an-action-in-the-action-center) to undo an action.
+
+> [!IMPORTANT]
+> Make sure you have the necessary permissions before attempting to perform the following tasks.
+
+### Undo an action using Threat Explorer
+
+With Threat Explorer, your security operations team can find an email affected by an action and potentially undo the action.
+
+|Scenario|Undo Options|Learn more|
+||||
+|An email message was routed to a user's Junk Email folder|- Move the message to the user's Deleted Items folder<br/>- Move the message to the user's Inbox<br/>- Delete the message|[Find and investigate malicious email that was delivered in Office 365](investigate-malicious-email-that-was-delivered.md)|
+|An email message or a file was quarantined|- Release the email or file<br/>- Delete the email or file|[Manage quarantined messages as an admin](manage-quarantined-messages-and-files.md)|
+|
+
+### Undo an action in the Action center
+
+In the Action center, you can see remediation actions that were taken and potentially undo the action.
+
+1. Go to the Microsoft 365 security center (<https://security.microsoft.com>).
+2. In the navigation pane, select **Action center**.
+3. Select the **History** tab to view the list of completed actions.
+4. Select an item. Its flyout pane opens.
+5. In the flyout pane, select **Undo**. (Only actions that can be undone will have an **Undo** button.)
+
+## See also
+
+- [Microsoft Defender for Office 365](defender-for-office-365.md)
+- [Automated investigations in Microsoft Defender for Office 365](office-365-air.md)
security Air Review Approve Pending Completed Actions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-365-security/air-review-approve-pending-completed-actions.md
+
+ Title: Review and manage remediation actions in Microsoft Defender for Office 365
+keywords: AIR, autoIR, ATP, automated, investigation, response, remediation, threats, advanced, threat, protection
+f1.keywords:
+- NOCSH
+++
+audience: ITPro
+
+localization_priority: Normal
+search.appverid:
+- MET150
+- MOE150
+
+- M365-security-compliance
+- m365initiative-defender-office365
+description: Learn about remediation actions in automated investigation and response capabilities in Microsoft Defender for Office 365 Plan 2.
+ms.technology: mdo
Last updated : 01/29/2021++
+# Review and manage remediation actions in Office 365
+
+As automated investigations on email & collaboration content result in verdicts, such as *Malicious* or *Suspicious*, certain remediation actions are created. In Microsoft Defender for Office 365, remediation actions can include:
+- Blocking a URL (time-of-click)
+- Soft deleting email messages or clusters
+- Quarantining email or email attachments
+- Turning off external mail forwarding
+
+These remediation actions are not taken unless and until your security operations team approves them. We recommend reviewing and approving any pending actions as soon as possible so that your automated investigations complete in a timely manner. In some cases, you can undo a remediation action.
+
+**Applies to**
+- [Microsoft Defender for Office 365 plan 2](defender-for-office-365.md)
+- [Microsoft 365 Defender](../defender/microsoft-365-defender.md)
+
+## Approve (or reject) pending actions
+
+1. Go to the Microsoft 365 security center (<https://security.microsoft.com>) and sign in.
+2. In the navigation pane, select **Action center**.
+3. On the **Pending** tab, review the list of actions that are awaiting approval.
+4. Select an item in the list. Its flyout pane opens.
+5. Review the information in the flyout pane, and then take one of the following steps:
+ - Select **Open investigation page** to view more details about the investigation.
+ - Select **Approve** to initiate a pending action.
+ - Select **Reject** to prevent a pending action from being taken.
+
+## Undo one remediation action
+
+1. Go to the Action center (<https://security.microsoft.com/action-center>) and sign in.
+2. On the **History** tab, select an action that you want to undo.
+3. In the pane on the right side of the screen, select **Undo**.
+
+## Undo multiple remediation actions
+
+1. Go to the Action center (<https://security.microsoft.com/action-center>) and sign in.
+2. On the **History** tab, select the actions that you want to undo. Make sure to select items that have the same Action type. A flyout pane opens.
+3. In the flyout pane, select Undo.
+
+## To remove a file from quarantine across multiple devices
+
+1. Go to the Action center (<https://security.microsoft.com/action-center>) and sign in.
+2. On the **History** tab, select a file that has the Action type **Quarantine file**.
+3. In the pane on the right side of the screen, select **Apply to X more instances of this file**, and then select **Undo**.
+
+## Next steps
+
+- [Use Threat Explorer](threat-explorer.md)
+- [How to report false positives/negatives in automated investigation and response capabilities](air-report-false-positives-negatives.md)
+
+## See also
+
+- [View details and results of an automated investigation in Office 365](air-view-investigation-results.md)
security Air View Investigation Results https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-365-security/air-view-investigation-results.md
+
+ Title: View the results of an automated investigation in Microsoft 365
+keywords: AIR, autoIR, ATP, automated, investigation, remediation, actions
+f1.keywords:
+- NOCSH
+++
+audience: ITPro
+
+localization_priority: Normal
+search.appverid:
+- MET150
+- MOE150
+
+- M365-security-compliance
+- m365initiative-defender-office365
+description: During and after an automated investigation in Microsoft 365, you can view the results and key findings.
Last updated : 01/29/2021
+ms.technology: mdo
++
+# Details and results of an automated investigation in Microsoft 365
+
+**Applies to**
+- [Microsoft Defender for Office 365 plan 2](defender-for-office-365.md)
+- [Microsoft 365 Defender](../defender/microsoft-365-defender.md)
+
+When an [automated investigation](office-365-air.md) occurs in [Microsoft Defender for Office 365](defender-for-office-365.md), details about that investigation are available during and after the automated investigation process. If you have the necessary permissions, you can view those details in the Microsoft 365 security center. Investigation details provide you with up-to-date status, and the ability to approve any pending actions.
+
+> [!TIP]
+> Check out the new, unified investigation page in the Microsoft 365 security center. To learn more, see [(NEW!) Unified investigation page](../defender/m365d-autoir-results.md#new-unified-investigation-page).
+
+## Investigation status
+
+The investigation status indicates the progress of the analysis and actions. As the investigation runs, status changes to indicate whether threats were found, and whether actions have been approved.
+
+|Status|Description|
+|:|:|
+|**Starting**|The investigation has been triggered and waiting to start runningΓÇï.|
+|**Running**|The investigation process has started and is underway. This state also occurs when [pending actions](air-review-approve-pending-completed-actions.md#approve-or-reject-pending-actions) are approved.|
+|**No Threats Found**|The investigation has finished and no threats (user account, email message, URL, or file) were identified. <p> **TIP**: If you suspect something was missed (such as a false negative), you can take action using [Threat Explorer](threat-explorer.md)ΓÇï.|
+|**Threats Found**|The automated investigation found issues, but there are no specific remediation actions to resolve those issues. <p> The **Threats Found** status can occur when some type of user activity was identified but no cleanup actions are available. Examples include any of the following user activities: <br/>- A [data loss prevention](../../compliance/data-loss-prevention-policies.md) (DLP) event<br/>- An email sending anomaly<br/>- Sent malware<br/>- Sent phish <p> The investigation found no malicious URLs, files, or email messages to remediate, and no mailbox activity to fix, such as turning off forwarding rules or delegation. <p> **TIP**: If you suspect something was missed (such as a false negative), you can investigate and take action using [Threat Explorer](threat-explorer.md)ΓÇï.|
+|**Terminated By System**|The investigation stopped. An investigation can stop for several reasons:ΓÇï <br/>- The investigation's pending actions expired. Pending actions time out after awaiting approval for one week.<br/>- There are too many actions. For example, if there are too many users clicking on malicious URLs, it can exceed the investigation's ability to run all the analyzers, so the investigation haltsΓÇï.<p> **TIP**: If an investigation halts before actions were taken, try using [Threat Explorer](threat-explorer.md) to find and address threats.|
+|**Pending Action**|The investigation has found a threat, such as a malicious email, a malicious URL, or a risky mailbox settingΓÇï, and an action to remediate that threat is [awaiting approval](air-review-approve-pending-completed-actions.md). <p> The **Pending Action** state is triggered when any threat with a corresponding action is found. However, the list of pending actions can increase as an investigation runs. View investigation details to see if other items are still pending completion.ΓÇï|
+|**Remediated**|The investigation finished and all remediation actions were approved (noted as fully remediated). <p> **NOTE**: Approved remediation actions can have errors that prevent the actions from being taken. Regardless of whether remediation actions are successfully completed, the investigation status does not change. View investigation details.ΓÇï|
+|**Partially Remediated**|The investigation resulted in remediation actions, and some were approved and completedΓÇï. Other actions are still [pending](air-review-approve-pending-completed-actions.md).|
+|**Failed**|At least one investigation analyzer ran into a problem where it could not complete properlyΓÇï. <p> **NOTE**: If an investigation fails after remediation actions were approved, the remediation actions might still have succeeded. View the investigation details. ΓÇïΓÇï|
+|**Queued By Throttling**|An investigation is being held in a queue. When other investigations complete, queued investigations begin. Throttling helps avoid poor service performance. <p> **TIP**: Pending actions can limit how many new investigations can run. Make sure to [approve (or reject) pending actions](air-review-approve-pending-completed-actions.md#approve-or-reject-pending-actions).|
+|**Terminated By Throttling**|If an investigation is held in the queue too long, it stops. <p> **TIP**: You can [start an investigation from Threat Explorer](automated-investigation-response-office.md#example-a-security-administrator-triggers-an-investigation-from-threat-explorer).|
+|
+
+## View details of an investigation
+
+1. Go to the Microsoft 365 security center (<https://security.microsoft.com>) and sign in.
+2. In the navigation pane, select **Action center**.
+3. On either the **Pending** or **History** tabs, select an action. Its flyout pane opens.
+4. In the flyout pane, select **Open investigation page**.
+5. Use the various tabs to learn more about the investigation.
+
+## View details about an alert related to an investigation
+
+Certain kinds of alerts trigger automated investigation in Microsoft 365. To learn more, see [alert policies that trigger automated investigations](office-365-air.md#which-alert-policies-trigger-automated-investigations).
+
+1. Go to the Microsoft 365 security center (<https://security.microsoft.com>) and sign in.
+2. In the navigation pane, select **Action center**.
+3. On either the **Pending** or **History** tabs, select an action. Its flyout pane opens.
+4. In the flyout pane, select **Open investigation page**.
+5. Select the **Alerts** tab to view a list of all of the alerts associated with that investigation.
+6. Select an item in the list to open its flyout pane. There, you can view more information about the alert.
+
+## Keep the following points in mind
+
+- Email counts are calculated at the time of the investigation, and some counts are recalculated when you open investigation flyouts (based on an underlying query).
+
+- The email counts shown for the email clusters on the **Email** tab and the email quantity value shown on cluster flyout are calculated at the time of investigation, and do not change.
+
+- The email count shown at the bottom of the **Email** tab of the email cluster flyout and the count of email messages shown in Explorer reflect email messages received after the investigation's initial analysis.
+
+ Thus, an email cluster that shows an original quantity of 10 email messages would show an email list total of 15 when five more email messages arrive between the investigation analysis phase and when the admin reviews the investigation. Likewise, old investigations might start showing higher counts than Explorer queries show, because data in Microsoft Defender for Office 365 Plan 2 expires after seven days for trials and after 30 days for paid licenses.
+
+ Showing both count historical and current counts in different views is done to indicate the email impact at the time of investigation and the current impact up until the time that remediation is run.
+
+- In the context of email, you might see a volume anomaly threat surface as part of the investigation. A volume anomaly indicates a spike in similar email messages around the investigation event time compared to earlier timeframes. A spike in email traffic together with certain characteristics (for example, subject and sender domain, body similarity, and sender IP) is typical of the start of email campaigns or attacks. However, bulk, spam, and legitimate email campaigns commonly share these characteristics.
+
+- Volume anomalies represent a potential threat, and accordingly could be less severe compared to malware or phish threats that are identified using anti-virus engines, detonation, or malicious reputation.
+
+- You do not have to approve every action. If you do not agree with the recommended action or your organization does not choose certain types of actions, then you can choose to **Reject** the actions or simply ignore them and take no action.
+
+- Approving and/or rejecting all actions lets the investigation fully close (status becomes remediated), while leaving some actions incomplete results in the investigation status changing to a partially remediated state.
+
+## Next steps
+
+- [Review and approve pending actions](air-review-approve-pending-completed-actions.md#approve-or-reject-pending-actions)
security Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-365-security/alerts.md
+
+ Title: Alerts in the Security & Compliance Center
+f1.keywords:
+ - NOCSH
+++ Last updated :
+audience: Admin
+
+localization_priority: Normal
+search.appverid:
+ - MOE150
+ - MET150
+ - BCS160
+ms.assetid: 2bb4e7c0-5f7f-4144-b647-cc6a956aaa53
+
+ - M365-security-compliance
+ - m365initiative-defender-office365
+description: Learn about how to use the alerts features in the Office 365 Security & Compliance Center to view and manage alerts, including managing advanced alerts.
+
+ms.technology: mdo
++
+# Alerts in the Security & Compliance Center
++
+**Applies to**
+- [Exchange Online Protection](exchange-online-protection-overview.md)
+- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
+
+Use the alerts features in the Security & Compliance Center to view and manage alerts for your organization, including managing advanced alerts as part of [Microsoft Cloud App Security overview](/cloud-app-security/what-is-cloud-app-security).
+
+## How to get to the alerts features
+
+Alerts are in the Security & Compliance Center. Here's how to get to the page.
+
+### To go directly to the Security & Compliance Center
+
+1. Go to <https://protection.office.com>.
+
+2. Sign in using your work or school account.
+
+3. In the left pane, click **Alerts** to see the alerts features.
+
+### To go to the Security & Compliance Center using the app launcher
+
+1. Sign in using your work or school account.
+
+2. Click the app launcher in the upper left corner, and then click **Security & Compliance**.
+
+ Can't find the app you're looking for? From the app launcher, select **All apps** to see an alphabetical list of the Office 365 apps available to you. From there, you can search for a specific app.
+
+3. In the left pane, click **Alerts** to see the alerts features.
+
+## Alerts features
+
+The following table describes the tools that are available under **Alerts** in the Security & Compliance Center.
+
+****
+
+|Tool|Description|
+|||
+|[Manage alerts](../../compliance/create-activity-alerts.md)|Use activity alerts to send email notifications to yourself or other admins when users perform specific activities in Microsoft 365. Activity alerts are similar to searching the audit log for events, except that you'll be sent an email message when an event that you've created an alert for occurs.|
+|[Manage advanced alerts](/cloud-app-security/what-is-cloud-app-security)|Use the **Manage advanced alerts** feature of Microsoft 365 Cloud App Security to set up policies that can alert you to suspicious and anomalous activity in Microsoft 365. After you're alerted, you can investigate situations that are potentially problematic and, if needed, take action to address security issues.|
+|
security Anti Malware Protection Faq Eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-365-security/anti-malware-protection-faq-eop.md
+
+ Title: Anti-malware protection FAQ
+f1.keywords:
+ - NOCSH
+++
+audience: ITPro
++
+localization_priority: Normal
+search.appverid:
+ - MET150
+ms.assetid: 013c8a5f-8990-40e4-bfa8-f92ff1042623
+
+ - M365-security-compliance
+ - m365initiative-defender-office365
+
+ - seo-marvel-apr2020
+description: Admins can view frequently asked questions and answers about anti-malware protection in Exchange Online Protection (EOP).
+ms.technology: mdo
++
+# Anti-malware protection FAQ
++
+**Applies to**
+- [Exchange Online Protection](exchange-online-protection-overview.md)
+- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
+- [Microsoft 365 Defender](../defender/microsoft-365-defender.md)
+
+This article provides frequently asked questions and answers about anti-malware protection for Microsoft 365 organizations with mailboxes in Exchange Online, or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes.
+
+For questions and answers about the quarantine, see [Quarantine FAQ](quarantine-faq.md).
+
+For questions and answers about anti-spam protection, see [Anti-spam protection FAQ](anti-spam-protection-faq.md).
+
+For questions and answers about anti-spoofing protection, see [Anti-spoofing protection FAQ](anti-spoofing-protection-faq.md).
+
+## What are best practice recommendations for configuring and using the service to combat malware?
+
+See [EOP anti-malware policy settings](recommended-settings-for-eop-and-office365.md#eop-anti-malware-policy-settings).
+
+## How often are the malware definitions updated?
+
+Each server checks for new malware definitions from our anti-malware partners every hour.
+
+## How many anti-malware partners do you have? Can I choose which malware engines we use?
+
+We have partnerships with multiple anti-malware technology providers, so messages are scanned with the Microsoft anti-malware engines, two added signature based engines, plus URL and file reputation scans from multiple sources. Our partners are subject to change, but EOP always uses anti-malware protection from multiple partners. You can't choose one anti-malware engine over another.
+
+## Where does malware scanning occur?
+
+We scan for malware in messages that are sent to or sent from a mailbox (messages in transit). For Exchange Online mailboxes, we also have [malware zero-hour auto purge (ZAP)](zero-hour-auto-purge.md) to scan for malware in messages that have already been delivered. If you resend a message from a mailbox, then it's scanned again (because it's in transit).
+
+## If I make a change to an anti-malware policy, how long does it take after I save my changes for them to take effect?
+
+It might take up to 1 hour for the changes to take effect.
+
+## Does the service scan internal messages for malware?
+
+For organizations with Exchange Online mailbox, the service scans for malware in all inbound and outbound messages, including messages sent between internal recipients.
+
+A standalone EOP subscription scans messages as they enter or leave your on-premises email organization. Messages sent between internal users aren't scanned for malware. However, you can use the built-in anti-malware scanning features of Exchange Server. For more information, see [Antimalware protection in Exchange Server](/Exchange/antispam-and-antimalware/antimalware-protection/antimalware-protection).
+
+## Do all anti-malware engines used by the service have heuristic scanning enabled?
+
+Yes. Heuristic scanning scans for both known (signature match) and unknown (suspicious) malware.
+
+## Can the service scan compressed files (such as .zip files)?
+
+Yes. The anti-malware engines can drill into compressed (archive) files.
+
+## Is the compressed attachment scanning support recursive (.zip within a .zip within a .zip) and if so, how deep does it go?
+
+Yes, recursive scanning of compressed files scans many layers deep.
+
+## Does the service work with legacy Exchange versions and non-Exchange environments?
+
+Yes, the service is server agnostic.
+
+## What's a zero-day virus and how is it handled by the service?
+
+A zero-day virus is a first generation, previously unknown variant of malware that's never been captured or analyzed.
+
+After a zero-day virus sample is captured and analyzed by our anti-malware engines, a definition and unique signature is created to detect the malware.
+
+When a definition or signature exists for the malware, it's no longer considered zero-day.
+
+## How can I configure the service to block specific executable files (such as \*.exe) that I fear may contain malware?
+
+You can enable the **Common Attachment Types Filter** (also known as common attachment blocking) as described in [Anti-malware policies](anti-malware-protection.md#anti-malware-policies).
+
+You can also create an Exchange mail flow rule (also known as transport rule) that blocks any email attachment that has executable content.
+
+Follow the steps in [How to reduce malware threats through file attachment blocking in Exchange Online Protection](https://support.microsoft.com/help/2959596) to block the file types listed in [Supported file types for mail flow rule content inspection in Exchange Online](/exchange/security-and-compliance/mail-flow-rules/inspect-message-attachments#supported-file-types-for-mail-flow-rule-content-inspection).
+
+For increased protection, we also recommend using the **Any attachment file extension includes these words** condition in mail flow rules to block some or all of the following extensions: `ade, adp, ani, bas, bat, chm, cmd, com, cpl, crt, hlp, ht, hta, inf, ins, isp, job, js, jse, lnk, mda, mdb, mde, mdz, msc, msi, msp, mst, pcd, reg, scr, sct, shs, url, vb, vbe, vbs, wsc, wsf, wsh`.
+
+## Why did a specific malware get past the filters?
+
+There are two possible reasons why you might have received malware:
+
+1. Most likely, the attachment does not actually contain malicious code. Some anti-malware engines that run on computers might be more aggressive and could stop messages with truncated payloads.
+
+2. The malware you received is a new variant (see [What's a zero-day virus and how is it handled by the service?](#whats-a-zero-day-virus-and-how-is-it-handled-by-the-service)). The time it takes for a malware definition update is dependent on our anti-malware partners.
+
+## How can I submit malware that made it past the filters to Microsoft? Also, how can I submit a file that I believe was incorrectly detected as malware?
+
+See [Report messages and files to Microsoft](report-junk-email-messages-to-microsoft.md).
+
+## I received an email message with an unfamiliar attachment. Is this malware or can I disregard this attachment?
+
+We strongly advise that you do not open any attachments that you do not recognize. If you would like us to investigate the attachment, go to the Malware Protection Center and submit the possible malware to us as described previously.
+
+## Where can I get the messages that have been deleted by the malware filters?
+
+The messages contain active malicious code and therefore we do not allow access to these messages. They are unceremoniously deleted.
+
+## I am not able to receive a specific attachment because it is being falsely filtered by the malware filters. Can I allow this attachment through via mail flow rules?
+
+No. You can't use Exchange mail flow rules to skip malware filtering.
+
+## Can I get reporting data about malware detections?
+
+Yes, you can access reports in the admin center. For more information about reporting, see the following links:
+
+Exchange Online customers: [Monitoring, Reporting, and Message Tracing in Exchange Online](/exchange/monitoring/monitoring)
+
+Exchange Online Protection customers: [Reporting and message trace in Exchange Online Protection](reporting-and-message-trace-in-exchange-online-protection.md)
+
+## Is there a tool that I can use to follow a malware-detected message through the service?
+
+Yes, the message trace tool enables you to follow email messages as they pass through the service. For more information about how to use the message trace tool to find out why a message was detected to contain malware, see [Message trace in the Security & Compliance Center](message-trace-scc.md).
+
+## Can I use a third-party anti-spam and anti-malware provider in conjunction with Exchange Online?
+
+Yes. In most cases, we recommend that you point your MX records to (that is, deliver email directly to) EOP. If you need to route your email somewhere else first, you need to enable [Enhanced Filtering for Connectors](/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/enhanced-filtering-for-connectors) so EOP can use the true message source in filtering decisions.
+
+## Are spam and malware messages being investigated as to who sent them, or being transferred to law enforcement entities?
+
+The service focuses on spam and malware detection and removal, though we may occasionally investigate especially dangerous or damaging spam or attack campaigns and pursue the perpetrators.
+
+We often with our legal and digital crime units to take the following actions:
+
+- Take down a spam botnet.
+- Block an attacker from using the service.
+- Pass the information on to law enforcement for criminal prosecution.
+
+## For more information
+
+[Configure anti-malware policies](configure-anti-malware-policies.md)
+
+[Anti-malware protection](anti-malware-protection.md)
security Anti Malware Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-365-security/anti-malware-protection.md
+
+ Title: Anti-malware protection
+f1.keywords:
+ - NOCSH
+++ Last updated :
+audience: ITPro
++
+localization_priority: Normal
+search.appverid:
+ - MET150
+ms.assetid: 0e39a0ce-ab8b-4820-8b5e-93fbe1cc11e8
+
+ - M365-security-compliance
+ - m365initiative-defender-office365
+description: Admins can learn about anti-malware protection and anti-malware policies that protect against viruses, spyware, and ransomware in Exchange Online Protection (EOP).
+
+ms.technology: mdo
++
+# Anti-malware protection in EOP
++
+**Applies to**
+- [Exchange Online Protection](exchange-online-protection-overview.md)
+- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
+- [Microsoft 365 Defender](../defender/microsoft-365-defender.md)
+
+In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, email messages are automatically protected against malware by EOP. Some of the major categories of malware are:
+
+- **Viruses** that infect other programs and data, and spread through your computer or network looking for programs to infect.
+
+- **Spyware** that that gathers your personal information, such as sign-in information and personal data, and sends it back to its author.
+
+- **Ransomware** that encrypts your data and demands payment to decrypt it. Anti-malware software doesn't help you decrypt encrypted files, but it can detect and remove the malware payload that's associated with the ransomware.
+
+EOP offers multi-layered malware protection that's designed to catch all known malware traveling into or out of your organization. The following options help provide anti-malware protection:
+
+- **Layered defenses against malware**: Multiple anti-malware scan engines help protect against both known and unknown threats. These engines include powerful heuristic detection to provide protection even during the early stages of a malware outbreak. This multi-engine approach has been shown to provide significantly more protection than using just one anti-malware engine.
+
+- **Real-time threat response**: During some outbreaks, the anti-malware team may have enough information about a virus or other form of malware to write sophisticated policy rules that detect the threat, even before a definition is available from any of the scan engines used by the service. These rules are published to the global network every 2 hours to provide your organization with an extra layer of protection against attacks.
+
+- **Fast anti-malware definition deployment**: The anti-malware team maintains close relationships with partners who develop anti-malware engines. As a result, the service can receive and integrate malware definitions and patches before they're publicly released. Our connection with these partners often allows us to develop our own remedies as well. The service checks for updated definitions for all anti-malware engines every hour.
+
+In EOP, messages that are found to contain malware in *any* attachments are quarantined, and can only be released from quarantine by an admin. For more information, see [Manage quarantined messages and files as an admin in EOP](manage-quarantined-messages-and-files.md).
+
+For more information about anti-malware protection, see the [Anti-malware protection FAQ](anti-malware-protection-faq-eop.md).
+
+To configure anti-malware policies, see [Configure anti-malware policies](configure-anti-malware-policies.md).
+
+To submit malware to Microsoft, see [Report messages and files to Microsoft](report-junk-email-messages-to-microsoft.md).
+
+## Anti-malware policies
+
+Anti-malware policies control the settings and notification options for malware detections. The important settings in anti-malware policies are:
+
+- **Recipient notifications**: By default, a message recipient isn't told that a message intended for them was quarantined due to malware. But, you can enable recipient notifications in the form of delivering the original message with *all* attachments removed and replaced by a single file named **Malware Alert Text.txt** that contains the following text:
+
+ > Malware was detected in one or more attachments included with this email message. <br> Action: All attachments have been removed. <br> \<Original malware attachment name\> \<Malware detection result\>
+
+ You can replace the default text in the **Malware Alert Text.txt** file with your own custom text.
+
+- **Common Attachment Types Filter**: There are certain types of files that you really shouldn't send via email (for example, executable files). Why bother scanning these type of files for malware, when you should probably block them all, anyway? That's where the Common Attachment Types Filter comes in. It's disabled by default, but when you enable it, the file types you specify are automatically treated as malware. You can use the default list of file types or customize the list. The default file types are: `.ace, .ani, .app, .docm, .exe, .jar, .reg, .scr, .vbe, .vbs`.
+
+ The Common Attachment Types Filter uses best effort true-typing to detect the file type regardless of the file name extension. If true-typing fails or isn't supported for the specified file type, then simple extension matching is used.
+
+- **Malware zero-hour auto purge (ZAP)**: Malware ZAP quarantines messages that are found to contain malware *after* they've been delivered to Exchange Online mailboxes. By default, malware ZAP is on, and we recommend that you leave it on.
+
+- **Sender notifications**: By default, a message sender isn't told that their message was quarantined due to malware. But, you can enabled notification messages for senders based on whether the sender is internal or external. The default notification message looks like this:
+
+ > From: Postmaster postmaster@_\<defaultdomain\>_.com <br> Subject: Undeliverable message <p> This message was created automatically by mail delivery software. Your email message was not delivered to the intended recipients because malware was detected. All attachments were deleted. <p> Additional Information : <p> Subject: \<message subject\> <br> Sender: \<message sender\> <p> Time received: \<date/time\> <br> Message ID: \<message id\> <br> Detections found: <br> \<attachment name\> \<malware detection result\>
+
+ You can customize the **From address**, **subject**, and **message text** for internal and external notifications.
+
+ You can also specify an additional recipient (an admin) to receive notifications for malware detected in messages from internal or external senders.
+
+- **Recipient filters**: For custom anti-malware policies, you can specify recipient conditions and exceptions that determine who the policy applies to. You can use these properties for conditions and exceptions:
+
+ - **The recipient is**
+ - **The recipient domain is**
+ - **The recipient is a member of**
+
+ You can only use a condition or exception once, but the condition or exception can contain multiple values. Multiple values of the same condition or exception use OR logic (for example, _\<recipient1\>_ or _\<recipient2\>_). Different conditions or exceptions use AND logic (for example, _\<recipient1\>_ and _\<member of group 1\>_).
+
+- **Priority**: If you create multiple custom anti-malware policies, you can specify the order that they're applied. No two policies can have the same priority, and policy processing stops after the first policy is applied.
+
+ For more information about the order of precedence and how multiple policies are evaluated and applied, see [Order and precedence of email protection](how-policies-and-protections-are-combined.md).
+
+### Anti-malware policies in the Security & Compliance Center vs PowerShell
+
+The basic elements of an anti-malware policy are:
+
+- **The malware filter policy**: Specifies the recipient notification, sender and admin notification, ZAP, and the Common Attachment Types Filter settings.
+- **The malware filter rule**: Specifies the priority and recipient filters (who the policy applies to) for a malware filter policy.
+
+The difference between these two elements isn't obvious when you manage anti-malware polices in the Security & Compliance Center:
+
+- When you create an anti-malware policy, you're actually creating a malware filter rule and the associated malware filter policy at the same time using the same name for both.
+
+- When you modify an anti-malware policy, settings related to the name, priority, enabled or disabled, and recipient filters modify the malware filter rule. Other settings (recipient notification, sender and admin notification, ZAP, and the Common Attachment Types Filter) modify the associated malware filter policy.
+
+- When you remove an anti-malware policy, the malware filter rule and the associated malware filter policy are removed.
+
+In Exchange Online PowerShell or standalone EOP PowerShell, the difference between malware filter policies and malware filter rules is apparent. You manage malware filter policies by using the **\*-MalwareFilterPolicy** cmdlets, and you manage malware filter rules by using the **\*-MalwareFilterRule** cmdlets.
+
+- In PowerShell, you create the malware filter policy first, then you create the malware filter rule that identifies the policy that the rule applies to.
+- In PowerShell, you modify the settings in the malware filter policy and the malware filter rule separately.
+- When you remove a malware filter policy from PowerShell, the corresponding malware filter rule isn't automatically removed, and vice versa.
+
+### Default anti-malware policy
+
+Every organization has a built-in anti-malware policy named Default that has these properties:
+
+- The policy is applied to all recipients in the organization, even though there's no malware filter rule (recipient filters) associated with the policy.
+
+- The policy has the custom priority value **Lowest** that you can't modify (the policy is always applied last). Any custom anti-malware policies that you create always have a higher priority than the policy named Default.
+
+- The policy is the default policy (the **IsDefault** property has the value `True`), and you can't delete the default policy.
security Anti Phishing Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-365-security/anti-phishing-protection.md
+
+ Title: Anti-phishing protection
+f1.keywords:
+ - NOCSH
+++ Last updated :
+audience: ITPro
++
+localization_priority: Normal
+search.appverid:
+ - MET150
+ms.assetid: 75af74b2-c7ea-4556-a912-8c48e07271d3
+
+ - M365-security-compliance
+ - m365initiative-defender-office365
+
+ - TopSMBIssues
+ - seo-marvel-apr2020
+description: Admins can learn about the anti-phishing protection features in Exchange Online Protection (EOP) and Microsoft Defender for Office 365.
+ms.technology: mdo
++
+# Anti-phishing protection in Microsoft 365
++
+**Applies to**
+- [Exchange Online Protection](exchange-online-protection-overview.md)
+- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
+- [Microsoft 365 Defender](../defender/microsoft-365-defender.md)
+
+*Phishing* is an email attack that tries to steal sensitive information in messages that appear to be from legitimate or trusted senders. There are specific categories of phishing. For example:
+
+- **Spear phishing** uses focused, customized content that's specifically tailored to the targeted recipients (typically, after reconnaissance on the recipients by the attacker).
+
+- **Whaling** is directed at executives or other high value targets within an organization for maximum effect.
+
+- **Business email compromise (BEC)** uses forged trusted senders (financial officers, customers, trusted partners, etc.) to trick recipients into approving payments, transferring funds, or revealing customer data.
+
+- **Ransomware** that encrypts your data and demands payment to decrypt it almost always starts out in phishing messages. Anti-phishing protection can't help you decrypt encrypted files, but it can help detect the initial phishing messages that are associated with the ransomware campaign. For more information about recovering from a ransomware attack, see [Recover from a ransomware attack in Microsoft 365](recover-from-ransomware.md).
+
+With the growing complexity of attacks, it's even difficult for trained users to identify sophisticated phishing messages. Fortunately, Exchange Online Protection (EOP) and the additional features in Microsoft Defender for Office 365 can help.
+
+## Anti-phishing protection in EOP
+
+EOP (that is, Microsoft 365 organizations without Microsoft Defender for Office 365) contains features that can help protect your organization from phishing threats:
+
+- **Spoof intelligence**: Review spoofed messages from senders in internal and external domains, and allow or block those senders. For more information, see [Configure spoof intelligence in EOP](learn-about-spoof-intelligence.md).
+
+- **Anti-phishing policies in EOP**: Turn spoof intelligence on or off, turn unauthenticated sender identification in Outlook on or off, and specify the action for blocked spoofed senders (move to Junk Email folder or quarantine). For more information, see [Configure anti-phishing policies in EOP](configure-anti-phishing-policies-eop.md).
+
+- **Implicit email authentication**: EOP enhances standard email authentication checks for inbound email ([SPF](set-up-spf-in-office-365-to-help-prevent-spoofing.md), [DKIM](use-dkim-to-validate-outbound-email.md), and [DMARC](use-dmarc-to-validate-email.md)) with sender reputation, sender history, recipient history, behavioral analysis, and other advanced techniques to help identify forged senders. For more information, see [Email authentication in Microsoft 365](email-validation-and-authentication.md).
+
+## Additional anti-phishing protection in Microsoft Defender for Office 365
+
+Microsoft Defender for Office 365 contains additional and more advanced anti-phishing features:
+
+- **Anti-phishing policies in Microsoft Defender for Office 365**: Create new custom policies, configure anti-impersonation settings (protect users and domains from impersonation), mailbox intelligence settings, and adjustable advanced phishing thresholds. For more information, see [Configure anti-phishing policies in Microsoft Defender for Office 365](configure-atp-anti-phishing-policies.md). For more information about the differences between anti-phishing policies in EOP and anti-phishing policies in Defender for Office 365, see [Anti-phishing policies in Microsoft 365](set-up-anti-phishing-policies.md).
+
+- **Campaign Views**: Machine learning and other heuristics identify and analyze messages that are involved in coordinated phishing attacks against the entire service and your organization. For more information, see [Campaign Views in Microsoft Defender for Office 365](campaigns.md).
+
+- **Attack simulator**: Admins can create fake phishing messages and send them to internal users as an education tool. For more information, see [Attack Simulator in Microsoft Defender for Office 365](attack-simulator.md).
+
+## Other anti-phishing resources
+
+- For end users: [Protect yourself from phishing schemes and other forms of online fraud](https://support.microsoft.com/office/be0de46a-29cd-4c59-aaaf-136cf177d593).
+
+- [How Microsoft 365 validates the From address to prevent phishing](how-office-365-validates-the-from-address.md).
security Anti Spam And Anti Malware Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-365-security/anti-spam-and-anti-malware-protection.md
+
+ Title: Anti-spam and anti-malware protection
+f1.keywords:
+ - NOCSH
+++ Last updated :
+audience: Admin
++
+localization_priority: Normal
+search.appverid:
+ - MET150
+ms.assetid: 5ce5cf47-2120-4e51-a403-426a13358b7e
+
+ - M365-security-compliance
+ - m365initiative-defender-office365
+description: Admins can learn about the built-in anti-spam and anti-malware protection that's available in Exchange Online Protection (EOP).
+ms.technology: mdo
++
+# Anti-spam and anti-malware protection in EOP
++
+**Applies to**
+- [Exchange Online Protection](exchange-online-protection-overview.md)
+- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
+- [Microsoft 365 Defender](../defender/microsoft-365-defender.md)
+
+In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, email messages are automatically protected against spam and malware by EOP.
+
+Spam is unsolicited and unwanted email. Malware is viruses and spyware. Viruses infect other programs and data, and they spread throughout your computer looking for programs to infect. Spyware is a specific type of malware that gathers your personal information (for example, sign-in information and personal data) and sends it back to the malware author.
+
+EOP has built-in inbound and outbound malware filtering to help protect your organization from malicious software, and built-in spam filtering to help protect your organization from both receiving and sending spam (for example, in case of compromised accounts). Admins don't need to set up or maintain the filtering technologies because they're enabled by default. However, you can customize the settings based on the needs of your organization.
+
+> [!NOTE]
+> If you use SharePoint Online, anti-malware protection is also automatically provided for files that are uploaded and saved to document libraries. This protection is provided by the Microsoft anti-malware engine that's also integrated into Exchange. This anti-malware service runs on all SharePoint Online Content Front Ends (CFEs).
+
+## Anti-malware protection in EOP
+
+The following table contains links to topics that explain how anti-malware protection works in EOP, and how you can fine-tune your anti-malware configuration settings to best meet the needs of your organization.
+
+****
+
+|Topic|Description|
+|||
+|[Anti-malware protection in EOP](anti-malware-protection.md)|Provides overview information about how the service offers multi-layered malware protection that's designed to catch all known malware traveling to or from your organization.|
+|[Anti-malware protection FAQ](anti-malware-protection-faq-eop.md)|Provides a detailed list of frequently asked questions and answers about anti-malware protection in the service.|
+|[Configure anti-malware policies in EOP](configure-anti-malware-policies.md)|Describes how to configure the default company-wide anti-malware policy, as well as create custom anti-malware policies that you can apply to specified users, groups, or domains in your organization.|
+|[Recover from a ransomware attack](recover-from-ransomware.md)||
+|[Virus detection in SharePoint Online](virus-detection-in-spo.md)|
+|
+
+## Anti-spam protection in EOP
+
+The following table contains links to topics that explain how anti-spam protection works in EOP, and how you can fine-tune your anti-spam configuration settings to best meet the needs of your organization.
+
+****
+
+|Topic|Description|
+|||
+|[Anti-spam protection in EOP](anti-spam-protection.md)|Provides overview information about the main anti-spam protection features included in the service.|
+|[Anti-spam protection FAQ](anti-spam-protection-faq.md)|Provides frequently asked questions and answers about anti-spam protection.|
+|[Configure anti-spam policies in EOP](configure-your-spam-filter-policies.md)|Provides information about how you can configure anti-spam policies (also known as spam filter policies or content filter policies). You can configure the default company-wide anti-spam policy or create custom anti-spam policies that apply to specific users, groups, or domains in your organization.|
+|[Configure connection filtering](configure-the-connection-filter-policy.md)|Shows how you can add source IP address to the IP Allow List and the IP Block List in the default connection filter policy.|
+|[Create safe sender lists in EOP](create-safe-sender-lists-in-office-365.md)|Learn the recommended methods to keep good messages from being identified as spam.|
+|[Create blocked sender lists in EOP](create-block-sender-lists-in-office-365.md)|Learn the recommended methods to block bad messages that aren't being correctly identified as spam.|
+|[Spam confidence level (SCL) in EOP](spam-confidence-levels.md)|Learn about the spam determination of spam filtering.|
+|[Bulk complaint level (BCL) in EOP](bulk-complaint-level-values.md)|Learn about the threshold that determines whether bulk email is spam.|
+|[What's the difference between junk email and bulk email?](what-s-the-difference-between-junk-email-and-bulk-email.md)|Explains the difference between junk email and bulk email messages the controls that are available for both in EOP.|
+|[Configure junk email settings on Exchange Online mailboxes](configure-junk-email-settings-on-exo-mailboxes.md)|Learn about the junk email rule in all mailboxes that's responsible for moving messages into the Junk Email folder.|
+|[Use mail flow rules to set the spam confidence level (SCL) in messages](use-mail-flow-rules-to-set-the-spam-confidence-level-scl-in-messages.md)|Learn how to use mail flow rules (also known as transport rules) to set the SCL in messages before spam filtering.|
+|[Advanced Spam Filter (ASF) settings in EOP](advanced-spam-filtering-asf-options.md)|Learn about the ASF settings that are available in anti-spam policies.|
+|
+
+### Outbound spam protection in Exchange Online
+
+The following table contains links to topics that explain how outbound spam protection works for Exchange Online mailboxes.
+
+****
+
+|Topic|Description|
+|||
+|[Outbound spam protection in EOP](outbound-spam-controls.md)||
+|[Configure outbound spam filtering in EOP](configure-the-outbound-spam-policy.md)|Shows how to configure outbound spam policies, which contain settings that help make sure your users don't send spam through the service.|
+|[High-risk delivery pool for outbound messages](high-risk-delivery-pool-for-outbound-messages.md)||
+|[Remove blocked users from the Restricted Users portal in Office 365](removing-user-from-restricted-users-portal-after-spam.md)||
+|
+
+## Common protection technologies
+
+The following table contains links to topics that explain settings that are common to anti-malware and anti-spam protection.
+
+****
+
+|Topic|Description|
+|||
+|[Anti-spam message headers](anti-spam-message-headers.md)|Describes the anti-spam fields placed in Internet headers, which can help provide administrators with information about the message and about how it was processed.|
+|[Order and precedence of email protection](how-policies-and-protections-are-combined.md)||
+|[Zero-hour auto purge (ZAP) - protection against spam and malware](zero-hour-auto-purge.md)||
+|[Safety tips in email messages](safety-tips-in-office-365.md)||
+|[Report messages and files to Microsoft](report-junk-email-messages-to-microsoft.md)||
+|[Use the delist portal to remove yourself from the Microsoft 365 blocked senders list](use-the-delist-portal-to-remove-yourself-from-the-office-365-blocked-senders-lis.md)||
+|
security Anti Spam Message Headers https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-365-security/anti-spam-message-headers.md
+
+ Title: Anti-spam message headers
+f1.keywords:
+ - NOCSH
+++
+audience: ITPro
++
+localization_priority: Priority
+search.appverid:
+ - MET150
+ms.assetid: 2e3fcfc5-5604-4b88-ac0a-c5c45c03f1db
+
+ - M365-security-compliance
+ - m365initiative-defender-office365
+description: Admins can learn about the header fields that are added to messages by Exchange Online Protection (EOP). These header fields provide information about the message and how it was processed.
+
+ms.technology: mdo
++
+# Anti-spam message headers in Microsoft 365
++
+**Applies to**
+- [Exchange Online Protection](exchange-online-protection-overview.md)
+- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
+- [Microsoft 365 Defender](../defender/microsoft-365-defender.md)
+
+In all Microsoft 365 organizations, Exchange Online Protection (EOP) scans all incoming messages for spam, malware, and other threats. The results of these scans are added to the following header fields in messages:
+
+- **X-Forefront-Antispam-Report**: Contains information about the message and about how it was processed.
+
+- **X-Microsoft-Antispam**: Contains additional information about bulk mail and phishing.
+
+- **Authentication-results**: Contains information about SPF, DKIM, and DMARC (email authentication) results.
+
+This article describes what's available in these header fields.
+
+For information about how to view an email message header in various email clients, see [View internet message headers in Outlook](https://support.microsoft.com/office/cd039382-dc6e-4264-ac74-c048563d212c).
+
+> [!TIP]
+> You can copy and paste the contents of a message header into the [Message Header Analyzer](https://mha.azurewebsites.net/) tool. This tool helps parse headers and put them into a more readable format.
+
+## X-Forefront-Antispam-Report message header fields
+
+After you have the message header information, find the **X-Forefront-Antispam-Report** header. There will be multiple field and value pairs in this header separated by semicolons (;). For example:
+
+`...CTRY:;LANG:hr;SCL:1;SRV:;IPV:NLI;SFV:NSPM;PTR:;CAT:NONE;SFTY:;...`
+
+The individual fields and values are described in the following table.
+
+> [!NOTE]
+> The **X-Forefront-Antispam-Report** header contains many different fields and values. Fields that aren't described in the table are used exclusively by the Microsoft anti-spam team for diagnostic purposes.
+
+****
+
+|Field|Description|
+|||
+|`ARC`|The `ARC` protocol has the following fields: <ul><li>`AAR`: Records the content of the **Authentication-results** header from DMARC.</li><li>`AMS`: Includes cryptographic signatures of the message.</li><li>`AS`: Includes cryptographic signatures of the message headers. This field contains a tag of a chain validation called `"cv="`, which includes the outcome of the chain validation as **none**, **pass**, or **fail**.</li></ul>|
+|`CAT:`|The category of protection policy, applied to the message: <ul><li>`BULK`: Bulk</li><li>`DIMP`: Domain Impersonation</li><li>`GIMP`: [Mailbox intelligence based impersonation](set-up-anti-phishing-policies.md#impersonation-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365)</li><li>`HPHSH` or `HPHISH` : High confidence phishing</li><li>`HSPM`: High confidence spam</li><li>`MALW`: Malware</li><li>`PHSH`: Phishing</li><li>`SPM`: Spam</li><li>`SPOOF`: Spoofing</li><li>`UIMP`: User Impersonation</li><li>`AMP`: Anti-malware</li><li>`SAP`: Safe attachments</li><li>`OSPM`: Outbound spam</li></ul> <p> An inbound message may be flagged by multiple forms of protection and multiple detection scans. Policies have different priorities, and the policy with the highest priority is applied first. For more information, see [What policy applies when multiple protection methods and detection scans run on your email](how-policies-and-protections-are-combined.md).|
+|`CIP:[IP address]`|The connecting IP address. You can use this IP address in the IP Allow List or the IP Block List. For more information, see [Configure connection filtering](configure-the-connection-filter-policy.md).|
+|`CTRY`|The source country as determined by the connecting IP address, which may not be the same as the originating sending IP address.|
+|`H:[helostring]`|The HELO or EHLO string of the connecting email server.|
+|`IPV:CAL`|The message skipped spam filtering because the source IP address was in the IP Allow List. For more information, see [Configure connection filtering](configure-the-connection-filter-policy.md).|
+|`IPV:NLI`|The IP address was not found on any IP reputation list.|
+|`LANG`|The language in which the message was written, as specified by the country code (for example, ru_RU for Russian).|
+|`PTR:[ReverseDNS]`|The PTR record (also known as the reverse DNS lookup) of the source IP address.|
+|`SCL`|The spam confidence level (SCL) of the message. A higher value indicates the message is more likely to be spam. For more information, see [Spam confidence level (SCL)](spam-confidence-levels.md).|
+|`SFTY`|The message was identified as phishing and will also be marked with one of the following values: <ul><li>9.1: Default value. The message contains some or all of the following elements: a phishing URL, other phishing content, or was marked as phishing by on-premises Exchange.</li><li>9.11: [Intra-org or self-to-self spoofing](anti-spoofing-protection.md#different-types-of-spoofing). The safety tip for intra-org spoofing will be added to the message.</li><li>9.19: Domain impersonation. The sending domain is attempting to [impersonate a protected domain](set-up-anti-phishing-policies.md#impersonation-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365). The safety tip for domain impersonation is added to the message (if it's enabled).</li><li>9.20: User impersonation. The sending user is attempting to impersonate a user in the recipient's organization, or a protected user that's specified in an anti-phishing policy in Microsoft Defender for office 365. The safety tip for user impersonation is added to the message (if it's enabled).</li><li>9.21: [Cross-domain spoofing](anti-spoofing-protection.md#different-types-of-spoofing). The message failed anti-spoofing checks. The sender's email domain in the From header does not authenticate and is an external domain. Used in combination with [composite authentication](#authentication-results-message-header-fields).</li><li>9.22: Same as 9.21, except that the user has a safe sender that was overridden.</li><li>9.23: Same as 9.22, except that the organization has an allowed sender or domain that was overridden.</li><li>9.24: Same as 9.23, except that the user has an Exchange mail flow rule (also known as a transport rule) that was overridden.</li></ul>|
+|`SFV:BLK`|Filtering was skipped and the message was blocked because it was sent from an address in a user's Blocked Senders list. <p> For more information about how admins can manage a user's Blocked Senders list, see [Configure junk email settings on Exchange Online mailboxes](configure-junk-email-settings-on-exo-mailboxes.md).|
+|`SFV:NSPM`|Spam filtering marked the message as non-spam and the message was sent to the intended recipients.|
+|`SFV:SFE`|Filtering was skipped and the message was allowed because it was sent from an address in a user's Safe Senders list. <p> For more information about how admins can manage a user's Safe Senders list, see [Configure junk email settings on Exchange Online mailboxes](configure-junk-email-settings-on-exo-mailboxes.md).|
+|`SFV:SKA`|The message skipped spam filtering and was delivered to the Inbox because the sender was in the allowed senders list or allowed domains list in an anti-spam policy. For more information, see [Configure anti-spam policies](configure-your-spam-filter-policies.md).|
+|`SFV:SKB`|The message was marked as spam because it matched a sender in the blocked senders list or blocked domains list in an anti-spam policy. For more information, see [Configure anti-spam policies](configure-your-spam-filter-policies.md).|
+|`SFV:SKI`|Similar to SFV:SKN, the message skipped spam filtering for another reason (for example, an intra-organizational email within a tenant).|
+|`SFV:SKN`|The message was marked as non-spam prior to being processed by spam filtering. For example, the message was marked as SCL -1 or **Bypass spam filtering** by a mail flow rule.|
+|`SFV:SKQ`|The message was released from the quarantine and was sent to the intended recipients.|
+|`SFV:SKS`|The message was marked as spam prior to being processed by spam filtering. For example, the message was marked as SCL 5 to 9 by a mail flow rule.|
+|`SFV:SPM`|The message was marked as spam by spam filtering.|
+|`SRV:BULK`|The message was identified as bulk email by spam filtering and the bulk complaint level (BCL) threshold. When the _MarkAsSpamBulkMail_ parameter is `On` (it's on by default), a bulk email message is marked as high confidence spam (SCL 9). For more information, see [Configure anti-spam policies](configure-your-spam-filter-policies.md).|
+|`X-CustomSpam: [ASFOption]`|The message matched an Advanced Spam Filter (ASF) setting. To see the X-header value for each ASF setting, see [Advanced Spam Filter (ASF) settings](advanced-spam-filtering-asf-options.md).|
+|
+
+## X-Microsoft-Antispam message header fields
+
+The following table describes useful fields in the **X-Microsoft-Antispam** message header. Other fields in this header are used exclusively by the Microsoft anti-spam team for diagnostic purposes.
+
+****
+
+|Field|Description|
+|||
+|`BCL`|The bulk complaint level (BCL) of the message. A higher BCL indicates a bulk mail message is more likely to generate complaints (and is therefore more likely to be spam). For more information, see [Bulk complaint level (BCL)](bulk-complaint-level-values.md).|
+|
+
+## Authentication-results message header
+
+The results of email authentication checks for SPF, DKIM, and DMARC are recorded (stamped) in the **Authentication-results** message header in inbound messages.
+
+The following list describes the text that's added to the **Authentication-Results** header for each type of email authentication check:
+
+- SPF uses the following syntax:
+
+ ```text
+ spf=<pass (IP address)|fail (IP address)|softfail (reason)|neutral|none|temperror|permerror> smtp.mailfrom=<domain>
+ ```
+
+ For example:
+
+ ```text
+ spf=pass (sender IP is 192.168.0.1) smtp.mailfrom=contoso.com
+ spf=fail (sender IP is 127.0.0.1) smtp.mailfrom=contoso.com
+ ```
+
+- DKIM uses the following syntax:
+
+ ```text
+ dkim=<pass|fail (reason)|none> header.d=<domain>
+ ```
+
+ For example:
+
+ ```text
+ dkim=pass (signature was verified) header.d=contoso.com
+ dkim=fail (body hash did not verify) header.d=contoso.com
+ ```
+
+- DMARC uses the following syntax:
+
+ ```text
+ dmarc=<pass|fail|bestguesspass|none> action=<permerror|temperror|oreject|pct.quarantine|pct.reject> header.from=<domain>
+ ```
+
+ For example:
+
+ ```text
+ dmarc=pass action=none header.from=contoso.com
+ dmarc=bestguesspass action=none header.from=contoso.com
+ dmarc=fail action=none header.from=contoso.com
+ dmarc=fail action=oreject header.from=contoso.com
+ ```
+
+### Authentication-results message header fields
+
+The following table describes the fields and possible values for each email authentication check.
+
+****
+
+|Field|Description|
+|||
+|`action`|Indicates the action taken by the spam filter based on the results of the DMARC check. For example: <ul><li>**oreject** or **o.reject**: Stands for override reject. In this case Microsoft 365 uses this action when it receives a message that fails the DMARC check from a domain whose DMARC TXT record has a policy of p=reject. Instead of deleting or rejecting the message, Microsoft 365 marks the message as spam. For more information on why Microsoft 365 is configured this way, see [How Microsoft 365 handles inbound email that fails DMARC](use-dmarc-to-validate-email.md#how-microsoft-365-handles-inbound-email-that-fails-dmarc).</li><li>**pct.quarantine**: Indicates that a percentage less than 100% of messages that do not pass DMARC will be delivered anyway. This means that the message failed DMARC and the policy was set to quarantine, but the pct field was not set to 100% and the system randomly determined not to apply the DMARC action, as per the specified domain's policy.</li><li>**pct.reject**: Indicates that a percentage less than 100% of messages that do not pass DMARC will be delivered anyway. This means that the message failed DMARC and the policy was set to reject, but the pct field was not set to 100% and the system randomly determined not to apply the DMARC action, as per the specified domain's policy.</li><li>**permerror**: A permanent error occurred during DMARC evaluation, such as encountering an incorrectly formed DMARC TXT record in DNS. Attempting to resend this message isn't likely to end with a different result. Instead, you may need to contact the domain's owner in order to resolve the issue.</li><li>**temperror**: A temporary error occurred during DMARC evaluation. You may be able to request that the sender resend the message later in order to process the email properly.</li></ul>|
+|`compauth`|Composite authentication result. Used by Microsoft 365 to combine multiple types of authentication such as SPF, DKIM, DMARC, or any other part of the message to determine whether or not the message is authenticated. Uses the From: domain as the basis of evaluation.|
+|`dkim`|Describes the results of the DKIM check for the message. Possible values include: <ul><li>**pass**: Indicates the DKIM check for the message passed.</li><li>**fail (reason)**: Indicates the DKIM check for the message failed and why. For example, if the message was not signed or the signature was not verified.</li><li>**none**: Indicates that the message was not signed. This may or may not indicate that the domain has a DKIM record or the DKIM record does not evaluate to a result, only that this message was not signed.</li></ul>|
+|`dmarc`|Describes the results of the DMARC check for the message. Possible values include: <ul><li>**pass**: Indicates the DMARC check for the message passed.</li><li>**fail**: Indicates the DMARC check for the message failed.</li><li>**bestguesspass**: Indicates that no DMARC TXT record for the domain exists, but if one had existed, the DMARC check for the message would have passed. This is because the domain in the `5321.MailFrom` address (also known as the MAIL FROM address, P1 sender, or envelope sender) matches the domain in the `5322.From` address (also known as the From address or P2 sender).</li><li>**none**: Indicates that no DMARC TXT record exists for the sending domain in DNS.|
+|`header.d`|Domain identified in the DKIM signature if any. This is the domain that's queried for the public key.|
+|`header.from`|The domain of the `5322.From` address in the email message header (also known as the From address or P2 sender). Recipient see the From address in email clients.|
+|`reason`|The reason the composite authentication passed or failed. The value is a 3-digit code. For example: <ul><li>**000**: The message failed explicit authentication (`compauth=fail`). For example, the message received a DMARC fail with an action of quarantine or reject.</li><li>**001**: The message failed implicit authentication (`compauth=fail`). This means that the sending domain did not have email authentication records published, or if they did, they had a weaker failure policy (SPF soft fail or neutral, DMARC policy of `p=none`).</li><li>**002**: The organization has a policy for the sender/domain pair that is explicitly prohibited from sending spoofed email. This setting is manually set by an admin.</li><li>**010**: The message failed DMARC with an action of reject or quarantine, and the sending domain is one of your organization's accepted-domains (this is part of self-to-self, or intra-org, spoofing).</li><li>**1xx** or **7xx**: The message passed authentication (`compauth=pass`). The last two digits are internal codes used by Microsoft 365.</li><li>**2xx**: The message soft-passed implicit authentication (`compauth=softpass`). The last two digits are internal codes used by Microsoft 365.</li><li>**3xx**: The message was not checked for composite authentication (`compauth=none`).</li><li>**4xx** or **9xx**: The message bypassed composite authentication (`compauth=none`). The last two digits are internal codes used by Microsoft 365.</li><li>**6xx**: The message failed implicit email authentication, and the sending domain is one of your organization's accepted domains (this is part of self-to-self or intra-org spoofing).</li></ul>|
+|`smtp.mailfrom`|The domain of the `5321.MailFrom` address (also known as the MAIL FROM address, P1 sender, or envelope sender). This is the email address that's used for non-delivery reports (also known as NDRs or bounce messages).|
+|`spf`|Describes the results of the SPF check for the message. Possible values include: <ul><li>`pass (IP address)`: The SPF check for the message passed and includes the sender's IP address. The client is authorized to send or relay email on behalf of the sender's domain.</li><li>`fail (IP address)`: The SPF check for the message failed and includes the sender's IP address. This is sometimes called _hard fail_.</li><li>`softfail (reason)`: The SPF record designated the host as not being allowed to send, but is in transition.</li><li>`neutral`: The SPF record explicitly states that it does not assert whether the IP address is authorized to send.</li><li>`none`: The domain doesn't have an SPF record or the SPF record doesn't evaluate to a result.</li><li>`temperror`: A temporary error has occurred. For example, a DNS error. The same check later might succeed.</li><li>`permerror`: A permanent error has occurred. For example, the domain has a badly formatted SPF record.</li></ul>|
+|
security Anti Spam Protection Faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-365-security/anti-spam-protection-faq.md
+
+ Title: Anti-spam protection FAQ
+f1.keywords:
+ - NOCSH
+++
+audience: ITPro
++
+localization_priority: Normal
+search.appverid:
+ - MET150
+ms.assetid: c534a35d-b121-45da-9d0a-ce738ce51fce
+
+ - M365-security-compliance
+ - m365initiative-defender-office365
+
+ - seo-marvel-apr2020
+description: Admins can view frequently asked questions and answers about anti-spam protection in Exchange Online Protection (EOP).
+ms.technology: mdo
++
+# Anti-spam protection FAQ
++
+**Applies to**
+- [Exchange Online Protection](exchange-online-protection-overview.md)
+- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
+- [Microsoft 365 Defender](../defender/microsoft-365-defender.md)
+
+This topic provides frequently asked questions and answers about anti-malware protection for Microsoft 365 organizations with mailboxes in Exchange Online, or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes.
+
+For questions and answers about the quarantine, see [Quarantine FAQ](quarantine-faq.md).
+
+For questions and answers about anti-malware protection, see [Anti-malware protection FAQ](anti-malware-protection-faq-eop.md).
+
+For questions and answers about anti-spoofing protection, see [Anti-spoofing protection FAQ](anti-spoofing-protection-faq.md).
+
+## By default, what happens to a spam-detected message?
+
+**For inbound messages:** The majority of spam is deleted via connection filtering, which is based on the IP address of the source email server. Anti-spam policies (also known as spam filter policies or content filter policies) inspect and classify messages as spam, bulk, or phishing. By default, messages that are classified as spam or bulk are delivered to the recipient's Junk Email folder, while messages classified as phishing are quarantined. You can modify the default anti-spam policy (applies to all recipients), or you can create custom anti-spam policies with stricter settings for specific groups of users (for example, you can quarantine spam that's sent to executives). For more information, see [Configure anti-spam policies](configure-your-spam-filter-policies.md) and [Recommended anti-spam policy settings](recommended-settings-for-eop-and-office365.md#eop-anti-spam-policy-settings).
+
+> [!IMPORTANT]
+> In hybrid deployments where EOP protects on-premises mailboxes, you need to configure two Exchange mail flow rules (also known as transport rules) in your on-premises Exchange organization to detect the EOP spam filtering headers that are added to messages. For details, see [Configure standalone EOP to deliver spam to the Junk Email folder in hybrid environments](ensure-that-spam-is-routed-to-each-user-s-junk-email-folder.md).
+
+ **For outbound messages:** The message is either routed through the [high-risk delivery pool](high-risk-delivery-pool-for-outbound-messages.md) or is returned to the sender in a non-delivery report (also known as an NDR or bounce message). For more information about outbound spam protection, see [Outbound spam controls](outbound-spam-controls.md).
+
+## What's a zero-day spam variant and how is it handled by the service?
+
+A zero-day spam variant is a first generation, previously unknown variant of spam that's never been captured or analyzed, so our anti-spam filters don't yet have any information available for detecting it. After a zero-day spam sample is captured and analyzed by our spam analysts, if it meets the spam classification criteria, our anti-spam filters are updated to detect it, and it's no longer considered "zero-day."
+
+**Note:** If you receive a message that may be a zero-day spam variant, in order to help us improve the service, please submit the message to Microsoft using one of the methods described in [Report messages and files to Microsoft](report-junk-email-messages-to-microsoft.md).
+
+## Do I need to configure the service to provide anti-spam protection?
+
+After you sign up for the service and add your domain, spam filtering is automatically enabled. By default, spam filtering is tuned to protect you without needing any additional configuration (aside from the previously noted exception for standalone EOP standalone customers in hybrid environments). As an admin, you can edit the default spam filtering settings to best meet the needs of your organization. For greater granularity, you can also create anti-spam policies and outbound anti-spam policies that are applied to specified users, groups, or domains in your organization. Custom policies always take precedence over the default policy, but you can change the priority (that is, the running order) of your custom policies.
+
+For more information, see the following topics:
+
+[Recommended settings for EOP and Microsoft Defender for Office 365 security](recommended-settings-for-eop-and-office365.md)
+
+[Configure connection filtering in EOP](configure-the-connection-filter-policy.md)
+
+[Configure anti-spam policies in EOP](configure-your-spam-filter-policies.md)
+
+[Configure the outbound spam policy](configure-the-outbound-spam-policy.md)
+
+## If I make a change to an anti-spam policy, how long does it take after I save my changes for them to take effect?
+
+It may take up to 1 hour for the changes to take effect.
+
+## Is bulk email filtering automatically enabled?
+
+Yes. For more information about bulk email, see [What's the difference between junk email and bulk email?](what-s-the-difference-between-junk-email-and-bulk-email.md).
+
+## Does the service provide URL filtering?
+
+Yes, the service has a URL filter that checks for URLs within messages. If URLs associated with known spam or malicious content are detected then the message is marked as spam.
+
+## How can customers using the service send false negative (spam) and false positive (non-spam) messages to Microsoft?
+
+Spam and non-spam messages can be submitted to Microsoft for analysis in several ways. For more information, see [Report messages and files to Microsoft](report-junk-email-messages-to-microsoft.md).
+
+## Can I get spam reports?
+
+Yes, for example you can get a spam detection report in the Microsoft 365 admin center. This report shows spam volume as a count of unique messages. For more information about reporting, see the following links:
+
+Exchange Online customers: [Monitoring, Reporting, and Message Tracing in Exchange Online](/exchange/monitoring/monitoring)
+
+Standalone EOP customers: [Reporting and message trace in Exchange Online Protection](reporting-and-message-trace-in-exchange-online-protection.md)
+
+## Someone sent me a message and I can't find it. I suspect that it may have been detected as spam. Is there a tool that I can use to find out?
+
+Yes, the message trace tool enables you to follow email messages as they pass through the service, in order to find out what happened to them. For more information about how to use the message trace tool to find out why a message was marked as spam, see [Was a message marked as spam?](/exchange/monitoring/trace-an-email-message/message-trace-faq#was-a-message-marked-as-spam)
+
+## Will the service throttle (rate limit) my mail if my users send outbound spam?
+
+If more than half of the mail that is sent from a user through the service within a certain time frame (for example, per hour), is determined to be spam by EOP, the user will be blocked from sending messages. In most cases, if an outbound message is determined to be spam, it is routed through the high-risk delivery pool, which reduces the probability of the normal outbound-IP pool being added to a block list.
+
+You can send a notification to a specified email address when a sender is blocked sending outbound spam. For more information about this setting, see [Configure the outbound spam policy](configure-the-outbound-spam-policy.md).
+
+## Can I use a third-party anti-spam and anti-malware provider in conjunction with Exchange Online?
+
+Yes. Although we recommend that you point your MX record to Microsoft, we realize that there are legitimate business reasons to route your email to somewhere other than Microsoft first.
+
+- **Inbound**: Change your MX records to point to the third-party provider, and then redirect the messages to EOP for additional processing. For more information, see [Enhanced Filtering for connectors in Exchange Online](/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/enhanced-filtering-for-connectors).
+
+- **Outbound**: Configure smart host routing from Microsoft 365 to the destination third-party provider.
+
+## Does Microsoft have any documentation about how I can protect myself from phishing scams?
+
+Yes. For more information, see [Protect your privacy on the internet](https://support.microsoft.com/help/4091455)
+
+## Are spam and malware messages being investigated as to who sent them, or being transferred to law enforcement entities?
+
+The service focuses on spam and malware detection and removal, though we may occasionally investigate especially dangerous or damaging spam or attack campaigns and pursue the perpetrators. This may involve working with our legal and digital crime units to take down a spammer botnet, blocking the spammer from using the service (if they're using it for sending outbound email), and passing the information on to law enforcement for criminal prosecution.
+
+## What are a set of best outbound mailing practices that will ensure that my mail is delivered?
+
+The guidelines presented below are best practices for sending outbound email messages.
+
+- **The source email domain should resolve in DNS.**
+
+ For example, if the sender is user@fabrikam, the domain fabrikam resolves to the IP address 192.0.43.10.
+
+ If a sending domain has no A-record and no MX record in DNS, the service will route the message through its higher risk delivery pool regardless of whether or not the content of the message is spam. For more information about the higher risk delivery pool, see [High-risk delivery pool for outbound messages](high-risk-delivery-pool-for-outbound-messages.md).
+
+- **Outbound mail eserver should have a reverse DNS (PTR) entry.**
+
+ For example, if the email source IP address is 192.0.43.10, the reverse DNS entry would be `43-10.any.icann.org`.`
+
+- **The HELO/EHLO and MAIL FROM commands should be consistent and be present in the form of a domain name rather than an IP address.**
+
+ The HELO/EHLO command should be configured to match the reverse DNS of the sending IP address so that the domain remains the same across the various parts of the message headers.
+
+- **Ensure that proper SPF records are set up in DNS.**
+
+ SPF records are a mechanism for validating that mail sent from a domain really is coming from that domain and is not spoofed. For more information about SPF records, see the following links:
+
+ [Set up SPF to help prevent spoofing](set-up-spf-in-office-365-to-help-prevent-spoofing.md)
+
+ [Domains FAQ](../../admin/setup/domains-faq.yml#how-can-i-validate-spf-records-for-my-domain)
+
+- **Signing email with DKIM, sign with relaxed canonicalization.**
+
+ If a sender wants to sign their messages using Domain Keys Identified Mail (DKIM) and they want to send outbound mail through the service, they should sign using the relaxed header canonicalization algorithm. Signing with strict header canonicalization may invalidate the signature when it passes through the service.
+
+- **Domain owners should have accurate information in the WHOIS database.**
+
+ This identifies the owners of the domain and how to contact them by entering the stable parent company, point of contact, and name servers.
+
+- **For bulk mailers, the From: name should reflect who is sending the message, while the subject line of the message should be a brief summary on what the message is about.**
+
+ The message body should have a clear indication of the offering, service, or product. For example, if a sender is sending out a bulk mailing for the Contoso company, the following is what the email From and Subject should resemble:
+
+ > From: marketing@contoso.com <br> Subject: New updated catalog for the Christmas season!
+
+ The following is an example of what not to do because it is not descriptive:
+
+ > From: user@hotmail.com <br> Subject: Catalogs
+
+- **If sending a bulk mailing to many recipients and the message is in newsletter format, there should be a way of unsubscribing at the bottom of the message.**
+
+ The unsubscribe option should resemble the following:
+
+ > This message was sent to example@contoso.com by sender@fabrikam.com. Update Profile/Email Address | Instant removal with **SafeUnsubscribe**&trade; | Privacy Policy
+
+- **If sending bulk email, list acquisition should be performed using double opt-in. If you are a bulk mailer, double opt-in is an industry best practice.**
+
+ Double opt-in is the practice of requiring a user to take two actions to sign up for marketing mail:
+
+ 1. Once when the user clicks on a previously unchecked check box where they opt-in to receive further offers or email messages from the marketer.
+
+ 2. A second time when the marketer sends a confirmation email to the user's provided email address asking them to click on a time-sensitive link that will complete their confirmation.
+
+ Using double opt-in builds a good reputation for bulk email senders.
+
+- **Bulk senders should create transparent content for which they can be held accountable:**
+
+ 1. Verbiage requesting that recipients add the sender to the address book should clearly state that such action is not a guarantee of delivery.
+
+ 2. When constructing redirects in the body of the message, use a consistent link style.
+
+ 3. Don't send large images or attachments, or messages that are solely composed of an image.
+
+ 4. When employing tracking pixels (web bugs or beacons), clearly state their presence in your public privacy or P3P settings.
+
+- **Format outbound bounce messages.**
+
+ When generating delivery status notification messages (also known as non-delivery reports, NDRs, or bounce messages), senders should follow the format of a bounce as specified in [RFC 3464](https://www.ietf.org/rfc/rfc3464.txt).
+
+- **Remove bounced email addresses for non-existent users.**
+
+ If you receive an NDR indicating that an email address is no longer in use, remove the non-existent email alias from your list. Email addresses change over time, and people sometimes discard them.
+
+- **Use Hotmail's Smart Network Data Services (SNDS) program.**
+
+ Hotmail uses a program called Smart Network Data Services that allows senders to check complaints submitted by end users. The SNDS is the primary portal for troubleshooting delivery problems to Hotmail.
security Anti Spam Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-365-security/anti-spam-protection.md
+
+ Title: Anti-spam protection
+f1.keywords:
+ - NOCSH
+++ Last updated :
+audience: Admin
++
+localization_priority: Normal
+search.appverid:
+ - MET150
+ - MOE150
+ms.assetid: 6a601501-a6a8-4559-b2e7-56b59c96a586
+
+ - M365-security-compliance
+ - m365initiative-defender-office365
+
+ - seo-marvel-apr2020
+description: Admins can learn about the anti-spam settings and filters that will help prevent spam in Exchange Online Protection (EOP).
+ms.technology: mdo
++
+# Anti-spam protection in EOP
++
+**Applies to**
+- [Exchange Online Protection](exchange-online-protection-overview.md)
+- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
+- [Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-defender)
+
+> [!NOTE]
+> This topic is intended for admins. For end-user topics, see [Overview of the Junk Email Filter](https://support.microsoft.com/office/5ae3ea8e-cf41-4fa0-b02a-3b96e21de089) and [Learn about junk email and phishing](https://support.microsoft.com/office/86c1d76f-4d5a-4967-9647-35665dc17c31).
+
+In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, email messages are automatically protected against spam (junk email) by EOP.
+
+Microsoft's email safety roadmap involves an unmatched cross-product approach. EOP anti-spam and anti-phishing technology is applied across our email platforms to provide users with the latest anti-spam and anti-phishing tools and innovations throughout the network. The goal for EOP is to offer a comprehensive and usable email service that helps detect and protect users from junk email, fraudulent email threats (phishing), and malware.
+
+As email use has grown, so has email abuse. Unmonitored junk email can clog inboxes and networks, impact user satisfaction, and hamper the effectiveness of legitimate email communications. That's why Microsoft continues to invest in anti-spam technologies. Simply put, it starts by containing and filtering junk email.
+
+> [!TIP]
+> The following anti-spam technologies are useful when you want to allow or block messages based on the message envelope (for example, the sender's domain or the source IP address of the message). To allow or block messages based on payload (for example, URLs in the message or attached files), then you should use the [Tenant Allow/Block List portal](tenant-allow-block-list.md).
+
+## Anti-spam technologies in EOP
+
+To help reduce junk email, EOP includes junk email protection that uses proprietary spam filtering technologies to identify and separate junk email from legitimate email. EOP spam filtering learns from known spam and phishing threats and user feedback from our consumer platform, Outlook.com. Ongoing feedback from EOP users in the junk email classification program helps ensure that the EOP technologies are continually trained and improved.
+
+The anti-spam settings in EOP are made of the following technologies:
+
+- **Connection filtering**: Identifies good and bad email source servers early in the inbound email connection via the IP Allow List, IP Block List, and the *safe list* (a dynamic but non-editable list of trusted senders maintained by Microsoft). You configure these settings in the connection filter policy. Learn more at [Configure connection filtering](configure-the-connection-filter-policy.md).
+
+ > [!NOTE]
+ > Spoof intelligence uses connection filtering to create allow and block lists of senders who are spoofing your email domain. For more information, see [Learn more about spoof intelligence in Microsoft 365](learn-about-spoof-intelligence.md).
+
+- **Spam filtering (content filtering)**: EOP uses the spam filtering verdicts **Spam**, **High confidence spam**, **Bulk email**, **Phishing email** and **High confidence phishing email** to classify messages. You can configure the actions to take based on these verdicts, and you can configure the end-user notification options for messages that were quarantined instead of delivered. For more information, see [Configure anti-spam policies in Microsoft 365](configure-your-spam-filter-policies.md).
+
+ > [!NOTE]
+ > By default, spam filtering is configured to send messages that were marked as spam to the recipient's Junk Email folder. However, in hybrid environments where EOP protects on-premises Exchange mailboxes, you need to configure two mail flow rules (also known as transport rules) in your on-premises Exchange organization to recognize the EOP spam headers that are added to messages. For details, see [Configure standalone EOP to deliver spam to the Junk Email folder in hybrid environments](ensure-that-spam-is-routed-to-each-user-s-junk-email-folder.md).
+
+- **Outbound spam filtering**: EOP also checks to make sure that your users don't send spam, either in outbound message content or by exceeding outbound message limits. For more information, see [Configure outbound spam filtering in Microsoft 365](configure-the-outbound-spam-policy.md).
+
+- **Spoof intelligence**: For more information, see [Learn more about spoof intelligence in Microsoft 365](learn-about-spoof-intelligence.md).
+
+## Manage errors in spam filtering
+
+It's possible that good messages can be identified as spam (also known as false positives), or that spam can be delivered to the Inbox. You can use the suggestions in the following sections to find out what happened and help prevent it from happening in the future.
+
+Here are some best practices that apply to either scenario:
+
+- Always submit misclassified messages to Microsoft. For more information, see [Report messages and files to Microsoft](report-junk-email-messages-to-microsoft.md).
+
+- **Examine the anti-spam message headers**: These values will tell you why a message was marked as spam, or why it skipped spam filtering. For more information, see [Anti-spam message headers](anti-spam-message-headers.md).
+
+- **Point your MX record to Microsoft 365**: In order for EOP to provide the best protection, we always recommend that you have email delivered to Microsoft 365 first. For instructions, see [Create DNS records at any DNS hosting provider for Microsoft 365](../../admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider.md).
+
+ If the MX record points to some other location (for example, a third-party anti-spam solution or appliance), it's difficult for EOP to provide accurate spam filtering. In this scenario, you need to configure Enhanced Filtering for connectors (also known as _skip listing_). For instructions, see [Enhanced Filtering for Connectors in Exchange Online](/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/enhanced-filtering-for-connectors).
+
+- **Use email authentication**: If you own an email domain, you can use DNS to help insure that messages from senders in that domain are legitimate. To help prevent spam and unwanted spoofing in EOP, use all of the following email authentication methods:
+
+ - **SPF**: Sender Policy Framework verifies the source IP address of the message against the owner of the sending domain. For a quick introduction to SPF and to get it configured quickly, see [Set up SPF to help prevent spoofing](set-up-spf-in-office-365-to-help-prevent-spoofing.md). For a more in-depth understanding of how Microsoft 365 uses SPF, or for troubleshooting or non-standard deployments such as hybrid deployments, start with [How Microsoft 365 uses Sender Policy Framework (SPF) to prevent spoofing](how-office-365-uses-spf-to-prevent-spoofing.md).
+
+ - **DKIM**: DomainKeys Identified Mail adds a digital signature to the message header of messages sent from your domain. For information, see [Use DKIM to validate outbound email sent from your custom domain in Microsoft 365](use-dkim-to-validate-outbound-email.md).
+
+ - **DMARC**: Domain-based Message Authentication, Reporting, and Conformance helps destination email systems determine what to do with messages that fail SPF or DKIM checks and provides another level of trust for your email partners. For more information, see [Use DMARC to validate email in Microsoft 365](use-dmarc-to-validate-email.md).
+
+- **Verify your bulk email settings**: The bulk compliant level (BCL) threshold that you configure in anti-spam policies determines whether bulk email (also known as _gray mail_) is marked as spam. The PowerShell-only setting _MarkAsSpamBulkMail_ that's on by default also contributes to the results. For more information, see [Configure anti-spam policies in Microsoft 365](configure-your-spam-filter-policies.md).
+
+### Prevent the delivery of spam to the Inbox
+
+- **Verify your organization settings**: Watch out for settings that allow messages to skip spam filtering (for example, if you add your own domain to the allowed domains list in anti-spam policies). For our recommended settings, see [Recommended settings for EOP and Microsoft Defender for Office 365 security](recommended-settings-for-eop-and-office365.md) and [Create safe sender lists](create-safe-sender-lists-in-office-365.md).
+
+- **Verify the junk email rule is enabled in the user's mailbox**: It's enabled by default, but if it's disabled, messages marked as junk can't be moved into the Junk Email folder. For more information, see [Configure junk email settings on Exchange Online mailboxes in Microsoft 365](configure-junk-email-settings-on-exo-mailboxes.md).
+
+- **Use the available blocked sender lists**: For information, see [Create blocked sender lists](create-block-sender-lists-in-office-365.md).
+
+- **Unsubscribe from bulk email** If the message was something that the user signed up for (newsletters, product announcements, etc.) and contains an unsubscribe link from a reputable source, consider asking them to simply unsubscribe.
+
+- **Standalone EOP: create mail flow rules in on-premises Exchange for EOP spam filtering verdicts**: In standalone EOP environments where EOP protects on-premises Exchange mailboxes, you need to configure mail flow rules (also known as transport rules) in on-premises Exchange to translate the EOP spam filtering verdict so the junk email rule can move the message to the Junk Email folder. For details, see [Configure standalone EOP to deliver spam to the Junk Email folder in hybrid environments](ensure-that-spam-is-routed-to-each-user-s-junk-email-folder.md).
+
+### Prevent good email from being identified as spam
+
+Here are some steps that you can take to help prevent false positives:
+
+- **Verify the user's Outlook Junk Email Filter settings**:
+
+ - **Verify the Outlook Junk Email Filter is disabled**: When the Outlook Junk Email Filter is set to the default value **No automatic filtering**, Outlook doesn't attempt to classify massages as spam. When it's set to **Low** or **High**, the Outlook Junk Email Filter uses its own SmartScreen filter technology to identify and move spam to the Junk Email folder, so you could get false positives. Note that Microsoft stopped producing spam definition updates for the SmartScreen filters in Exchange and Outlook in November, 2016. The existing SmartScreen spam definitions were left in place, but their effectiveness will likely degrade over time.
+
+ - **Verify the Outlook 'Safe Lists Only' setting is disabled**: When this setting is enabled, only messages from senders in the user's Safe Senders list or Safe Recipients list are delivered to the Inbox; email from everyone else is automatically moved to the Junk Email folder.
+
+ For more information about these settings, see [Configure junk email settings on Exchange Online mailboxes in Microsoft 365](configure-junk-email-settings-on-exo-mailboxes.md).
+
+- **Use the available safe sender lists**: For information, see [Create safe sender lists](create-safe-sender-lists-in-office-365.md).
+
+- **Verify users are within the sending and receiving limits** as described in [Receiving and sending limits](/office365/servicedescriptions/exchange-online-service-description/exchange-online-limits#receiving-and-sending-limits) in the Exchange Online service description.
+
+- **Standalone EOP: use directory synchronization**: If you use standalone EOP to help protect your on-premises Exchange organization, you should sync user settings with the service by using directory synchronization. Doing this ensures that your users' Safe Senders lists are respected by EOP. For more information, see [Use directory synchronization to manage mail users](manage-mail-users-in-eop.md#use-directory-synchronization-to-manage-mail-users).
+
+## Anti-spam legislation
+
+At Microsoft, we believe that the development of new technologies and self-regulation requires the support of effective government policy and legal frameworks. The worldwide spam proliferation has spurred numerous legislative bodies to regulate commercial email. Many countries now have spam-fighting laws in place. The United States has both federal and state laws governing spam, and this complementary approach is helping to curtail spam while enabling legitimate e-commerce to prosper. The CAN-SPAM Act expands the tools available for curbing fraudulent and deceptive email messages.
security Anti Spoofing Protection Faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-365-security/anti-spoofing-protection-faq.md
+
+ Title: Anti-spoofing protection FAQ
+f1.keywords:
+ - NOCSH
+++ Last updated :
+audience: ITPro
++
+localization_priority: Normal
+search.appverid:
+ - MET150
+ms.assetid:
+
+ - M365-security-compliance
+ - m365initiative-defender-office365
+description: Admins can view frequently asked questions and answers about anti-spoofing protection in Exchange Online Protection (EOP).
+ms.technology: mdo
++
+# Anti-spoofing protection FAQ
++
+**Applies to**
+- [Exchange Online Protection](exchange-online-protection-overview.md)
+- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
+- [Microsoft 365 Defender](../defender/microsoft-365-defender.md)
+
+This article provides frequently asked questions and answers about anti-spoofing protection for Microsoft 365 organizations with mailboxes in Exchange Online, or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes.
+
+For questions and answers about anti-spam protection, see [Anti-spam protection FAQ](anti-spam-protection-faq.md).
+
+For questions and answers about anti-malware protection, see [Anti-malware protection FAQ](anti-malware-protection-faq-eop.md)
+
+## Why did Microsoft choose to junk unauthenticated inbound email?
+
+Microsoft believes that the risk of continuing to allow unauthenticated inbound email is higher than the risk of losing legitimate inbound email.
+
+## Does junking unauthenticated inbound email cause legitimate email to be marked as spam?
+
+When Microsoft enabled this feature in 2018, some false positives happened (good messages were marked as bad). However, over time, senders adjusted to the requirements. The number of messages that were misidentified as spoofed became negligible for most email paths.
+
+Microsoft itself first adopted the new email authentication requirements several weeks before deploying it to customers. While there was disruption at first, it gradually declined.
+
+## Is spoof intelligence available to Microsoft 365 customers without Defender for Office 365?
+
+Yes. As of October 2018, spoof intelligence is available to all organizations with mailboxes in Exchange Online, and standalone EOP organizations without Exchange Online mailboxes.
+
+## How can I report spam or non-spam messages back to Microsoft?
+
+See [Report messages and files to Microsoft](report-junk-email-messages-to-microsoft.md).
+
+## I'm an admin and I don't know all of sources for messages in my email domain!
+
+See [You don't know all sources for your email](email-validation-and-authentication.md#you-dont-know-all-sources-for-your-email).
+
+## What happens if I disable anti-spoofing protection for my organization?
+
+We do not recommend disabling anti-spoofing protection. Disabling the protection will allow more phishing and spam messages to be delivered in your organization. Not all phishing is spoofing, and not all spoofed messages will be missed. However, your risk will be higher.
+
+Now that [Enhanced Filtering for Connectors](/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/enhanced-filtering-for-connectors) is available, we no longer recommended turning off anti-spoofing protection when your email is routed through another service before EOP.
+
+## Does anti-spoofing protection mean I will be protected from all phishing?
+
+Unfortunately, no. Attackers will adapt to use other techniques (for example, compromised accounts or accounts in free email services). However, anti-phishing protection works much better to detect these other types of phishing methods. The protection layers in EOP are designed work together and build on top of each other.
+
+## Do other large email services block unauthenticated inbound email?
+
+Nearly all large email services implement traditional SPF, DKIM, and DMARC checks. Some services have other, more strict checks, but few go as far as EOP to block unauthenticated email and treat them as spoofed messages. However, the industry is becoming more aware about issues with unauthenticated email, particularly because of the problem of phishing.
+
+## Do I still need to enable the Advanced Spam Filter setting "SPF record: hard fail" (_MarkAsSpamSpfRecordHardFail_) if I enable anti-spoofing?
+
+No. This ASF setting is no longer required. Anti-spoofing protection considers both SPF hard fails and a much wider set of criteria. If you have anti-spoofing enabled and the **SPF record: hard fail** (_MarkAsSpamSpfRecordHardFail_) turned on, you will probably get more false positives.
+
+We recommend that you disable this feature as it provides almost no additional benefit for detecting spam or phishing message, and would instead generate mostly false positives. For more information, see [Advanced Spam Filter (ASF) settings in EOP](advanced-spam-filtering-asf-options.md).
+
+## Does Sender Rewriting Scheme help fix forwarded email?
+
+SRS only partially fixes the problem of forwarded email. By rewriting the SMTP **MAIL FROM**, SRS can ensure that the forwarded message passes SPF at the next destination. However, because anti-spoofing is based upon the **From** address in combination with the **MAIL FROM** or DKIM-signing domain (or other signals), it's not enough to prevent SRS forwarded email from being marked as spoofed.
security Anti Spoofing Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-365-security/anti-spoofing-protection.md
+
+ Title: Anti-spoofing protection
+f1.keywords:
+ - NOCSH
+++ Last updated :
+audience: ITPro
++
+search.appverid:
+ - MET150
+ms.assetid: d24bb387-c65d-486e-93e7-06a4f1a436c0
+
+ - M365-security-compliance
+ - Strat_O365_IP
+ - m365initiative-defender-office365
+
+ - TopSMBIssues
+ - seo-marvel-apr2020
+localization_priority: Priority
+description: Admins can learn about the anti-spoofing features that are available in Exchange Online Protection (EOP), which can help mitigate against phishing attacks from spoofed senders and domains.
+ms.technology: mdo
++
+# Anti-spoofing protection in EOP
++
+**Applies to**
+- [Exchange Online Protection](exchange-online-protection-overview.md)
+- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
+- [Microsoft 365 Defender](../defender/microsoft-365-defender.md)
+
+In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, EOP includes features to help protect your organization from spoofed (forged) senders.
+
+When it comes to protecting its users, Microsoft takes the threat of phishing seriously. Spoofing is a common technique that's used by attackers. **Spoofed messages appear to originate from someone or somewhere other than the actual source**. This technique is often used in phishing campaigns that are designed to obtain user credentials. The anti-spoofing technology in EOP specifically examines forgery of the From header in the message body (used to display the message sender in email clients). When EOP has high confidence that the From header is forged, the message is identified as spoofed.
+
+The following anti-spoofing technologies are available in EOP:
+
+- **Spoof intelligence**: Review spoofed messages from senders in internal and external domains, and allow or block those senders. For more information, see [Configure spoof intelligence in Microsoft 365](learn-about-spoof-intelligence.md).
+
+- **Anti-phishing policies**: In EOP, anti-phishing policies allow you to turn spoof intelligence on or off, turn unauthenticated sender identification in Outlook on or off, and specify the action for blocked spoofed senders (move to the Junk Email folder or quarantine). Advanced anti-phishing policies that are available in Microsoft Defender for Office 365 also contain anti-impersonation settings (protected senders and domains), mailbox intelligence settings, and adjustable advanced phishing thresholds. For more information, see [Anti-phishing policies in Microsoft 365](set-up-anti-phishing-policies.md).
+
+- **Email authentication**: An integral part of any anti-spoofing effort is the use of email authentication (also known as email validation) by SPF, DKIM, and DMARC records in DNS. You can configure these records for your domains so destination email systems can check the validity of messages that claim to be from senders in your domains. For inbound messages, Microsoft 365 requires email authentication for sender domains. For more information, see [Email authentication in Microsoft 365](email-validation-and-authentication.md).
+
+As of October 2018, anti-spoofing protection is available in EOP.
+
+EOP analyzes and blocks messages that can't be authenticated by the combination of standard email authentication methods and sender reputation techniques.
+
+![EOP anti-spoofing checks](../../media/eop-anti-spoofing-protection.png)
+
+## How spoofing is used in phishing attacks
+
+Spoofing messages have the following negative implications for users:
+
+- **Spoofed messages deceive users**: A spoofed message might trick the recipient into clicking a link and giving up their credentials, downloading malware, or replying to a message with sensitive content (known as a business email compromise or BEC).
+
+ The following message is an example of phishing that uses the spoofed sender msoutlook94@service.outlook.com:
+
+ ![Phishing message impersonating service.outlook.com](../../media/1a441f21-8ef7-41c7-90c0-847272dc5350.jpg)
+
+ This message didn't come from service.outlook.com, but the attacker spoofed the **From** header field to make it look like it did. This was an attempt to trick the recipient into clicking the **change your password** link and giving up their credentials.
+
+ The following message is an example of BEC that uses the spoofed email domain contoso.com:
+
+ ![Phishing message - business email compromise](../../media/da15adaa-708b-4e73-8165-482fc9182090.jpg)
+
+ The message looks legitimate, but the sender is spoofed.
+
+- **Users confuse real messages for fake ones**: Even users who know about phishing might have difficulty seeing the differences between real messages and spoofed messages.
+
+ The following message is an example of a real password reset message from the Microsoft Security account:
+
+ ![Microsoft legitimate password reset](../../media/58a3154f-e83d-4f86-bcfe-ae9e8c87bd37.jpg)
+
+ The message really did come from Microsoft, but users have been conditioned to be suspicious. Because it's difficult to the difference between a real password reset message and a fake one, users might ignore the message, report it as spam, or unnecessarily report the message to Microsoft as phishing.
+
+## Different types of spoofing
+
+Microsoft differentiates between two different types of spoofed messages:
+
+- **Intra-org spoofing**: Also known as _self-to-self_ spoofing. For example:
+
+ - The sender and recipient are in the same domain:
+ > From: chris@contoso.com <br> To: michelle@contoso.com
+
+ - The sender and the recipient are in subdomains of the same domain:
+ > From: laura@marketing.fabrikam.com <br> To: julia@engineering.fabrikam.com
+
+ - The sender and recipient are in different domains that belong to the same organization (that is, both domains are configured as [accepted domains](/exchange/mail-flow-best-practices/manage-accepted-domains/manage-accepted-domains) in the same organization):
+ > From: sender @ microsoft.com <br> To: recipient @ bing.com
+
+ Spaces are used in the email addresses to prevent spambot harvesting.
+
+ Messages that fail [composite authentication](email-validation-and-authentication.md#composite-authentication) due to intra-org spoofing contain the following header values:
+
+ `Authentication-Results: ... compauth=fail reason=6xx`
+
+ `X-Forefront-Antispam-Report: ...CAT:SPOOF;...SFTY:9.11`
+
+ - `reason=6xx` indicates intra-org spoofing.
+
+ - SFTY is the safety level of the message. 9 indicates phishing, .11 indicates intra-org spoofing.
+
+- **Cross-domain spoofing**: The sender and recipient domains are different, and have no relationship to each other (also known as external domains). For example:
+ > From: chris@contoso.com <br> To: michelle@tailspintoys.com
+
+ Messages that fail [composite authentication](email-validation-and-authentication.md#composite-authentication) due to cross-domain spoofing contain the following headers values:
+
+ `Authentication-Results: ... compauth=fail reason=000/001`
+
+ `X-Forefront-Antispam-Report: ...CAT:SPOOF;...SFTY:9.22`
+
+ - `reason=000` indicates the message failed explicit email authentication. `reason=001` indicates the message failed implicit email authentication.
+
+ - SFTY is the safety level of the message. 9 indicates phishing, .22 indicates cross-domain spoofing.
+
+For more information about the Category and composite authentication (compauth) values that are related to spoofing, see [Anti-spam message headers in Microsoft 365](anti-spam-message-headers.md).
+
+For more information about DMARC, see [Use DMARC to validate email in Microsoft 365](use-dmarc-to-validate-email.md).
+
+## Reports of how many messages were marked as spoofed
+
+EOP organizations can use the **Spoof detections** report in the Reports dashboard in the Security & Compliance Center. For more information, see [Spoof Detections report](view-email-security-reports.md#spoof-detections-report).
+
+Microsoft Defender for Office 365 organization can use Threat Explorer in the Security & Compliance Center to view information about phishing attempts. For more information, see [Microsoft 365 threat investigation and response](office-365-ti.md).
+
+## Problems with anti-spoofing protection
+
+Mailing lists (also known as discussion lists) are known to have problems with anti-spoofing due to the way they forward and modify messages.
+
+For example, Gabriela Laureano (glaureano@contoso.com) is interested in bird watching, joins the mailing list birdwatchers@fabrikam.com, and sends the following message to the list:
+
+> **From:** "Gabriela Laureano" \<glaureano@contoso.com\> <br> **To:** Birdwatcher's Discussion List \<birdwatchers@fabrikam.com\> <br> **Subject:** Great viewing of blue jays at the top of Mt. Rainier this week <p> Anyone want to check out the viewing this week from Mt. Rainier?
+
+The mailing list server receives the message, modifies its content, and replays it to the members of list. The replayed message has the same From address (glaureano@contoso.com), but a tag is added to the subject line, and a footer is added to the bottom of the message. This type of modification is common in mailing lists, and may result in false positives for spoofing.
+
+> **From:** "Gabriela Laureano" \<glaureano@contoso.com\> <br> **To:** Birdwatcher's Discussion List \<birdwatchers@fabrikam.com\> <br> **Subject:** [BIRDWATCHERS] Great viewing of blue jays at the top of Mt. Rainier this week <p> Anyone want to check out the viewing this week from Mt. Rainier? <p> This message was sent to the Birdwatchers Discussion List. You can unsubscribe at any time.
+
+To help mailing list messages pass anti-spoofing checks, do following steps based on whether you control the mailing list:
+
+- Your organization owns the mailing list:
+
+ - Check the FAQ at DMARC.org: [I operate a mailing list and I want to interoperate with DMARC, what should I do?](https://dmarc.org/wiki/FAQ#I_operate_a_mailing_list_and_I_want_to_interoperate_with_DMARC.2C_what_should_I_do.3F).
+
+ - Read the instructions at this blog post: [A tip for mailing list operators to interoperate with DMARC to avoid failures](/archive/blogs/tzink/a-tip-for-mailing-list-operators-to-interoperate-with-dmarc-to-avoid-failures).
+
+ - Consider installing updates on your mailing list server to support ARC, see <http://arc-spec.org>.
+
+- Your organization doesn't own the mailing list:
+
+ - Ask the maintainer of the mailing list to configure email authentication for the domain that the mailing list is relaying from.
+
+ When enough senders reply back to domain owners that they should set up email authentication records, it spurs them into taking action. While Microsoft also works with domain owners to publish the required records, it helps even more when individual users request it.
+
+ - Create inbox rules in your email client to move messages to the Inbox. You can also ask your admins to configure overrides as discussed in the [Use spoof intelligence to configure permitted senders of unauthenticated email](email-validation-and-authentication.md#use-spoof-intelligence-to-configure-permitted-senders-of-unauthenticated-email).
+
+ - Create a support ticket with Microsoft 365 to create an override for the mailing list to treat it as legitimate. For more information, see [Contact support for business products - Admin Help](../../admin/contact-support-for-business-products.md).
+
+If all else fails, you can report the message as a false positive to Microsoft. For more information, see [Report messages and files to Microsoft](report-junk-email-messages-to-microsoft.md).
+
+You may also contact your admin who can raise it as a support ticket with Microsoft. The Microsoft engineering team will investigate why the message was marked as a spoof.
+
+## Considerations for anti-spoofing protection
+
+If you're an admin who currently sends messages to Microsoft 365, you need to ensure that your email is properly authenticated. Otherwise, it might be marked as spam or phishing. For more information, see [Solutions for legitimate senders who are sending unauthenticated email](email-validation-and-authentication.md#solutions-for-legitimate-senders-who-are-sending-unauthenticated-email).
+
+Senders in an individual user's (or admin's) Safe Senders list will bypass parts of the filtering stack, including spoof protection. For more information, see [Outlook Safe Senders](create-safe-sender-lists-in-office-365.md#use-outlook-safe-senders).
+
+Admins should avoid (when possible) using allowed sender lists or allowed domain lists. These senders bypass all spam, spoofing, and phishing protection, and also sender authentication (SPF, DKIM, DMARC). For more information, see [Use allowed sender lists or allowed domain lists](create-safe-sender-lists-in-office-365.md#use-allowed-sender-lists-or-allowed-domain-lists).
security Attack Simulation Training Faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-365-security/attack-simulation-training-faq.md
+
+ Title: Attack simulation training deployment considerations and FAQ
+f1.keywords:
+ - NOCSH
+++
+audience: ITPro
++
+localization_priority: Normal
+search.appverid:
+ - MET150
+ - MOE150
+ms.assetid:
+
+ - M365-security-compliance
+ - m365initiative-m365-defender
+
+ - seo-marvel-apr2020
+description: Admins can learn about deployment considerations and frequently asked questions regarding Attack simulation and training in Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2 organizations.
+ms.technology: mdo
++
+# Attack simulation training deployment considerations and FAQ
+
+Attack simulation training is now [generally available](https://techcommunity.microsoft.com/t5/microsoft-security-and/attack-simulation-training-in-microsoft-defender-for-office-365/ba-p/2037291). Attack simulation training enables Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2 organizations to measure and manage social engineering risk by allowing the creation and management of phishing simulations that are powered by real-world, de-weaponized phishing payloads. Hyper-targeted training, delivered in partnership with Terranova security, helps improve knowledge and change employee behavior.
+
+For more information about getting started with Attack simulation training, see [Get started using Attack simulation training](attack-simulation-training-get-started.md).
+
+While the whole simulation creation and scheduling experience has been designed to be free-flowing and frictionless, running simulations at an enterprise scale often requires planning. This article helps address specific challenges that we see as our customers run simulations in their own environments.
+
+## Issues with end user experiences
+
+### Phishing simulation URLs blocked by Google Safe Browsing
+
+A URL reputation service might identify one or more of the URLs that are used by Attack simulation training as unsafe. Google Safe Browsing in Google Chrome blocks some of the simulated phishing URLs with a **Deceptive site ahead** message. While we work with many URL reputation vendors to always allow our simulation URLs, we don't always have full coverage.
+
+![Deceptive site ahead warning in Google Chrome](../../media/attack-sim-chrome-deceptive-site-message.png)
+
+Note that this issue does not affect Microsoft Edge.
+
+As part of the planning phase, be sure to check the availability of the URL in your supported web browsers before you use the URL in a phishing campaign. If the URLs are blocked by Google Safe Browsing, [follow this guidance](https://support.google.com/chrome/a/answer/7532419) from Google to allow access to the URLs.
+
+Refer to [Get started using Attack simulation training](attack-simulation-training-get-started.md) for the list of URLs that are currently used by Attack simulation training.
+
+### Phishing simulation and admin URLs blocked by network proxy solutions and filter drivers
+
+Both phishing simulation URLs and admin URLs might be blocked or dropped by your intermediate security devices or filters. For example:
+
+- Firewalls
+- Web Application Firewall (WAF) solutions
+- Third-party filter drivers (for example, kernel mode filters)
+
+While we have seen few customers being blocked at this layer, it does happen. If you encounter problems, consider configuring the following URLs to bypass scanning by your security devices or filters as required:
+
+- The simulated phishing URLs as described in [Get started using Attack simulation training](attack-simulation-training-get-started.md).
+- <https://security.microsoft.com/attacksimulator>
+- <https://security.microsoft.com/attacksimulationreport>
+- <https://security.microsoft.com/trainingassignments>
+
+### Simulation messages not delivered to all targeted users
+
+It's possible that the number of users who actually receive the simulation email messages is less than the number of users who were targeted by the simulation. The following types of users will be excluded as part of target validation:
+
+- Invalid recipient email addresses.
+- Guest users.
+- Users that are no longer active in Azure Active Directory (Azure AD).
+
+Only valid, non-guest users with a valid mailbox will be included in simulations. If you use distribution groups or mail-enabled security groups to target users, you can use the [Get-DistributionGroupMember](/powershell/module/exchange/get-distributiongroupmember) cmdlet in [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell) to view and validate distribution group members.
+
+## Issues with Attack simulation training reporting
+
+### Attack simulation training reports do not contain any activity details
+
+Attack simulation training comes with rich, actionable insights that keep you informed of the threat readiness progress of your employees. If Attack simulation training reports are not populated with data, verify that audit log search is turned on in your organization (it's on by default).
+
+Audit log search is required by Attack simulation training so events can be captured, recorded, and read back. Turning off audit log search has the following consequences for Attack simulation training:
+
+- Reporting data is not available across all reports. The reports will appear empty.
+- Training assignments are blocked, because data is not available.
+
+To turn on audit log search, see [Turn audit log search on or off](../../compliance/turn-audit-log-search-on-or-off.md).
+
+> [!NOTE]
+> Empty activity details can also be caused by no E5 licenses being assigned to users. Verify at least one E5 license is assigned to an active user to ensure that reporting events are captured and recorded.
+
+### Simulation reports are not updated immediately
+
+Detailed simulation reports are not updated immediately after you launch a campaign. Don't worry; this behavior is expected.
+
+Every simulation campaign has a lifecycle. When first created, the simulation is in the **Scheduled** state. When the simulation starts, it transitions to the **In progress** state. When completed, the simulation transitions to the **Completed** state.
+
+While a simulation is in the **Scheduled** state, the simulation reports will be mostly empty. During this stage, the simulation engine is resolving the target user email addresses, expanding distribution groups, removing guest users from the list, etc.:
+
+![Reporting in the Scheduled state](../../media/attack-sim-empty-reporting.png)
+
+Once the simulation enters the **In progress** stage, you will notice information starting to trickle into the reporting:
+
+![Reporting in the In progress state](../../media/attack-sim-in-progress.png)
+
+It can take up to 30 minutes for the individual simulation reports to update after the transition to the **In progress** state. The report data continues to build until the simulation reaches the **Completed** state. Reporting updates occur at the following intervals:
+
+- Every 10 minutes for the first 60 minutes.
+- Every 15 minutes after 60 minutes until 2 days.
+- Every 30 minutes after 2 days until 7 days.
+- Every 60 minutes after 7 days.
+
+Widgets on the **Overview** page provide a quick snapshot of your organization's simulation-based security posture over time. Because these widgets reflect your overall security posture and journey over time, they're updated after each simulation campaign is completed.
+
+> [!NOTE]
+> You can use the **Export** option on the various reporting pages to extract data.
+
+### Messages reported as phishing by users aren't appearing in simulation reports
+
+Simulation reports in Attack simulator training provide details on user activity. For example:
+
+- Users who clicked on the link in the message.
+- Users who gave up their credentials.
+- Users who reported the message as phishing.
+
+If messages that users reported as phishing aren't captured in Attack simulation training simulation reports, there might be an Exchange mail flow rule (also known as a transport rule) that's blocking the delivery of the reported messages to Microsoft. Verify that any mail flow rules aren't blocking delivery to the following email addresses:
+
+- junk@office365.microsoft.com
+- abuse@messaging.microsoft.com
+- phish@office365.microsoft.com
+- not\_junk@office365.microsoft.com
+
+## Other frequently asked questions
+
+### Q: What is the recommended method to target users for simulation campaigns?
+
+A: Several options are available to target users:
+
+- Include all users (currently available to organizations with less than 40,000 users).
+- Choose specific users.
+- Select users from a CSV file.
+- Azure AD group-based targeting.
+
+We've found that campaigns where the targeted users are identified by Azure AD groups are generally easier to manage.
+
+### Q: Are there any limits in targeting users while importing from a CSV or adding users?
+
+A: The limit for importing recipients from a CSV file or adding individual recipients to a simulation is 40,000.
+
+A recipient can be an individual user or a group. A group might contain hundreds or thousands of recipients, so an actual limit isn't placed on the number of individual users.
+
+Managing a large CSV file or adding many individual recipients can be cumbersome. Using Azure AD groups will simplify the overall management of the simulation.
+
+### Q: Does Microsoft provide payloads in other languages?
+
+A: Currently, there are 5 localized payloads available. We've noticed than any direct or machine translations of existing payloads to other languages will lead to inaccuracies and decreased relevance.
+
+That being said, you can create your own payload in the language of your choice using the custom payload authoring experience. We also strongly recommend that you harvest existing payloads that were used to target users in a specific geography. In other words, let the attackers localize the content for you.
+
+### Q: How can I switch to other languages for my admin portal and training experience?
+
+A: In Microsoft 365 or Office 365, language configuration is specific and centralized for each user account. For instructions on how to change your language setting, see [Change your display language and time zone in Microsoft 365 for Business](https://support.microsoft.com/office/6f238bff-5252-441e-b32b-655d5d85d15b).
+
+Note that the configuration change might take up to 30 minutes to synchronize across all services.
+
+### Q: Can I trigger a test simulation to understand what it looks like prior to launching a full-fledged campaign?
+
+A: Yes you can! On the very last **Review Simulation** page in the wizard to create a new simulation, there's an option to **Send a test**. This option will send a sample phishing simulation message to the currently logged in user. After you validate the phishing message in your Inbox, you can submit the simulation.
+
+![Send a test button on the Review simulation page](../../media/attack-sim-review-simulation-page.png)
+
+### Q: Can I target users that belong to a different tenant as part of the same simulation campaign?
+
+A: No. Currently, cross-tenant simulations are not supported. Verify that all of your targeted users are in the same tenant. Any cross-tenant users or guest users will be excluded from the simulation campaign.
+
+### Q: How does region aware delivery work?
+
+A: Region aware delivery uses the TimeZone attribute of the targeted user's mailbox and 'not before' logic to determine when to deliver the message. For example, consider the following scenario:
+
+- At 7:00 AM in the Pacific time zone (UTC-8), an admin creates and schedules a campaign to start at 9:00 AM on the same day.
+- UserA is in the Eastern time zone (UTC-5).
+- UserB is also in the Pacific time zone.
+
+At 9:00 AM on the same day, the simulation message is sent to UserB. With region-aware delivery, the message is not sent to UserA on the same day, because 9:00 AM Pacific time is 12:00 PM Eastern time. Instead, the message is sent to UserA at 9:00 AM Eastern time on the following day.
+
+So, on the initial run of a campaign with region aware delivery enabled, it might appear that the simulation message was sent only to users in a specific time zone. But, as time passes and more users come into scope, the targeted users will increase.
security Attack Simulation Training Get Started https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-365-security/attack-simulation-training-get-started.md
+
+ Title: Get started using Attack simulation training
+f1.keywords:
+ - NOCSH
+++
+audience: ITPro
++
+localization_priority: Normal
+search.appverid:
+ - MET150
+ - MOE150
+ms.assetid:
+
+ - M365-security-compliance
+ - m365initiative-m365-defender
+
+ - seo-marvel-apr2020
+description: Admins can learn how to use Attack simulation training to run simulated phishing and password attacks in their Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2 organizations.
+ms.technology: mdo
++
+# Get started using Attack simulation training
++
+If your organization has Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2, which includes [Threat Investigation and Response capabilities](office-365-ti.md), you can use Attack simulation training in the Microsoft Security Center to run realistic attack scenarios in your organization. These simulated attacks can help you identify and find vulnerable users before a real attack impacts your bottom line. Read this article to learn more.
+
+> [!NOTE]
+> Attack simulation training replaces the old Attack Simulator v1 experience that's described in [Attack Simulator in Microsoft Defender for Office 365](attack-simulator.md).
+
+## What do you need to know before you begin?
+
+- To open the Microsoft Security Center, go to <https://security.microsoft.com/>. Attack simulation training is available at **Email and collaboration** \> **Attack simulation training**. To go directly to Attack simulation training, open <https://security.microsoft.com/attacksimulator>.
+
+- For more information about the availability of Attack simulation training across different Microsoft 365 subscriptions, see [Microsoft Defender for Office 365 service description](/office365/servicedescriptions/office-365-advanced-threat-protection-service-description).
+
+- You need to be assigned permissions in the Security & Compliance Center or in Azure Active Directory before you can do the procedures in this article. Specifically, you need to be a member of **Organization Management**, **Security Administrator**, or one of the following roles:
+ - **Attack Simulator Administrators**: Create and managed all aspects of attack simulation campaigns.
+ - **Attack Simulator Payload Authors**: Create attack payloads that an admin can initiate later.
+
+ For more information, see [Permissions in the Security & Compliance Center](permissions-in-the-security-and-compliance-center.md) or [About admin roles](../../admin/add-users/about-admin-roles.md).
+
+- There are no corresponding PowerShell cmdlets for Attack simulation training.
+
+- Attack simulation and training related data is stored with other customer data for Microsoft 365 services. For more information see [Microsoft 365 data locations](../../enterprise/o365-data-locations.md). Attack simulation is available in the following regions: NAM, APC, EUR, IND, CAN, AUS, FRA, GBR, JPN, and KOR.
+
+## Simulations
+
+*Phishing* is a generic term for email attacks that try to steal sensitive information in messages that appear to be from legitimate or trusted senders. *Phishing* is a part of a subset of techniques we classify as _social engineering_.
+
+In Attack simulation training, multiple types of social engineering techniques are available:
+
+- **Credential harvest**: An attacker sends the recipient a message that contains a URL. When the recipient clicks on the URL, they're taken to a website that typically shows a dialog box that asks the user for their username and password. Typically, the destination page is themed to represent a well-known website in order to build trust in the user.
+
+- **Malware attachment**: An attacker sends the recipient a message that contains an attachment. When the recipient opens the attachment, arbitrary code (for example, a macro) is run on the user's device to help the attacker install additional code or further entrench themselves.
+
+- **Link in attachment**: This is a hybrid of a credential harvest. An attacker sends the recipient a message that contains a URL inside of an attachment. When the recipient opens the attachment and clicks on the URL, they're taken to a website that typically shows a dialog box that asks the user for their username and password. Typically, the destination page is themed to represent a well-known website in order to build trust in the user.
+
+- **Link to malware**: An attacker sends the recipient a message that contains a link to an attachment on a well-known file sharing site (for example, SharePoint Online or Dropbox). When the recipient clicks on the URL, the attachment opens and arbitrary code (for example, a macro) is run on the user's device to help the attacker install additional code or further entrench themselves.
+
+- **Drive-by-url**: An attacker sends the recipient a messages that contains a URL. When the recipient clicks on the URL, they're taken to a website that tries to run background code. This background code attempts to gather information about the recipient or deploy arbitrary code on their device. Typically, the destination website is a well-known website that has been compromised or a clone of a well-known website. Familiarity with the website helps convince the user that the link is safe to click. This technique is also known as a _watering hole attack_.
+
+> [!NOTE]
+> Check the availability of the simulated phishing URL in your supported web browsers before you use the URL in a phishing campaign. While we work with many URL reputation vendors to always allow these simulation URLs, we don't always have full coverage (for example, Google Safe Browsing). Most vendors provide guidance that allows you to always allow specific URLs (for example, <https://support.google.com/chrome/a/answer/7532419>).
+
+The URLs that are used by Attack simulation training are described in the following list:
+
+- <https://www.mcsharepoint.com>
+- <https://www.attemplate.com>
+- <https://www.doctricant.com>
+- <https://www.mesharepoint.com>
+- <https://www.officence.com>
+- <https://www.officenced.com>
+- <https://www.officences.com>
+- <https://www.officentry.com>
+- <https://www.officested.com>
+- <https://www.prizegives.com>
+- <https://www.prizemons.com>
+- <https://www.prizewel.com>
+- <https://www.prizewings.com>
+- <https://www.shareholds.com>
+- <https://www.sharepointen.com>
+- <https://www.sharepointin.com>
+- <https://www.sharepointle.com>
+- <https://www.sharesbyte.com>
+- <https://www.sharession.com>
+- <https://www.sharestion.com>
+- <https://www.templateau.com>
+- <https://www.templatent.com>
+- <https://www.templatern.com>
+- <https://www.windocyte.com>
+
+### Create a simulation
+
+For step by step instructions on how to create and send a new simulation, see [Simulate a phishing attack](attack-simulation-training.md).
+
+### Create a payload
+
+For step by step instructions on how to create a payload for use within a simulation, see [Create a custom payload for Attack simulation training](attack-simulation-training-payloads.md).
+
+### Gaining insights
+
+For step by step instructions on how to gain insights with reporting, see [Gain insights through Attack simulation training](attack-simulation-training-insights.md).
+
+> [!NOTE]
+> Attack Simulator uses Safe Links in Defender for Office 365 to securely track click data for the URL in the payload message that's sent to targeted recipients of a phishing campaign, even if the **Do not track user clicks** setting in Safe Links policies is turned on.
security Attack Simulation Training Insights https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-365-security/attack-simulation-training-insights.md
+
+ Title: Gain insights through Attack simulation training
+++
+audience: ITPro
+
+localization_priority: Normal
+
+ - M365-security-compliance
+ - m365initiative-defender-office365
+description: Admins can learn how Attack simulation training in the Microsoft 365 security center affects employees and can gain insights from simulation and training outcomes.
+ms.technology: mdo
++
+# Gain insights through Attack simulation training
+
+Within Attack simulation training, Microsoft provides you with insights based on outcomes of simulations and trainings that employees went through. These insights will help keep you informed on the threat readiness progress of your employees, as well as recommend next steps to better prepare your employees and your environment for attacks.
+
+We are continuously working on expanding the insights that are available to you. Behavior impact and recommended actions are currently available. To start, head over to [Attack simulation training in the Microsoft 365 security center](https://security.microsoft.com/attacksimulator?viewid=overview).
+
+## Behavior impact on compromise rate
+
+On the **Overview** tab of Attack simulation training, you'll find the **behavior impact on compromise rate** card. This card shows how employees dealt with the simulations you ran in contrast to the **predicted compromise rate**. You can use these insights to track progress in employees threat readiness by running multiple simulations against the same groups of employees.
+
+In the graph you can see:
+
+- **Predicted compromise rate** which reflects the average compromise rate for simulations using the same type of payload across other Microsoft 365 tenants that use Attack simulation training.
+- **Actual compromise rate** reflects the percentage of employees that fell for the simulation.
+
+Additionally, `<number> less susceptible to phishing` reflects the difference between actual number of employees compromised by the attack and the predicted compromise rate. This number of employees is less likely to be compromised by similar attacks in the future, while `<percent%> better than predicted rate` indicates how employees did overall in contrast with the predicted compromise rate.
+
+> [!div class="mx-imgBorder"]
+> ![Behavior impact card on Attack simulation training overview](../../media/attack-sim-preview-behavior-impact-card.png)
+
+To see a more detailed report, click **View simulations and training efficacy report**. This report provides the same information with additional context from the simulation itself (for example, simulation technique and total users targeted).
+
+## Recommended actions
+
+On the [**Simulations** tab](https://security.microsoft.com/attacksimulator?viewid=simulations), selecting a simulation will take you to the simulation details, where you'll find the **Recommended actions** section.
+
+The recommended actions section details recommendations as available in [Microsoft Secure Score](https://docs.microsoft.com/microsoft-365/security/defender/microsoft-secure-score). These recommendations are based on the payload used in the simulation, and will help you protect your employees and your environment. Clicking on each improvement action will take you to its details.
+
+> [!div class="mx-imgBorder"]
+> ![Recommendation actions section on Attack simulation training](../../media/attack-sim-preview-recommended-actions.png)
+
+## Related Links
+
+[Get started using Attack simulation training](attack-simulation-training-get-started.md)
+
+[Create a phishing attack simulation](attack-simulation-training.md)
+
+[create a payload for training your people](attack-simulation-training-payloads.md)
security Attack Simulation Training Payloads https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-365-security/attack-simulation-training-payloads.md
+
+ Title: Create a payload for Attack simulation training
+++
+audience: ITPro
+
+localization_priority: Normal
+
+ - M365-security-compliance
+ - m365initiative-defender-office365
+description: Admins can learn how to create custom payloads for Attack simulation training in Microsoft Defender for Office 365.
+ms.technology: mdo
++
+# Create a custom payload for Attack simulation training
+
+Microsoft offers a robust payload catalog for various social engineering techniques to pair with your attack simulation training. However, you might want to create custom payloads that will work better for your organization. This article describes how to create a payload in Attack simulation training in Microsoft Defender for Office 365.
+
+You can create a payload by clicking on **Create a payload** in either the [dedicated **Payloads** tab](https://security.microsoft.com/attacksimulator?viewid=payload) or within the [simulation creation wizard](attack-simulation-training.md#selecting-a-payload).
+
+The first step in the wizard will have you select a payload type. **Currently, only email is available**.
+
+Next, select an associated technique. See more details on techniques at [Selecting a social engineering technique](attack-simulation-training.md#selecting-a-social-engineering-technique).
+
+In the next step name your payload. Optionally, you can give it a description.
+
+## Configure payload
+
+Now it's time to build your payload. Input the sender's name, email address, and the email's subject in the **Sender details** section. Pick a phishing URL from the provided list. This URL will later be embedded into the body of the message.
+
+> [!TIP]
+> You can choose an internal email for your payload's sender, which will make the payload appear as coming from another employee of the company. This will increase susceptibility to the payload and will help educate employees on the risk of internal threats.
+
+A rich text editor is available to create your payload. You can also import an email that you've created beforehand. As you create the body of the email, take advantage of the **dynamic tags** to personalize the email to your targets. Click **Phishing link** to add the previously selected phishing URL into the body of the message.
+
+![Phishing link and dynamic tags highlighted in payload creation for Microsoft Defender for Office 365](../../media/attack-sim-preview-payload-email-body.png)
+
+> [!TIP]
+> To save time, toggle on the option to **replace all links in the email message with the phishing link**.
+
+Once you're done building the payload to your liking, click **Next**.
+
+## Adding indicators
+
+Indicators will help employees going through the attack simulation understand the clue they can look for in future attacks. To start, click **Add indicator**.
+
+Select an indicator you'd like to use from the drop-down list. This list is curated to contain the most common clues that appear in phishing email messages. Once selected, make sure the indicator placement is set to **From the body of the email** and click on **Select text**. Highlight the portion of your payload where this indicator appears and click **Select**.
+
+![Highlighted text in message body to add to an indicator in attack simulation training](../../media/attack-sim-preview-select-text.png)
+
+Add a custom description to describe the indicator and click within the indicator preview frame to see a preview of your indicator. Once done, click **Add**. Repeat these steps until you've covered all indicators in your payload.
+
+## Review payload
+
+You're done building your payload. Now it's time to review the details and see a preview of your payload. The preview will include all indicators that you've created. You can edit each part of the payload from this step. Once satisfied, you can **Submit** your payload.
+
+> [!IMPORTANT]
+> Payloads that you've created will have **Tenant** as their source. When selecting payloads, make sure that you don't filter out **Tenant**.
+
+## Related links
+
+[Get started using Attack simulation training](attack-simulation-training-get-started.md)
+
+[Create a phishing attack simulation](attack-simulation-training.md)
+
+[Gain insights through Attack simulation training](attack-simulation-training-insights.md)
security Attack Simulation Training https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-365-security/attack-simulation-training.md
+
+ Title: Simulate a phishing attack with Microsoft Defender for Office 365
+++
+audience: ITPro
+
+localization_priority: Normal
+
+ - M365-security-compliance
+ - m365initiative-defender-office365
+description: Admins can learn how to simulate phishing attacks and train their users on phishing prevention using Attack simulation training in Microsoft Defender for Office 365.
+ms.technology: mdo
++
+# Simulate a phishing attack
+
+Attack simulation training in Microsoft Defender for Office 365 lets you run benign cyberattack simulations on your organization to test your security policies and practices, as well as train your employees to increase their awareness and decrease their susceptibility to attacks. This article walks you through creating a simulated phishing attack using attack simulation training.
+
+For getting started information about Attack simulation training, see [Get started using Attack simulation training](attack-simulation-training-get-started.md).
+
+To launch a simulated phishing attack, open the [Microsoft 365 security center](https://security.microsoft.com/), go to **Email & collaboration** \> **Attack simulation training**, and switch to the [**Simulations**](https://security.microsoft.com/attacksimulator?viewid=simulations) tab.
+
+Under **Simulations**, select **+ Launch a simulation**.
+
+![Launch a simulation button in Microsoft 365 security center](../../media/attack-sim-preview-launch.png)
+
+> [!NOTE]
+> At any point during simulation creation, you can save and close to continue configuring the simulation at a later time.
+
+## Selecting a social engineering technique
+
+Select from 4 different techniques, curated from the [MITRE ATT&CK® framework](https://attack.mitre.org/techniques/enterprise/). Different payloads are available for different techniques:
+
+- **Credential harvest** attempts to collect credentials by taking users to a well-known looking website with input boxes to submit a username and password.
+- **Malware attachment** adds a malicious attachment to a message. When the user opens the attachment, arbitrary code is run that will help the attacker compromise the target's device.
+- **Link in attachment** is a type of credential harvest hybrid. An attacker inserts a URL into an email attachment. The URL within the attachment follows the same technique as credential harvest.
+- **Link to malware** will run some arbitrary code from a file hosted on a well-known file sharing service. The message sent to the user will contain a link to this malicious file. Opening the file and help the attacker compromise the target's device.
+- **Drive-by URL** is where the malicious URL in the message takes the user to a familiar-looking website that silently runs and/or installs code code on the user's device.
+
+> [!TIP]
+> Clicking on **View details** within the description of each technique will display further information and the simulation steps for the technique.
+>
+> ![Simulation steps for credential harvest within attack simulation training in Microsoft 365 security center](../../media/attack-sim-preview-sim-steps.png)
+
+After you've selected the technique and clicked on **Next**, give your simulation a name and optionally a description.
+
+## Selecting a payload
+
+Next, you'll need to either select a payload from the pre-existing payload catalog.
+
+Payloads have a number of data points to help you choose:
+
+- **Click rate** counts how many people clicked this payload.
+- **Predicted compromise rate** predicts the percentage of people that will get compromised by this payload based on historical data for the payload across Microsoft Defender for Office 365 customers.
+- **Simulations launched** counts the number of times this payload was used in other simulations.
+- **Complexity**, available through **filters**, is calculated based on the number of indicators within the payload that clue targets in on it being an attack. More indicators lead to lower complexity.
+- **Source**, available through **filters**, indicates whether the payload was created on your tenant or is a part of Microsoft's pre-existing payload catalog (global).
+
+![Selected payload within attack simulation training in Microsoft 365 security center](../../media/attack-sim-preview-select-payload.png)
+
+Select a payload from the list to see a preview of the payload with additional information about it.
+
+If you'd like to create your own payload, read [create a payload for attack simulation training](attack-simulation-training-payloads.md).
+
+## Audience targeting
+
+Now it's time to select this simulation's audience. You can choose to **include all users in your organization** or **include only specific users and groups**.
+
+When you choose to **include only specific users and groups** you can either:
+
+- **Add users**, which allows you to leverage search for your tenant, as well as advanced search and filtering capabilities, like targeting users who haven't been targeted by a simulation in the last 3 months.
+ ![User filtering in attack simulation training on Microsoft 365 security center](../../media/attack-sim-preview-user-targeting.png)
+- **Import from CSV** allows you to import a predefined set of users for this simulation.
+
+## Assigning training
+
+We recommend that you assign training for each simulation, as employees who go through training are less susceptible to similar attacks.
+
+You can either choose to have training assigned for you or select training courses and modules yourself.
+
+Select the **training due date** to make sure employees finish their training in a timely manner.
+
+> [!NOTE]
+> If you choose to select courses and modules yourself, you'll still be able to see the recommended content as well as all available courses and modules.
+>
+> ![Adding recommended training within attack simulation training in Microsoft 365 security center](../../media/attack-sim-preview-add-training.png)
+
+In the next steps you'll need to **Add trainings** if you opted to select it yourself, and customize your training landing page. You'll be able to preview the training landing page, as well as change the header and body of it.
+
+## Launch details and review
+
+Now that everything is configured, you can launch this simulation immediately or schedule it for a later date. You will also need to choose when to end this simulation. We will stop capturing interaction with this simulation past the selected time.
+
+**Enable region aware timezone delivery** to deliver simulated attack messages to your employees during their working hours based on their region.
+
+Once you're done, click on **Next** and review the details of your simulation. Click on **Edit** on any of the parts to go back and change any details that need changing. Once done, click **Submit**.
security Attack Simulator https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-365-security/attack-simulator.md
+
+ Title: Attack Simulator in Microsoft Defender for Office 365
+f1.keywords:
+ - NOCSH
+++
+audience: ITPro
++
+localization_priority: Normal
+search.appverid:
+ - MET150
+ - MOE150
+ms.assetid: da5845db-c578-4a41-b2cb-5a09689a551b
+
+ - M365-security-compliance
+ - m365initiative-defender-office365
+
+ - seo-marvel-apr2020
+description: Admins can learn how to use Attack Simulator to run simulated phishing and password attacks in their Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2 organizations.
+ms.technology: mdo
++
+# Attack Simulator in Microsoft Defender for Office 365
++
+**Applies to**
+ [Microsoft Defender for Office 365 plan 2](defender-for-office-365.md)
+
+If your organization has Microsoft Defender for Office 365 Plan 2, which includes [Threat Investigation and Response capabilities](office-365-ti.md), you can use Attack Simulator in the Security & Compliance Center to run realistic attack scenarios in your organization. These simulated attacks can help you identify and find vulnerable users before a real attack impacts your bottom line. Read this article to learn more.
+
+> [!NOTE]
+>
+> Attack Simulator as described in this article is now read-only and has been replaced by **Attack simulation training** in the **Email & collaboration** node in the [Microsoft 365 security center](https://security.microsoft.com). For more information, see [Get started using Attack simulation training](attack-simulation-training-get-started.md).
+>
+> The ability to launch new simulations from this version of Attack Simulator has been disabled. However, you can still access reports for up to 90 days from January 24, 2021.
+
+## What do you need to know before you begin?
+
+- To open the Security & Compliance Center, go to <https://protection.office.com/>. Attack simulator is available at **Threat management** \> **Attack simulator**. Go go directly to attack simulator, open <https://protection.office.com/attacksimulator>.
+
+- For more information about the availability of Attack Simulator across different Microsoft 365 subscriptions, see [Microsoft Defender for Office 365 service description](/office365/servicedescriptions/office-365-advanced-threat-protection-service-description).
+
+- You need to be a member of the **Organization Management** or **Security Administrator** role groups. For more information about role groups in the Security & Compliance Center, see [Permissions in the Security & Compliance Center](permissions-in-the-security-and-compliance-center.md).
+
+- Your account needs to be configured for multi-factor authentication (MFA) to create and manage campaigns in Attack Simulator. For instructions, see [Set up multi-factor authentication](../../admin/security-and-compliance/set-up-multi-factor-authentication.md).
+
+- Attack Simulator only works on cloud-based mailboxes.
+
+- Phishing campaigns will collect and process events for 30 days. Historical campaign data will be available for up to 90 days after you launch the campaign.
+
+- Attack simulation and training related data is stored with other customer data for Microsoft 365 services. For more information see [Microsoft 365 data locations](../../enterprise/o365-data-locations.md).
+
+- There are no corresponding PowerShell cmdlets for Attack Simulator.
+
+## Spear phishing campaigns
+
+*Phishing* is a generic term for email attacks that try to steal sensitive information in messages that appear to be from legitimate or trusted senders. *Spear phishing* is a targeted phishing attack that uses focused and customized content that's specifically tailored to the targeted recipients (typically, after reconnaissance on the recipients by the attacker).
+
+In Attack Simulator, two different types of spear phishing campaigns are available:
+
+- **Spear phishing (credentials harvest)**: The attack tries to convince the recipients to click a URL in the message. If they click the link, they're asked to enter their credentials. If they do, they're taken to one of the following locations:
+
+ - A default page that explains that this was a just a test, and gives tips for recognizing phishing messages.
+
+ ![What users see if they click the phishing link and enter their credentials](../../media/attack-simulator-phishing-result.png)
+
+ - A custom page (URL) that you specify.
+
+- **Spear phishing (attachment)**: The attack tries to convince the recipients to open a .docx or .pdf attachment in the message. The attachment contains the same content from the default phishing link, but the first sentence starts with "\<Display Name\>, you are seeing this message as a recent email message you opened...".
+
+> [!NOTE]
+> Currently, spear phishing campaigns in Attack Simulator don't expire.
+
+### Create a spear phishing campaign
+
+An important part of any spear phishing campaign is the look and feel of the email message that's sent to the targeted recipients. To create and configure the email message, you have these options:
+
+- **Use a built-in email template**: Two built-in templates are available: **Prize Giveaway** and **Payroll Update**. You can further customize some, all, or none of the email properties from the template when you create and launch the campaign.
+
+- **Create a reusable email template**: After you create and save the email template, you can use it again in future spear phishing campaigns. You can further customize some, all, or none of the email properties from the template when you create and launch the campaign.
+
+- **Create the email message in the wizard**: You can create the email message directly in the wizard as you create and launch the spear phishing campaign.
+
+#### Step 1 (Optional): Create a custom email template
+
+If you're going to use one of the built-in templates or create the email message directly in the wizard, you can skip this step.
+
+1. In the Security & Compliance Center, go to **Threat management** \> **Attack simulator**.
+
+2. On the **Simulate attacks** page, in either the **Spear Phishing (Credentials Harvest)** or **Spear Phishing (Attachment)** sections, click **Attack Details**.
+
+ It doesn't matter where you create the template. The available options in the template are the same for both types of phishing attacks.
+
+3. In the **Attack details** page that opens, in the **Phishing Templates** section, in the **Create Templates** area, click **New Template**.
+
+4. The **Configure Phishing Template** wizard starts in a new flyout. In the **Start** step, enter a unique display name for the template, and then click **Next**.
+
+5. In the **Configure email details** step, configure the following settings:
+
+ - **From (Name)**: The display name that's used for the message sender.
+
+ - **From (Email)**: The sender's email address.
+
+ - **Phishing Login Server URL**: Click the drop down and select one of the available URLs from the list. This is the URL that users will be tempted to click. The choices are:
+
+ - <http://portal.docdeliveryapp.com>
+ - <http://portal.docdeliveryapp.net>
+ - <http://portal.docstoreinternal.com>
+ - <http://portal.docstoreinternal.net>
+ - <http://portal.hardwarecheck.net>
+ - <http://portal.hrsupportint.com>
+ - <http://portal.payrolltooling.com>
+ - <http://portal.payrolltooling.net>
+ - <http://portal.prizegiveaway.net>
+ - <http://portal.prizesforall.com>
+ - <http://portal.salarytoolint.com>
+ - <http://portal.salarytoolint.net>
+
+ > [!NOTE]
+ >
+ > A URL reputation service might identify one or more of these URLs as unsafe. Check the availability of the URL in your supported web browsers before you use the URL in a phishing campaign.
+
+ - **Custom Landing Page URL**: Enter an optional landing page where users are taken if they click the phishing link and enter their credentials. This link replaces the default landing page. For example, if you have internal awareness training, you can specify that URL here.
+
+ - **Category**: Currently, this setting isn't used (anything you enter is ignored).
+
+ - **Subject**: The **Subject** field of the email message.
+
+ When you're finished, click **Next**.
+
+6. In the **Compose email** step, create the message body of the email message. You can use the **Email** tab (a rich HTML editor) or the **Source** tab (raw HTML code).
+
+ The HTML formatting can be as simple or complex as you need it to be. You can insert images and text to enhance the believability of the message in the recipient's email client.
+
+ - `${username}` inserts the recipient's name.
+
+ - `${loginserverurl}` inserts the **Phishing Login Server URL** value from the previous step.
+
+ When you're finished, click **Next**.
+
+7. In the **Confirm** step, click **Finish**.
+
+#### Step 2: Create and launch the spear phishing campaign
+
+1. In the Security & Compliance Center, go to **Threat management** \> **Attack simulator**.
+
+2. On the **Simulate attacks** page, make one of the following selections based on the type of campaign you want to create:
+
+ - In the **Spear Phishing (Credentials Harvest)** section, click **Launch Attack** or click **Attack Details** \> **Launch Attack**.
+
+ - In the **Spear Phishing (Attachment)** section, click **Launch Attack** or click **Attack Details** \> **Launch Attack**.
+
+3. The **Configure Phishing Attack** wizard starts in a new flyout. In the **Start** step, do one of the following steps:
+
+ - In the **Name** box, enter a unique display name for the campaign. Don't click **Use Template**, because you'll create the email message later in the wizard.
+
+ - Click **Use Template** and select a built-in or custom email template. After you select the template, the **Name** box is automatically filled based on the template, but you can change the name.
+
+ > [!div class="mx-imgBorder"]
+ > ![Phishing Start Page](../../media/5e93b3cc-5981-462f-8b45-bdf85d97f1b8.jpg)
+
+ When you're finished, click **Next**.
+
+4. In the **Target recipients** step, do one of the following steps:
+
+ - Click **Address Book** to select the recipients (users or groups) for the campaign. Each targeted recipient must have an Exchange Online mailbox. If you click **Filter** and **Apply** without entering a search criteria, all recipients are returned and added to the campaign.
+
+ - Click **Import** then **File Import** to import a comma-separated value (CSV) or line-separated file of email addresses. Each line must contain the recipient's email address.
+
+ When you're finished, click **Next**.
+
+5. In the **Configure email details** step, configure the following settings:
+
+ If you selected a template in the **Start** step, most of these values are already configured, but you can change them.
+
+ - **From (Name)**: The display name that's used for the message sender.
+
+ - **From (Email)**: The sender's email address. You can enter a real or fake email address from your organization's email domain, or you can enter a real or fake external email address. A valid sender email address from your organization will actually resolve in the recipient's email client.
+
+ - **Phishing Login Server URL**: Click the drop down and select one of the available URLs from the list. This is the URL that users will be tempted to click. The choices are:
+
+ - <http://portal.docdeliveryapp.com>
+ - <http://portal.docdeliveryapp.net>
+ - <http://portal.docstoreinternal.com>
+ - <http://portal.docstoreinternal.net>
+ - <http://portal.hardwarecheck.net>
+ - <http://portal.hrsupportint.com>
+ - <http://portal.payrolltooling.com>
+ - <http://portal.payrolltooling.net>
+ - <http://portal.prizegiveaway.net>
+ - <http://portal.prizesforall.com>
+ - <http://portal.salarytoolint.com>
+ - <http://portal.salarytoolint.net>
+
+ > [!NOTE]
+ >
+ > - All of the URLs are intentionally http, not https.
+ >
+ > - A URL reputation service might identify one or more of these URLs as unsafe. Check the availability of the URL in your supported web browsers before you use the URL in a phishing campaign.
+ >
+ > - You are required to select a URL. For **Spear Phishing (Attachment)** campaigns, you can remove the link from the body of the message in the next step (otherwise, the message will contain both a link **and** an attachment).
+
+ - **Attachment Type**: This setting is only available in **Spear Phishing (Attachment)** campaigns. Click the drop down and select **.DOCX** or **.PDF** from the list.
+
+ - **Attachment Name**: This setting is only available in **Spear Phishing (Attachment)** campaigns. Enter a filename for the .docx or .pdf attachment.
+
+ - **Custom Landing Page URL**: Enter an optional landing page where users are taken if they click the phishing link and enter their credentials. This link replaces the default landing page. For example, if you have internal awareness training, you can specify that URL here.
+
+ - **Subject**: The **Subject** field of the email message.
+
+ When you're finished, click **Next**.
+
+6. In the **Compose email** step, create the message body of the email message. If you selected a template in the **Start** step, the message body is already configured, but you can customize it. You can use the **Email** tab (a rich HTML editor) or the **Source** tab (raw HTML code).
+
+ The HTML formatting can be as simple or complex as you need it to be. You can insert images and text to enhance the believability of the message in the recipient's email client.
+
+ - `${username}` inserts the recipient's name.
+
+ - `${loginserverurl}` inserts the **Phishing Login Server URL** value.
+
+ For **Spear Phishing (Attachment)** campaigns, you should remove the link from the body of the message (otherwise, the message will contain both a link **and** an attachment, and link clicks aren't tracked in an attachment campaign).
+
+ > [!div class="mx-imgBorder"]
+ > ![Compose Email Body](../../media/9bd65af4-1f9d-45c1-8c06-796d7ccfd425.jpg)
+
+ When you're finished, click **Next**.
+
+7. In the **Confirm** step, click **Finish** to launch the campaign. The phishing message is delivered to the targeted recipients.
+
+## Password attack campaigns
+
+A *password attack* tries to guess passwords for user accounts in an organization, typically after the attacker has identified one or more valid user accounts.
+
+In Attack Simulator, two different types of password attack campaigns are available for you to test the complexity of your users' passwords:
+
+- **Brute force password (dictionary attack)**: A *brute force* or *dictionary* attack uses a large dictionary file of passwords on a user account with the hope that one of them will work (many passwords against one account). Incorrect password lock-outs help deter brute force password attacks.
+
+ For the dictionary attack, you can specify one or many passwords to try (manually entered or in an uploaded file), and you can specify one or many users.
+
+- **Password spray attack**: A *password spray* attack uses the same carefully considered password against a list of user accounts (one password against many accounts). Password spray attacks are harder to detect than brute force password attacks (the probability of success increases when an attacker tries one password across dozens or hundreds of accounts without the risk of tripping the user's incorrect password lock-out).
+
+ For the password spray attack, you can only specify one password to try, and you can specify one or many users.
+
+> [!NOTE]
+> The password attacks in Attack Simulator pass username and password Basic auth requests to an endpoint, so they also work with other authentication methods (AD FS, password hash sync, pass-through, PingFederate, etc.). For users that have MFA enabled, even if the password attack tries their actual password, the attempt will always register as a failure (in other words, MFA users will never appear in the **Successful attempts** count of the campaign). This is the expected result. MFA is a primary method to help protect against password attacks.
+
+### Create and launch a password attack campaign
+
+1. In the Security & Compliance Center, go to **Threat management** \> **Attack simulator**.
+
+2. On the **Simulate attacks** page, make one of the following selections based on the type of campaign you want to create:
+
+ - In the **Brute Force Password (Dictionary Attack)** section, click **Launch Attack** or click **Attack Details** \> **Launch Attack**.
+
+ - in the **Password spray attack** section, click **Launch Attack** or click **Attack Details** \> **Launch Attack**.
+
+3. The **Configure Password Attack** wizard starts in a new flyout. In the **Start** step, enter a unique display name for the campaign, and then click **Next**.
+
+4. In the **Target users** step, do one of the following steps:
+
+ - Click **Address Book** to select the recipients (users or groups) for the campaign. Each targeted recipient must have an Exchange Online mailbox. If you click **Filter** and **Apply** without entering a search criteria, all recipients are returned and added to the campaign.
+
+ - Click **Import** then **File Import** to import a comma-separated value (CSV) or line-separated file of email addresses. Each line must contain the recipient's email address.
+
+ When you're finished, click **Next**.
+
+5. In the **Choose attack settings** step, choose what to do based on the campaign type:
+
+ - **Brute Force Password (Dictionary Attack)**: Do either of the following steps:
+
+ - **Enter passwords manually**: In the **Press enter to add a password** box, type a password and then press ENTER. Repeat this step as many times as necessary.
+
+ - **Upload passwords from a dictionary file**: Click **Upload** to import an existing text file that contains one password on each line and a blank last line. The text file must be 10 MB or less in size, and can't contain more than 30000 passwords.
+
+ - **Password spray attack**: In **The password(s) to use in the attack** box, enter one password.
+
+ When you're finished, click **Next**.
+
+6. In the **Confirm** step, click **Finish** to launch the campaign. The passwords you specified are tried on users you specified.
+
+## View campaign results
+
+After you launch a campaign, you can check the progress and results on the main **Simulate attacks** page.
+
+Active campaigns will show a status bar, a completed percentage value and "(completed users) of (total users)" count. Clicking the **Refresh** button will update the progress of any active campaigns. You can also click **Terminate** to stop an active campaign.
+
+When the campaign is finished, the status changes to **Attack completed**. You can view the results of the campaign by doing either of the following actions:
+
+- On the main **Simulate attacks** page, click **View Report** under the name of the campaign.
+
+- On the main **Simulate attacks** page, click **Attack Details** in the section for the type of attack. On the **Attack details** page that opens, select the campaign in the **Attack History** section.
+
+Either of the previous actions will take you to a page named **Attack details**. The information that's available on this page for each type of campaign is described in the following sections.
+
+### Spear Phishing (Credentials Harvest) campaign results
+
+The following information is available on the **Attack details** page for each campaign:
+
+- The duration (start date/time and end date/time) of the campaign.
+
+- **Total users targeted**
+
+- **Successful attempts**: The number of users who clicked the link **and** entered their credentials (*any* username and password value).
+
+- **Overall Success Rate**: A percentage that's calculated by **Successful attempts** / **Total users targeted**.
+
+- **Fastest Click**: How long it took the first user to click the link after you launched the campaign.
+
+- **Average Click**: The sum of how long it took everyone to click the link divided by the number of users who clicked the link.
+
+- **Click Success Rate**: A percentage that's calculated by (number of users who clicked the link) / **Total users targeted**.
+
+- **Fastest Credentials**: How long it took the first user to enter their credentials after you launched the campaign.
+
+- **Average Credentials**: The sum of how long it took everyone to enter their credentials divided by the number of users who entered their credentials.
+
+- **Credential Success Rate**: A percentage that's calculated by (number of users who entered their credentials) / **Total users targeted**.
+
+- A bar graph that shows the **Link clicked** and **Credential supplied** numbers per day.
+
+- A circle graph that shows the **Link clicked**, **Credential supplied**, and **None** percentages for the campaign.
+
+- The **Compromised Users** section lists the details of the users who clicked the link:
+
+ - The user's email address
+
+ - The date/time when they clicked the link.
+
+ - The client IP address.
+
+ - Details about the user's version of Windows and web browser.
+
+ You can click **Export** to export the results to a CSV file.
+
+### Spear Phishing (Attachment) campaign results
+
+The following information is available on the **Attack details** page for each campaign:
+
+- The duration (start date/time and end date/time) of the campaign.
+
+- **Total users targeted**
+
+- **Successful attempts**: The number of users who opened or downloaded and opened the attachment (preview doesn't count).
+
+- **Overall Success Rate**: A percentage that's calculated by **Successful attempts** / **Total users targeted**.
+
+- **Fastest attachment open time**: How long it took the first user to open the attachment after you launched the campaign.
+
+- **Average attachment open time**: The sum of how long it took everyone to open the attachment divided by the number of users who opened the attachment.
+
+- **Attachment open success rate**: A percentage that's calculated by (number of users who opened the attachment) / **Total users targeted**.
+
+### Brute Force Password (Dictionary Attack) campaign results
+
+The following information is available on the **Attack details** page for each campaign:
+
+- The duration (start date/time and end date/time) of the campaign.
+
+- **Total users targeted**
+
+- **Successful attempts**: The number of users who were found to be using one of the specified passwords.
+
+- **Overall Success Rate**: A percentage that's calculated by **Successful attempts** / **Total users targeted**.
+
+- The **Compromised Users** section lists the email addresses of the affected users. You can click **Export** to export the results to a CSV file.
+
+### Password spray attack campaign results
+
+The following information is available on the **Attack details** page for each campaign:
+
+- The duration (start date/time and end date/time) of the campaign.
+
+- **Total users targeted**
+
+- **Successful attempts**: The number of users who were found to be using the specified password.
+
+- **Overall Success Rate**: A percentage that's calculated by **Successful attempts** / **Total users targeted**.
security Auditing Reports In Eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-365-security/auditing-reports-in-eop.md
+
+ Title: Auditing reports in standalone EOP
+f1.keywords:
+ - NOCSH
+++ Last updated :
+audience: ITPro
++
+localization_priority: Normal
+ms.assetid: 003d7a74-3e16-4453-ae0c-9dbae51f66d1
+description: Admins can learn about the administrator auditing reports that are available in Exchange Online Protection (EOP)
+ms.technology: mdo
++
+# Auditing reports in standalone EOP
++
+**Applies to**
+- [Exchange Online Protection standalone](exchange-online-protection-overview.md)
+
+In standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, auditing reports can help you meet regulatory, compliance, and litigation requirements for your organization. You can obtain auditing reports at any time to determine the changes that have been made to your EOP configuration. These reports can help you troubleshoot configuration issues or find the cause of security-related or compliance-related problems.
+
+There are two auditing reports available in standalone EOP:
+
+- **Administrator role group report**: The administrator role group report lets you view when a user is added to or removed from membership in an administrator role group. You can use this report to monitor changes to the administrative permissions assigned to users in your organization. For more information, see [Run an administrator role group report in standalone EOP](run-an-administrator-role-group-report-in-eop-eop.md).
+
+- **Administrator audit log**: The administrator audit log records any action (based on standalone EOP PowerShell cmdlets) by an admin or a user with administrative privileges. For more information, see [View the Administrator Audit Log in Exchange Online](/exchange/security-and-compliance/exchange-auditing-reports/view-administrator-audit-log).
security Automated Investigation Response Office https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-365-security/automated-investigation-response-office.md
+
+ Title: How automated investigation and response works in Microsoft Defender for Office 365
+f1.keywords:
+- NOCSH
+++
+audience: ITPro
+
+localization_priority: Normal
+search.appverid:
+- MET150
+- MOE150
+
+- M365-security-compliance
+- m365initiative-defender-office365
+keywords: automated incident response, investigation, remediation, threat protection
Last updated : 01/29/2021
+description: See how automated investigation and response capabilities work in Microsoft Defender for Office 365
+
+- air
+- seo-marvel-mar2020
+ms.technology: mdo
++
+# How automated investigation and response works in Microsoft Defender for Office 365
++
+**Applies to**
+- [Microsoft Defender for Office 365 plan 2](defender-for-office-365.md)
+- [Microsoft 365 Defender](../defender/microsoft-365-defender.md)
+
+As security alerts are triggered, it's up to your security operations team to look into those alerts and take steps to protect your organization. Sometimes, security operations teams can feel overwhelmed by the volume of alerts that are triggered. Automated investigation and response (AIR) capabilities in Microsoft Defender for Office 365 can help.
+
+AIR enables your security operations team to operate more efficiently and effectively. AIR capabilities include automated investigation processes in response to well-known threats that exist today. Appropriate remediation actions await approval, enabling your security operations team to respond to detected threats.
+
+This article describes how AIR works through several examples. When you're ready to get started using AIR, see [Automatically investigate and respond to threats](office-365-air.md).
+
+- [Example 1: A user-reported phish message launches an investigation playbook](#example-a-user-reported-phish-message-launches-an-investigation-playbook)
+- [Example 2: A security administrator triggers an investigation from Threat Explorer](#example-a-security-administrator-triggers-an-investigation-from-threat-explorer)
+- [Example 3: A security operations team integrates AIR with their SIEM using the Office 365 Management Activity API](#example-a-security-operations-team-integrates-air-with-their-siem-using-the-office-365-management-activity-api)
+
+## Example: A user-reported phish message launches an investigation playbook
+
+Suppose that a user in your organization receives an email that they think is a phishing attempt. The user, trained to report such messages, uses the [Report Message add-in](enable-the-report-message-add-in.md) or the [Report Phishing add-in](enable-the-report-phish-add-in.md) to send it to Microsoft for analysis. The submission is also sent to your system and is visible in Explorer in the **Submissions** view (formerly referred to as the **User-reported** view). In addition, the user-reported message now triggers a system-based informational alert, which automatically launches the investigation playbook.
+
+During the root investigation phase, various aspects of the email are assessed. These aspects include:
+
+- A determination about what type of threat it might be;
+- Who sent it;
+- Where the email was sent from (sending infrastructure);
+- Whether other instances of the email were delivered or blocked;
+- An assessment from our analysts;
+- Whether the email is associated with any known campaigns;
+- and more.
+
+After the root investigation is complete, the playbook provides a list of recommended actions to take on the original email and entities associated with it.
+
+Next, several threat investigation and hunting steps are executed:
+
+- Similar email messages are identified via email cluster searches.
+- The signal is shared with other platforms, such as [Microsoft Defender for Endpoint](/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection).
+- A determination is made on whether any users have clicked through any malicious links in suspicious email messages.
+- A check is done across Exchange Online Protection ([EOP](exchange-online-protection-overview.md)) and ([Microsoft Defender for Office 365](defender-for-office-365.md)) to see if there are any other similar messages reported by users.
+- A check is done to see if a user has been compromised. This check leverages signals across Office 365, [Microsoft Cloud App Security](/cloud-app-security), and [Azure Active Directory](/azure/active-directory), correlating any related user activity anomalies.
+
+During the hunting phase, risks and threats are assigned to various hunting steps.
+
+Remediation is the final phase of the playbook. During this phase, remediation steps are taken, based on the investigation and hunting phases.
+
+## Example: A security administrator triggers an investigation from Threat Explorer
+
+In addition to automated investigations that are triggered by an alert, your organization's security operations team can trigger an automated investigation from a view in [Threat Explorer](threat-explorer.md). This investigation also creates an alert, so that Microsoft Defender Incidents and external SIEM tools can see that this investigation was triggered.
+
+For example, suppose that you are using the **Malware** view in Explorer. Using the tabs below the chart, you select the **Email** tab. If you select one or more items in the list, the **+ Actions** button activates.
+
+![Explorer with selected messages](../../media/Explorer-Malware-Email-ActionsInvestigate.png)
+
+Using the **Actions** menu, you can select **Trigger investigation**.
+
+![Actions menu for selected messages](../../media/explorer-malwareview-selectedemails-actions.jpg)
+
+Similar to playbooks triggered by an alert, automatic investigations that are triggered from a view in Explorer include a root investigation, steps to identify and correlate threats, and recommended actions to mitigate those threats.
+
+## Example: A security operations team integrates AIR with their SIEM using the Office 365 Management Activity API
+
+AIR capabilities in Microsoft Defender for Office 365 include [reports & details](air-view-investigation-results.md) that security operations teams can use to monitor and address threats. But you can also integrate AIR capabilities with other solutions. Examples include a security information and event management (SIEM) system, a case management system, or a custom reporting solution. These kinds of integrations can be done by using the [Office 365 Management Activity API](/office/office-365-management-api/office-365-management-activity-api-reference).
+
+For example, recently, an organization set up a way for their security operations team to view user-reported phish alerts that were already processed by AIR. Their solution integrates relevant alerts with the organization's SIEM server and their case-management system. The solution greatly reduces the number of false positives so that their security operations team can focus their time and effort on real threats. To learn more about this custom solution, see [Tech Community blog: Improve the Effectiveness of your SOC with Microsoft Defender for Office 365 and the O365 Management API](https://techcommunity.microsoft.com/t5/microsoft-security-and/improve-the-effectiveness-of-your-soc-with-office-365-atp-and/ba-p/1525185).
+
+## Next steps
+
+- [Get started using AIR](office-365-air.md)
+- [View pending or completed remediation actions](air-review-approve-pending-completed-actions.md)
security Azure Ip Protection Features https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-365-security/azure-ip-protection-features.md
+
+ Title: Protection features in Azure Information Protection rolling out to existing tenants
+f1.keywords:
+ - NOCSH
+++ Last updated : 6/29/2018
+audience: ITPro
++
+localization_priority: Normal
+search.appverid:
+ - MET150
+ms.assetid: 7ad6f58e-65d7-4c82-8e65-0b773666634d
+
+ - M365-security-compliance
+
+ - seo-marvel-apr2020
+description: This article explains the changes being rolled out to the protection features in Azure Information Protection
+ms.technology: mdo
++
+# Protection features in Azure Information Protection rolling out to existing tenants
++
+**Applies to**
+- [Microsoft Defender for Office 365 plan 2](defender-for-office-365.md)
+- [Microsoft 365 Defender](../defender/microsoft-365-defender.md)
+
+To help with the initial step in protecting your information, starting July 2018 all Azure Information Protection eligible tenants will have the protection features in Azure Information Protection turned on by default. The protection features in Azure Information Protection were formerly known in Office 365 as Rights Management or Azure RMS. If your organization has an Office E3 service plan or a higher service plan you will now get a head start protecting information through Azure Information Protection when we roll out these features.
+
+## Changes beginning July 1, 2018
+
+Starting July 1, 2018, Microsoft will enable the protection capability in Azure Information Protection for all organizations with one of the following subscription plans:
+
+- Office 365 Message Encryption is offered as part of Office 365 E3 and E5, Microsoft E3 and E5, Office 365 A1, A3, and A5, and Office 365 G3 and G5. You do not need additional licenses to receive the new protection capabilities powered by Azure Information Protection.
+
+- You can also add Azure Information Protection Plan 1 to the following plans to receive the new Office 365 Message Encryption capabilities: Exchange Online Plan 1, Exchange Online Plan 2, Office 365 F1, Microsoft 365 Business Basic, Microsoft 365 Business Standard, or Office 365 Enterprise E1.
+
+- Each user benefiting from Office 365 Message Encryption needs to be licensed to be covered by the feature.
+
+- For the full list, see the [Exchange Online service descriptions](/office365/servicedescriptions/exchange-online-service-description/exchange-online-service-description) for Office 365 Message Encryption.
+
+Tenant administrators can check the protection status in the Office 365 administrator portal.
+
+![Screenshot that shows that rights management in Office 365 is activated.](../../media/303453c8-e4a5-4875-b49f-e80c3eb7b91e.png)
+
+## Why are we making this change?
+
+Office 365 Message Encryption leverages the protection capabilities in Azure Information Protection. At the heart of the recent improvements to Office 365 Message Encryption and our broader investments to information protection in Microsoft 365, we are making it easier for organizations to turn on and use our protection capabilities, as historically, encryption technologies have been difficult to set up. By turning on the protection features in Azure Information Protection by default, you can quickly get started to protect your sensitive data.
+
+## Does this impact me?
+
+If your organization has purchased an eligible Office 365 license, then your tenant will be impacted by this change.
+
+> [!IMPORTANT]
+> If you're using Active Directory Rights Management Services (AD RMS) in your on-premises environment, you must either opt-out of this change immediately or migrate to Azure Information Protection before we roll out this change within the next 30 days. For information on how to opt-out, see "I use AD RMS, how do I opt out?" later in this article. If you prefer to migrate, see [Migrating from AD RMS to Azure Information Protection.](/azure/information-protection/plan-design/migrate-from-ad-rms-to-azure-rms).
+
+## Can I use Azure Information Protection with Active Directory Rights Management Services (AD RMS)?
+
+No. This is not a supported deployment scenario. Without taking the additional opt-out steps, some computers might automatically start using the Azure Rights Management service and also connect to your AD RMS cluster. This scenario isn't supported and has unreliable results, so it's important that you opt out of this change within the next 30 days before we roll out these new features. For information on how to opt-out, see "I use AD RMS, how do I opt out?" later in this article. If you prefer to migrate, see [Migrating from AD RMS to Azure Information Protection.](/azure/information-protection/plan-design/migrate-from-ad-rms-to-azure-rms)
+
+## How do I know if I'm using AD RMS?
+
+Use these instructions from [Preparing the environment for Azure Rights Management when you also have Active Directory Rights Management Services (AD RMS)](/azure/information-protection/deploy-use/prepare-environment-adrms) to check if you have deployed AD RMS:
+
+1. Although optional, most AD RMS deployments publish the service connection point (SCP) to Active Directory so that domain computers can discover the AD RMS cluster.
+
+ Use ADSI Edit to see whether you have an SCP published in Active Directory: CN=Configuration [server name], CN=Services, CN=RightsManagementServices, CN=SCP
+
+2. If you are not using an SCP, Windows computers that connect to an AD RMS cluster must be configured for client-side service discovery or licensing redirection by using the Windows registry: `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSIPC\ServiceLocation or HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MSIPC\ServiceLocation`.
+
+For more information about these registry configurations, see [Enabling client-side service discovery by using the Windows registry](/azure/information-protection/rms-client/client-deployment-notes#enabling-client-side-service-discovery-by-using-the-windows-registry) and [Redirecting licensing server traffic](/azure/information-protection/rms-client/client-deployment-notes#redirecting-licensing-server-traffic).
+
+## I use AD RMS, how do I opt out?
+
+To opt out of the upcoming change, complete these steps:
+
+1. Using a work or school account that has global administrator permissions in your organization, start a Windows PowerShell session and connect to Exchange Online. For instructions, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell).
+
+2. Run the Set-IRMConfiguration cmdlet using the following syntax:
+
+ ```powershell
+ Set-IRMConfiguration -AutomaticServiceUpdateEnabled $false
+ ```
+
+## What can I expect after this change has been made?
+
+Once this is enabled, provided you haven't opted out, you can start using the new version of Office 365 Message Encryption which was announced at [Microsoft Ignite 2017](https://techcommunity.microsoft.com/t5/Security-Privacy-and-Compliance/Email-Encryption-and-Rights-Protection/ba-p/110801) and leverages the encryption and protection capabilities of Azure Information Protection.
+
+![Screenshot that shows an OME protected message in Outlook on the web.](../../media/599ca9e7-c05a-429e-ae8d-359f1291a3d8.png)
+
+For more information about the new enhancements, see [Office 365 Message Encryption](../../compliance/ome.md).
security Backscatter Messages And Eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-365-security/backscatter-messages-and-eop.md
+
+ Title: Backscatter in EOP
+f1.keywords:
+ - NOCSH
+++ Last updated :
+audience: ITPro
++
+localization_priority: Normal
+search.appverid:
+ - MET150
+ms.assetid: 6f64f2de-d626-48ed-8084-03cc72301aa4
+
+ - M365-security-compliance
+
+ - seo-marvel-apr2020
+description: In this article, you'll learn about Backscatter and Microsoft Exchange Online Protection (EOP)
+ms.technology: mdo
++
+# Backscatter in EOP
++
+**Applies to**
+- [Exchange Online Protection](exchange-online-protection-overview.md)
+- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
+- [Microsoft 365 Defender](../defender/microsoft-365-defender.md)
+
+*Backscatter* is non-delivery reports (also known as NDRs or bounce messages) you receive for messages that you didn't send. Spammers forge (spoof) the From: address of their messages, and they often use real email addresses to lend credibility to their messages. So, when spammers inevitably send messages to non-existent recipients (spam is a high-volume operation), the destination email server is essentially tricked into returning the undeliverable message in an NDR to the forged sender in the From: address.
+
+In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, EOP makes every effort to identify and silently drop messages from dubious sources without generating an NDR. But, based on the sheer volume email flowing through the service, there's always the possibility that EOP will unintentionally send backscatter.
+
+Backscatterer.org maintains a block list (also known as a DNS block list or DNSBL) of email servers that were responsible for sending backscatter, and EOP servers might appear on this list. But, we don't try to remove ourselves from the Backscatterer.org block list because it isn't a list of spammers (by their own admission).
+
+> [!TIP]
+> The Backscatter.org website (<http://www.backscatterer.org/?target=usage>) recommends using their service to check incoming email in Safe mode instead of Reject mode (large email services almost always send some backscatter).
security Best Practices For Configuring Eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-365-security/best-practices-for-configuring-eop.md
+
+ Title: Best practices for configuring EOP
+f1.keywords:
+ - NOCSH
+++
+audience: ITPro
++
+localization_priority: Normal
+ms.assetid: faf1efd1-3b0c-411a-804d-17f37292eac0
+description: Follow these best-practice recommendations for standalone Exchange Online Protection (EOP) in order to set yourself up for success and avoid common configuration errors.
+ms.technology: mdo
++
+# Best practices for configuring standalone EOP
++
+**Applies to**
+- [Exchange Online Protection standalone](exchange-online-protection-overview.md)
+
+Follow these best-practice recommendations for standalone Exchange Online Protection (EOP) in order to set yourself up for success and avoid common configuration errors. This topic assumes that you've already completed the setup process. If you haven't completed EOP setup, see [Set up your EOP service](set-up-your-eop-service.md).
+
+## Use a test domain
+
+We recommend that you use a test domain, subdomain, or low volume domain for trying out service features before implementing them on your higher-volume, production domains.
+
+## Synchronize recipients
+
+If your organization has existing user accounts in an on-premises Active Directory environment, you can synchronize those accounts to Azure Active Directory in the cloud. Using directory synchronization is recommended. To learn more about the benefits of using directory synchronization, and the steps for setting it up, see [Manage mail users in EOP](manage-mail-users-in-eop.md).
+
+## Recommended settings
+
+We empower security admins to customize their security settings to satisfy the needs of their organization. Although, as a general rule, there are two security levels in EOP and Microsoft Defender for Office 365 that we recommend: Standard and Strict. These settings are listed in the [Recommended settings for EOP and Microsoft Defender for Office 365 security](recommended-settings-for-eop-and-office365.md).
+
+### Miscellaneous/non-policy settings
+
+These settings cover a range of features that are outside of security policies.
+
+<br>
+
+****
+
+|Security feature name|Standard|Strict|Comment|
+|||||
+|[Set up SPF to help prevent spoofing](set-up-spf-in-office-365-to-help-prevent-spoofing.md)|Yes|Yes||
+|[Use DKIM to validate outbound email sent from your custom domain in Office 365](use-dkim-to-validate-outbound-email.md)|Yes|Yes||
+|[Use DMARC to validate email in Office 365](use-dmarc-to-validate-email.md)|Yes|Yes|Use `action=quarantine` for Standard, and `action=reject` for Strict.|
+|Deploy the [Report Message add-in](enable-the-report-message-add-in.md) or the [Report Phishing add-in](enable-the-report-phish-add-in.md) to improve end-user reporting of suspicious email|Yes|Yes||
+|Schedule Malware and Spam Reports|Yes|Yes||
+|Auto-forwarding to external domains should be disallowed or monitored|Yes|Yes||
+|Unified Auditing should be enabled|Yes|Yes||
+|[IMAP connectivity to mailbox](/Exchange/clients-and-mobile-in-exchange-online/pop3-and-imap4/enable-or-disable-pop3-or-imap4-access)|Disabled|Disabled||
+|[POP connectivity to mailbox](/Exchange/clients-and-mobile-in-exchange-online/pop3-and-imap4/enable-or-disable-pop3-or-imap4-access)|Disabled|Disabled||
+|Authenticated SMTP submission|Disabled|Disabled|Authenticated client SMTP submission (also known as client SMTP submission or SMTP AUTH) is required for POP3 and IMAP4 clients and applications and devices that generate and send email. <p> For instructions to enable and disable SMTP AUTH globally or selectively, see [Enable or disable authenticated client SMTP submission in Exchange Online](/exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission).|
+|EWS connectivity to mailbox|Disabled|Disabled|Outlook uses Exchange Web Services for free/busy, out-of-office settings, and calendar sharing. If you can't disable EWS globally, you have the following options: <ul><li>Use [Authentication policies](/exchange/clients-and-mobile-in-exchange-online/disable-basic-authentication-in-exchange-online) to prevent EWS from using Basic authentication if your clients support modern authentication (modern auth).</li><li>Use [Client Access Rules](https://docs.microsoft.com/exchange/clients-and-mobile-in-exchange-online/client-access-rules/client-access-rules) to limit EWS to specific users or source IP addresses.</li><li>Control EWS access to specific applications globally or per user. For instructions, see [Control access to EWS in Exchange](/exchange/client-developer/exchange-web-services/how-to-control-access-to-ews-in-exchange).</li></ul> <p> The [Report message add-in](enable-the-report-message-add-in.md) and the [Report phishing add-in](enable-the-report-phish-add-in.md) uses REST by default in supported environments, but will fall back to EWS if REST isn't available. The supported environments that use REST are:<ul><li>Exchange Online</li><li>Exchange 2019 or Exchange 2016</li><li>Current Outlook for Windows from a Microsoft 365 subscription or one-time purchase Outlook 2019.</li><li>Current Outlook for Mac from a Microsoft 365 subscription or one-time purchase Outlook for Mac 2016 or later.</li><li>Outlook for iOS and Android</li><li>Outlook on the web</li></ul>|
+|[PowerShell connectivity](/powershell/exchange/disable-access-to-exchange-online-powershell)|Disabled|Disabled|Available for mailbox users or mail users (user objects returned by the [Get-User](/powershell/module/exchange/get-user) cmdlet).|
+|Use [spoof intelligence](learn-about-spoof-intelligence.md) to add senders to your allow list|Yes|Yes||
+|[Directory-Based Edge Blocking (DBEB)](/Exchange/mail-flow-best-practices/use-directory-based-edge-blocking)|Enabled|Enabled|Domain Type = Authoritative|
+|[Set up multi-factor authentication for all admin accounts](../../admin/security-and-compliance/set-up-multi-factor-authentication.md)|Enabled|Enabled||
+|
+
+## Troubleshooting
+
+Troubleshoot general issues and trends by using the reports in the admin center. Find single point specific data about a message by using the message trace tool. Learn more about reporting at [Reporting and message trace in Exchange Online Protection](reporting-and-message-trace-in-exchange-online-protection.md). Learn more about the message trace tool at [Message trace in the Security & Compliance Center](message-trace-scc.md).
+
+## Report false positives and false negatives to Microsoft
+
+To help improve spam filtering in the service for everyone, you should report false positives (good email marked as bad) and false negatives (bad email allowed) to Microsoft for analysis. For more information, see [Report messages and files to Microsoft](report-junk-email-messages-to-microsoft.md).
+
+## Create mail flow rules
+
+Create mail flow rules (also known as transport rules) or custom filters to meet your business needs.
+
+When you deploy a new rule to production, select one of the test modes first to see the effect of the rule. Once you are satisfied that the rule is working in the manner intended, change the rule mode to **Enforce**.
+
+When you deploy new rules, consider adding the additional action of **Generate Incident Report** to monitor the rule in action.
+
+In hybrid environments where your organization includes both on-premises Exchange and Exchange Online, consider the conditions that you use in mail flow rules. If you want the rules to apply to the entire organization, be sure to use conditions that are available in both on-premises Exchange and in Exchange Online. While most conditions are available in both environments, there are a few that are only available in one environment or the other. Learn more at [Mail flow rules (transport rules) in Exchange Online](/exchange/security-and-compliance/mail-flow-rules/mail-flow-rules).
security Bulk Complaint Level Values https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-365-security/bulk-complaint-level-values.md
+
+ Title: Bulk complaint level values
+f1.keywords:
+ - NOCSH
+++ Last updated :
+audience: ITPro
++
+localization_priority: Normal
+search.appverid:
+ - MET150
+ms.assetid: a5b03b3c-37dd-429e-8e9b-2c1b25031794
+
+ - M365-security-compliance
+description: Admins can learn about bulk compliance level (BCL) values that are used in Exchange Online Protection (EOP).
+ms.technology: mdo
++
+# Bulk complaint level (BCL) in EOP
++
+**Applies to**
+- [Exchange Online Protection](exchange-online-protection-overview.md)
+- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
+- [Microsoft 365 Defender](../defender/microsoft-365-defender.md)
+
+In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, EOP assigns a bulk compliant level (BCL) to inbound messages from bulk mailers. The BCL is added to the message in an X-header and is similar to the [spam confidence level (SCL)](spam-confidence-levels.md) that's used to identify messages as spam. A higher BCL indicates a bulk message is more likely to generate complaints (and is therefore more likely to be spam). Microsoft uses both internal and third party sources to identify bulk mail and determine the appropriate BCL.
+
+Bulk mailers vary in their sending patterns, content creation, and recipient acquisition practices. Good bulk mailers send desired messages with relevant content to their subscribers. These messages generate few complaints from recipients. Other bulk mailers send unsolicited messages that closely resemble spam and generate many complaints from recipients. Messages from a bulk mailer are known as bulk mail or gray mail.
+
+ Spam filtering marks messages as **Bulk email** based on the BCL threshold (the default value or a value you specify) and takes the specified action on the message (the default action is deliver the message to the recipient's Junk Email folder). For more information, see [Configure anti-spam policies](configure-your-spam-filter-policies.md) and [What's the difference between junk email and bulk email?](what-s-the-difference-between-junk-email-and-bulk-email.md)
+
+The BCL thresholds are described in the following table.
+
+****
+
+|BCL|Description|
+|::||
+|0|The message isn't from a bulk sender.|
+|1, 2, 3|The message is from a bulk sender that generates few complaints.|
+|4, 5, 6, 7<sup>\*</sup>|The message is from a bulk sender that generates a mixed number of complaints.|
+|8, 9|The message is from a bulk sender that generates a high number of complaints.|
+|
+
+<sup>\*</sup> This is the default threshold value that's used in anti-spam policies.
security Campaigns https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-365-security/campaigns.md
+
+ Title: Campaign Views in Microsoft Defender for Office 365 Plan
+f1.keywords:
+ - NOCSH
++++ Last updated :
+audience: ITPro
++
+localization_priority: Normal
+search.appverid:
+ - MET150
+ms.assetid:
+
+ - M365-security-compliance
+ - m365initiative-defender-office365
+description: Learn about Campaign Views in Microsoft Defender for Office 365.
+ms.technology: mdo
++
+# Campaign Views in Microsoft Defender for Office 365
++
+**Applies to**
+- [Microsoft Defender for Office 365 plan 2](defender-for-office-365.md)
+
+Campaign Views is a feature in Microsoft Defender for Office 365 Plan 2 (for example Microsoft 365 E5 or organizations with an Defender for Office 365 Plan 2 add-on). Campaign Views in the Security & Compliance Center identifies and categorizes phishing attacks in the service. Campaign Views can help you to:
+
+- Efficiently investigate and respond to phishing attacks.
+- Better understand the scope of the attack.
+- Show value to decision makers.
+
+Campaign Views lets you see the big picture of an attack faster and more complete than any human.
+
+## What is a campaign?
+
+A campaign is a coordinated email attack against one or many organizations. Email attacks that steal credentials and company data are a large and lucrative industry. As technologies increase in an effort to stop attacks, attackers modify their methods in an effort to ensure continued success.
+
+Microsoft leverages the vast amounts of anti-phishing, anti-spam, and anti-malware data across the entire service to help identify campaigns. We analyze and classify the attack information according to several factors. For example:
+
+- **Attack source**: The source IP addresses and sender email domains.
+- **Message properties**: The content, style, and tone of the messages.
+- **Message recipients**: How recipients are related. For example, recipient domains, recipient job functions (admins, executives, etc.), company types (large, small, public, private, etc.), and industries.
+- **Attack payload**: Malicious links, attachments, or other payloads in the messages.
+
+A campaign might be short-lived, or could span several days, weeks, or months with active and inactive periods. A campaign might be launched against your specific organization, or your organization might be part of a larger campaign across multiple companies.
+
+## Campaign Views in the Security & Compliance Center
+
+Campaign Views is available in the [Security & Compliance Center](https://protection.office.com) at **Threat management** \> **Campaigns**, or directly at <https://protection.office.com/campaigns>.
+
+![Campaigns overview in the Security & Compliance Center](../../media/campaigns-overview.png)
+
+You can also get to Campaign Views from:
+
+- **Threat management** \> **Explorer** \> **View** \> **Campaigns**
+- **Threat management** \> **Explorer** \> **View** \> **All email** \> **Campaign** tab
+- **Threat management** \> **Explorer** \> **View** \> **Phish** \> **Campaign** tab
+- **Threat management** \> **Explorer** \> **View** \> **Malware** \> **Campaign** tab
+
+To access Campaign Views, you need to be a member of the **Organization Management**, **Security Administrator**, or **Security Reader** role groups in the Security & Compliance Center. For more information, see [Permissions in the Security & Compliance Center](permissions-in-the-security-and-compliance-center.md).
+
+## Campaigns overview
+
+The overview page shows information about all campaigns.
+
+On the default **Campaign** tab, the **Campaign type** area shows a bar graph that shows the number of recipients per day. By default, the graph shows both **Phish** and **Malware** data.
+
+> [!TIP]
+> If you don't see any campaign data, try changing the date range or [filters](#filters-and-settings).
+
+The rest of the overview page shows the following information on the **Campaign** tab:
+
+- **Name**
+
+- **Sample subject**: The subject line of one of the messages in the campaign. Note that all messages in the campaign will not necessarily have the same subject.
+
+- **Targeted**: The percentage as calculated by: (the number of campaign recipients in your organization) / (the total number of recipients in the campaign across all organizations in the service). This value indicates the degree to which the campaign is directed only at your organization (a higher value) vs. also directed at other organizations in the service (a lower value).
+
+- **Type**: This value is either **Phish** or **Malware**.
+
+- **Subtype**: This value contains more details about the campaign. For example:
+ - **Phish**: Where available, the brand that is being phished by this campaign. For example, `Microsoft`, `365`, `Unknown`, `Outlook`, or `DocuSign`.
+ - **Malware**: For example, `HTML/PHISH` or `HTML/<MalwareFamilyName>`.
+
+ Where available, the brand that is being phished by this campaign. When the detection is driven by Defender for Office 365 technology, the prefix **ATP-** is added to the subtype value.
+
+- **Recipients**: The number of users that were targeted by this campaign.
+
+- **Inboxed**: The number of users that received messages from this campaign in their Inbox (not delivered to their Junk Email folder).
+
+- **Clicked**: The number of users that clicked on the URL or opened the attachment in the phishing message.
+
+- **Click rate**: The percentage as calculated by "**Clicked** / **Inboxed**". This value is an indicator of the effectiveness of the campaign. In other words, if the recipients were able to identify the message as phishing, and if they didn't click on the payload URL.
+
+ Note that **Click rate** isn't used in malware campaigns.
+
+- **Visited**: How many users actually made it through to the payload website. If there are **Clicked** values, but Safe Links blocked access to the website, this value will be zero.
+
+The **Campaign origin** tab shows the message sources on a map of the world.
+
+### Filters and settings
+
+At the top of the Campaign Views page, there are several filter and query settings to help you find and isolate specific campaigns.
+
+![Campaign filters](../../media/campaign-filters-and-settings.png)
+
+The most basic filtering that you can do is the start date/time and the end date/time.
+
+To further filter the view, you can do single property with multiple values filtering by clicking the **Campaign type** button, making your selection, and then clicking **Refresh**.
+
+The filterable campaign properties that are available in the **Campaign type** button are described in the following list:
+
+- **Basic**:
+ - **Campaign type**: Select **Malware** or **Phish**. Clearing the selections has the same result as selecting both.
+ - **Campaign name**
+ - **Campaign subtype**
+ - **Sender**
+ - **Recipients**
+ - **Sender domain**
+ - **Subject**
+ - **Attachment filename**
+ - **Malware family**
+ - **Tags**: Users or groups that have had the specified user tag applied (including priority accounts). For more information about user tags, see [User tags](user-tags.md).
+ - **System overrides**
+ - **Delivery action**
+ - **Additional action**
+ - **Directionality**
+ - **Detection technology**
+ - **Original delivery location**
+ - **Latest delivery location**
+ - **System overrides**
+
+- **Advanced**:
+ - **Internet message ID**: Available in the **Message-ID** header field in the message header. An example value is `<08f1e0f6806a47b4ac103961109ae6ef@server.domain>` (note the angle brackets).
+ - **Network message ID**: A GUID value that's available in the **X-MS-Exchange-Organization-Network-Message-Id** header field in the message header.
+ - **Sender IP**
+ - **Attachment SHA256**: To find the SHA256 hash value of a file in Windows, run the following command in a Command Prompt: `certutil.exe -hashfile "<Path>\<Filename>" SHA256`.
+ - **Cluster ID**
+ - **Alert Policy ID**
+ - **ZAP URL signal**
+
+- **URLs**:
+ - **URL domain**
+ - **URL domain and path**
+ - **URL**
+ - **URL path**
+ - **Click verdict**
+
+For more advanced filtering, including filtering by multiple properties, you can click the **Advanced filter** button to build a query. The same campaign properties are available, but with the following enhancements:
+
+- You can click **Add a condition** to select multiple conditions.
+- You can choose the **And** or **Or** operator between conditions.
+- You can select the **Condition group** item at the bottom of the conditions list to form complex compound conditions.
+
+When you're finished, click the **Query** button.
+
+After you create a basic or advanced filter, you can save it by using **Save query** or **Save query as**. Later, when you return to Campaign Views, you can load a saved filter by clicking **Saved query settings**.
+
+To export the graph or the list of campaigns, click **Export** and select **Export chart data** or **Export campaign list**.
+
+If you have a Microsoft Defender for Endpoint subscription, you can click **MDE Settings** to connect or disconnect the campaigns information with Microsoft Defender for Endpoint. For more information, see [Integrate Microsoft Defender for Office 365 with Microsoft Defender for Endpoint](integrate-office-365-ti-with-mde.md).
+
+## Campaign details
+
+When you click on the name of a campaign, the campaign details appear in a flyout.
+
+### Campaign information
+
+At the top of the campaign details view, the following campaign information is available:
+
+- **ID**: The unique campaign identifier.
+
+- **Started** and **Ended**: The start date and end date of the campaign. Note that these dates might extend further than your filter dates that you selected on the overview page.
+
+- **Impact**: This section contains the following data for the date range filter you selected (or that you select in the timeline):
+ - The total number of recipients.
+ - The number of messages that were "Inboxed" (that is, delivered to the Inbox, not to the Junk Email folder).
+ - How many users clicked on the URL payload in the phishing message.
+ - Howe many users visited the URL.
+
+- **Targeted**: The percentage as calculated by: (the number of campaign recipients in your organization) / (the total number of recipients in the campaign across all organizations in the service). Note that this value is calculated over the entire lifetime of the campaign, and doesn't change based on date filters.
+
+- An interactive timeline of campaign activity: The timeline shows activity over the entire lifetime of the campaign. By default, the shaded area includes the date range filter that you selected in the overview. You can click and drag to select a specific start point and end point, <u>which will change the data that's displayed in **Impact** area, and on the rest of the page as described in the next sections</u>.
+
+In the title bar, you can click the **Download campaign write-up** button ![Download campaign write-up icon](../../media/download-campaign-write-up-button.png) to download the campaign details to a Word document (by default, named CampaignReport.docx). Note that the download contains details over the entire lifetime of the campaign (not just the filter dates you selected).
+
+![Campaign information](../../media/campaign-details-campaign-info.png)
+
+### Campaign flow
+
+In the middle of the campaign details view, important details about the campaign are presented in the **Flow** section in a horizontal flow diagram (known as a _Sankey_ diagram). These details will help you to understand the elements of the campaign and the potential impact in your organization.
+
+> [!TIP]
+> The information that's displayed in the **Flow** diagram is controlled by the shaded date range in the timeline as described in the previous section.
+
+![Campaign details that don't contain user URL clicks](../../media/campaign-details-no-recipient-actions.png)
+
+If you hover over a horizontal band in the diagram, you'll see the number of related messages (for example, messages from a particular source IP, messages from the source IP using the specified sender domain, etc.).
+
+The diagram contains the following information:
+
+- **Sender IPs**
+- **Sender domains**
+- **Filter verdicts**: Verdict values are related to the available phishing and spam filtering verdicts as described in [Anti-spam message headers](anti-spam-message-headers.md). The available values are described in the following table:
+
+ ****
+
+ |Value|Spam filter verdict|Description|
+ ||||
+ |**Allowed**|`SFV:SKN` <p> `SFV:SKI`|The message was marked as not spam and/or skipped filtering before being evaluated by spam filtering. For example, the message was marked as not spam by a mail flow rule (also known as a transport rule). <p> The message skipped spam filtering for other reasons. For example, the sender and recipient appear to be in the same organization.|
+ |**Blocked**|`SFV:SKS`|The message was marked as spam before being evaluated by spam filtering. For example, by a mail flow rule.|
+ |**Detected**|`SFV:SPM`|The message was marked as spam by spam filtering.|
+ |**Not Detected**|`SFV:NSPM`|The message was marked as not spam by spam filtering.|
+ |**Released**|`SFV:SKQ`|The message skipped spam filtering because it was released from quarantine.|
+ |**Tenant Allow**<sup>\*</sup>|`SFV:SKA`|The message skipped spam filtering because of the settings in an anti-spam policy. For example, the sender was in the allowed sender list or allowed domain list.|
+ |**Tenant Block**<sup>\*\*</sup>|`SFV:SKA`|The message was blocked by spam filtering because of the settings in an anti-spam policy. For example, the sender was in the allowed sender list or allowed domain list.|
+ |**User Allow**<sup>\*</sup>|`SFV:SFE`|The message skipped spam filtering because the sender was in a user's Safe Senders list.|
+ |**User Block**<sup>\*\*</sup>|`SFV:BLK`|The message was blocked by spam filtering because the sender was in a user's Blocked Senders list.|
+ |**ZAP**|n/a|[Zero-hour auto purge (ZAP)](zero-hour-auto-purge.md) moved the delivered message to the Junk Email folder or quarantine. You configure the action in your anti-spam policy.|
+ |
+
+ <sup>\*</sup> Review your anti-spam policies, because the allowed message would have likely been blocked by the service.
+
+ <sup>\*\*</sup> Review your anti-spam policies, because these messages should be quarantined, not delivered.
+
+- **Delivery locations**: You'll likely want to investigate messages that were delivered to recipients (either to the Inbox or the Junk Email folder), even if users didn't click on the payload URL in the message. You can also remove the quarantined messages from quarantine. For more information, see [Quarantined email messages in EOP](quarantine-email-messages.md).
+ - **Deleted folder**
+ - **Dropped**
+ - **External**: The recipient is located in your on-premises email organization in hybrid environments.
+ - **Failed**
+ - **Forwarded**
+ - **Inbox**
+ - **Junk folder**
+ - **Quarantine**
+ - **Unknown**
+
+- **URL clicks**: These values are described in the next section.
+
+> [!NOTE]
+> In all layers that contain more than 10 items, the top 10 items are shown, while the rest are bundled together in **Others**.
+
+#### URL clicks
+
+When a phishing message is delivered to a recipient's Inbox or Junk Email folder, there's always a chance that the user will click on the payload URL. Not clicking on the URL is a small measure of success, but you need to determine why the phishing message was even delivered to the mailbox.
+
+If a user clicked on the payload URL in the phishing message, the actions are displayed in the **URL clicks** area of the diagram in the campaign details view.
+
+- **Allowed**
+- **BlockPage**: The recipient clicked on the payload URL, but their access to the malicious website was blocked by a [Safe Links](safe-links.md) policy in your organization.
+- **BlockPageOverride**: The recipient clicked on the payload URL in the message, Safe Links tried to stop them, but they were allowed to override the block. Inspect your [Safe Links policies](set-up-safe-links-policies.md) to see why users are allowed to override the Safe Links verdict and continue to the malicious website.
+- **PendingDetonationPage**: Safe Attachments in Microsoft Defender for Office 365 is in the process of opening and investigating the payload URL in a virtual computer environment.
+- **PendingDetonationPageOverride**: The recipient was allowed to override the payload detonation process and open the URL without waiting for the results.
+
+### Tabs
+
+The tabs in the campaign details view allow you to further investigate the campaign.
+
+> [!TIP]
+> The information that's displayed on the tabs is controlled by the shaded date range in the timeline as described in [Campaign information](#campaign-information) section.
+
+- **URL clicks**: If users didn't click on the payload URL in the message, this section will be blank. If a user was able to click on the URL, the following values will be populated:
+ - **User**<sup>\*</sup>
+ - **URL**<sup>\*</sup>
+ - **Click time**
+ - **Click verdict**
+
+- **Sender IPs**
+ - **Sender IP**<sup>\*</sup>
+ - **Total count**
+ - **Inboxed**
+ - **Not Inboxed**
+ - **SPF passed**: The sender was authenticated by the [Sender Policy Framework (SPF)](how-office-365-uses-spf-to-prevent-spoofing.md). A sender that doesn't pass SPF validation indicates an unauthenticated sender, or the message is spoofing a legitimate sender.
+
+- **Senders**
+ - **Sender**: This is the actual sender address in the SMTP MAIL FROM command, which is not necessarily the From: email address that users see in their email clients.
+ - **Total count**
+ - **Inboxed**
+ - **Not Inboxed**
+ - **DKIM passed**: The sender was authenticated by [Domain Keys Identified Mail (DKIM)](support-for-validation-of-dkim-signed-messages.md). A sender that doesn't pass DKIM validation indicates an unauthenticated sender, or the message is spoofing a legitimate sender.
+ - **DMARC passed**: The sender was authenticated by [Domain-based Message Authentication, Reporting, and Conformance (DMARC)](use-dmarc-to-validate-email.md). A sender that doesn't pass DMARC validation indicates an unauthenticated sender, or the message is spoofing a legitimate sender.
+
+- **Attachments**
+ - **Filename**
+ - **SHA256**
+ - **Malware family**
+ - **Total count**
+
+- **URL**
+ - **URL**<sup>\*</sup>
+ - **Total Count**
+
+<sup>\*</sup> Clicking on this value opens a new flyout that contains more details about the specified item (user, URL, etc.) on top of the campaign details view. To return to the campaign details view, click **Done** in the new flyout.
+
+### Buttons
+
+The buttons in the campaign details view allow you to use the power of Threat Explorer to further investigate the campaign.
+
+- **Explore campaign**: Opens a new Threat Explorer search tab using the **Campaign ID** value as the search filter.
+- **Explore Inboxed messages**: Opens a new Threat Explorer search tab using the **Campaign ID** and **Delivery location: Inbox** as the search filter.
security Configuration Analyzer For Security Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-365-security/configuration-analyzer-for-security-policies.md
+
+ Title: Configuration analyzer for security policies
+f1.keywords:
+ - NOCSH
++++ Last updated :
+audience: ITPro
++
+localization_priority: Normal
+search.appverid:
+ - MET150
+ms.assetid:
+
+ - M365-security-compliance
+description: Admins can learn how to use the configuration analyzer to find and fix security policies that are below the Standard protection and Strict protection preset security policies.
+ms.technology: mdo
++
+# Configuration analyzer for protection policies in EOP and Microsoft Defender for Office 365
++
+**Applies to**
+- [Exchange Online Protection](exchange-online-protection-overview.md)
+- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
+- [Microsoft 365 Defender](../defender/microsoft-365-defender.md)
+
+Configuration analyzer in the Security & Compliance center provides a central location to find and fix security policies where the settings are below the Standard protection and Strict protection profile settings in [preset security policies](preset-security-policies.md).
+
+The following types of policies are analyzed by the configuration analyzer:
+
+- **Exchange Online Protection (EOP) policies**: This includes Microsoft 365 organizations with Exchange Online mailboxes and standalone EOP organizations without Exchange Online mailboxes:
+
+ - [Anti-spam policies](configure-your-spam-filter-policies.md).
+ - [Anti-malware policies](configure-anti-malware-policies.md).
+ - [EOP Anti-phishing policies](set-up-anti-phishing-policies.md#spoof-settings).
+
+- **Microsoft Defender for Office 365 policies**: This includes organizations with Microsoft 365 E5 or Defender for Office 365 add-on subscriptions:
+
+ - Anti-phishing policies in Microsoft Defender for Office 365, which include:
+
+ - The same [spoof settings](set-up-anti-phishing-policies.md#spoof-settings) that are available in the EOP anti-phishing policies.
+ - [Impersonation settings](set-up-anti-phishing-policies.md#impersonation-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365)
+ - [Advanced phishing thresholds](set-up-anti-phishing-policies.md#advanced-phishing-thresholds-in-anti-phishing-policies-in-microsoft-defender-for-office-365)
+
+ - [Safe Links policies](set-up-safe-links-policies.md).
+
+ - [Safe Attachments policies](set-up-safe-attachments-policies.md).
+
+The **Standard** and **Strict** policy setting values that are used as baselines are described in [Recommended settings for EOP and Microsoft Defender for Office 365 security](recommended-settings-for-eop-and-office365.md).
+
+## What do you need to know before you begin?
+
+- You open the Security & Compliance Center at <https://protection.office.com/>. To go directly to the **Configuration analyzer** page, use <https://protection.office.com/configurationAnalyzer>.
+
+- To connect to Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell).
+
+- You need to be assigned permissions in the Security & Compliance Center before you can do the procedures in this article:
+ - To use the configuration analyzer **and** make updates to security policies, you need to be a member of the **Organization Management** or **Security Administrator** role groups.
+ - For read-only access to the configuration analyzer, you need to be a member of the **Global Reader** or **Security Reader** role groups.
+
+ For more information, see [Permissions in the Security & Compliance Center](permissions-in-the-security-and-compliance-center.md).
+
+ > [!NOTE]
+ >
+ > - Adding users to the corresponding Azure Active Directory role in the Microsoft 365 admin center gives users the required permissions in the Security & Compliance Center _and_ permissions for other features in Microsoft 365. For more information, see [About admin roles](../../admin/add-users/about-admin-roles.md).
+ >
+ > - The **View-Only Organization Management** role group in [Exchange Online](/Exchange/permissions-exo/permissions-exo#role-groups) also gives read-only access to the feature.
+
+## Use the configuration analyzer in the Security & Compliance Center
+
+In the Security & Compliance Center, go to **Threat management** \> **Policy** \> **Configuration analyzer**.
+
+![Configuration analyzer widget on the Threat management \> Policy page](../../media/configuration-analyzer-widget.png)
+
+The configuration analyzer has two main tabs:
+
+- **Settings and recommendations**: You pick Standard or Strict and compare those settings to your existing security policies. In the results, you can adjust the values of your settings to bring them up to the same level as Standard or Strict.
+
+- **Configuration drift analysis and history**: This view allows you to track policy changes over time.
+
+### Setting and recommendations tab in the configuration analyzer
+
+By default, the tab opens on the comparison to the Standard protection profile. You can switch to the comparison of the Strict protection profile by clicking **View Strict recommendations**. To switch back, select **View Standard recommendations**.
+
+![Settings and recommendations view in the Configuration analyzer](../../media/configuration-analyzer-settings-and-recommendations-view.png)
+
+By default, the **Policy group/setting name** column contains a collapsed view of the different types of security policies and the number of settings that need improvement (if any). The types of policies are:
+
+- **Anti-spam**
+- **Anti-phishing**
+- **Anti-malware**
+- **ATP Safe Attachments** (if your subscription includes Microsoft Defender for Office 365)
+- **ATP Safe Links** (if your subscription includes Microsoft Defender for Office 365)
+
+In the default view, everything is collapsed. Next to each policy, there's a summary of comparison results from your policies (which you can modify) and the settings in the corresponding policies for the Standard or Strict protection profiles (which you can't modify). You'll see the following information for the protection profile that you're comparing to:
+
+- **Green**: All settings in all existing policies are at least as secure as the protection profile.
+- **Amber**: A small number of settings in the existing policies are not as secure as the protection profile.
+- **Red**: A significant number of settings in the existing policies are not as secure as the protection profile. This could be a few settings in many policies or many settings in one policy.
+
+For favorable comparisons, you'll see the text: **All settings follow** \<**Standard** or **Strict**\> **recommendations**. Otherwise, you'll see the number of recommended settings to change.
+
+If you expand **Policy group/setting name**, all of the policies and the associated settings in each specific policy that require attention are revealed. Or, you can expand a specific type of policy (for example, **Anti-spam**) to see just those settings in those types of policies that require your attention.
+
+If the comparison has no recommendations for improvement (green), expanding the policy reveals nothing. If there are any number of recommendations for improvement (amber or red), the settings that require attention are revealed, and corresponding information is revealed in the following columns:
+
+- The name of the setting that requires your attention. For example, in the previous screenshot, it's the **Bulk email threshold** in an anti-spam policy.
+
+- **Policy**: The name of the affected policy that contains the setting.
+
+- **Applied to**: The number of users that the affected policies are applied to.
+
+- **Current configuration**: The current value of the setting.
+
+- **Last modified**: The date that the policy was last modified.
+
+- **Recommendations**: The value of the setting in the Standard or Strict protection profile. To change the value of the setting in your policy to match the recommended value in the protection profile, click **Adopt**. If the change is successful, you'll see the message: **Recommendations successfully adopted**. Click **Refresh** to see the reduced number of recommendations, and the removal of the specific setting/policy row from the results.
+
+### Configuration drift analysis and history tab in the configuration analyzer
+
+This tab allows you to track the changes that you've made to your custom security policies. By default, the following information is displayed:
+
+- **Last modified**
+- **Modified by**
+- **Setting Name**
+- **Policy**
+- **Type**
+
+To filter the results, click **Filter**. In the **Filters** flyout that appears, you can select from the following filters:
+
+- **Start time** and **End time** (date)
+- **Standard protection** or **Strict protection**
+
+To export the results to a .csv file, click **Export**.
+
+![Configuration drift analysis and history view in the Configuration analyzer](../../media/configuration-analyzer-configuration-drift-analysis-view.png)
security Configure Anti Malware Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-365-security/configure-anti-malware-policies.md
+
+ Title: Configure anti-malware policies
+f1.keywords:
+ - NOCSH
+++ Last updated :
+audience: ITPro
++
+localization_priority: Normal
+search.appverid:
+ - MET150
+ms.assetid: b0cfc21f-e3c6-41b6-8670-feb2b2e252e5
+
+ - M365-security-compliance
+ - m365initiative-defender-office365
+description: Admins can learn how to view, create, modify, and remove anti-malware policies in Exchange Online Protection (EOP).
+
+ms.technology: mdo
++
+# Configure anti-malware policies in EOP
++
+**Applies to**
+- [Exchange Online Protection](exchange-online-protection-overview.md)
+- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
+- [Microsoft 365 Defender](../defender/microsoft-365-defender.md)
+
+In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, email messages are automatically protected against malware by EOP. EOP uses anti-malware policies for malware protection settings. For more information, see [Anti-malware protection](anti-malware-protection.md).
+
+Admins can view, edit, and configure (but not delete) the default anti-malware policy to meet the needs of their organizations. For greater granularity, you can also create custom anti-malware policies that apply to specific users, groups, or domains in your organization. Custom policies always take precedence over the default policy, but you can change the priority (running order) of your custom policies.
+
+You can configure anti-malware policies in the Security & Compliance Center or in PowerShell (Exchange Online PowerShell for Microsoft 365 organizations with mailboxes in Exchange Online; standalone EOP PowerShell for organizations without Exchange Online mailboxes).
+
+## What do you need to know before you begin?
+
+- You open the Security & Compliance Center at <https://protection.office.com/>. To go directly to the **Anti-malware** page, use <https://protection.office.com/antimalware>.
+
+- To connect to Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell). To connect to standalone EOP PowerShell, see [Connect to Exchange Online Protection PowerShell](/powershell/exchange/connect-to-exchange-online-protection-powershell).
+
+- You need to be assigned permissions in **Exchange Online** before you can do the procedures in this article:
+ - To add, modify, and delete anti-malware policies, you need to be a member of the **Organization Management** or **Security Administrator** role groups.
+ - For read-only access to anti-malware policies, you need to be a member of the **Global Reader** or **Security Reader** role groups.
+
+ For more information, see [Permissions in Exchange Online](/exchange/permissions-exo/permissions-exo).
+
+ **Notes**:
+
+ - Adding users to the corresponding Azure Active Directory role in the Microsoft 365 admin center gives users the required permissions _and_ permissions for other features in Microsoft 365. For more information, see [About admin roles](../../admin/add-users/about-admin-roles.md).
+ - The **View-Only Organization Management** role group in [Exchange Online](/Exchange/permissions-exo/permissions-exo#role-groups) also gives read-only access to the feature.
+
+- For our recommended settings for anti-malware policies, see [EOP anti-malware policy settings](recommended-settings-for-eop-and-office365.md#eop-anti-malware-policy-settings).
+
+## Use the Security & Compliance Center to create anti-malware policies
+
+Creating a custom anti-malware policy in the Security & Compliance Center creates the malware filter rule and the associated malware filter policy at the same time using the same name for both.
+
+1. In the Security & Compliance Center, go to **Threat management** \> **Policy** \> **Anti-Malware**, and then click **New** ![Add Icon](../../media/ITPro-EAC-AddIcon.png).
+
+2. In the **New anti-malware policy** page that opens, configure these settings:
+
+ - **Name**: Enter a unique, descriptive name for the policy.
+
+ - **Description**: Enter an optional description for the policy.
+
+ - **Malware detection response**: Select one of these values for the **Do you want to notify recipients if their messages are quarantined?** setting:
+
+ - **No**: The message is quarantined with no notification to the intended recipients. This is the default value.
+
+ - **Yes and use the default notification text**: The message is quarantined. A copy of the message is delivered to the recipients, but *all* attachments (not just the detected ones) are replaced with a single text file named **Malware Alert Text.txt** that contains the default text. For the default text, see [Anti-malware policies](anti-malware-protection.md#anti-malware-policies).
+
+ - **Yes and use the custom notification text**: The message is quarantined. A copy of the message is delivered to the recipients, but *all* attachments (not just the detected ones) are replaced with a single text file named **Malware Alert Text.txt** contains custom text you specify in the **Custom alert text** box.
+
+ - **Common Attachment Types Filter**: Select one of these values for **blocking attachment types that may harm your computer.**:
+
+ - **Off**
+
+ - **On**: Messages with the specified attachments are treated as malware detections and are automatically quarantined. You can modify the list by clicking the **Add** and **Remove** buttons.
+
+ - **Malware Zero-hour Auto Purge**: Malware ZAP quarantines messages that have already been delivered. For more information, see [Zero-hour auto purge (ZAP) in Exchange Online](zero-hour-auto-purge.md). Select one of these values:
+
+ - **Off**
+
+ - **On (Recommended)**
+
+ - **Notification**: The settings in this section control sender and admin notifications when malware is detected in a message.
+
+ - **Sender Notifications**: Select one or both of these options:
+
+ - **Notify internal senders**: An internal sender is inside the organization.
+
+ - **Notify external senders**: An external sender is outside the organization.
+
+ - **Administrator Notifications**: Select one or both of these options:
+
+ - **Notify administrator about undelivered messages from internal senders**: If you select this option, enter a notification email address in the **Administrator email address** box.
+
+ - **Notify administrator about undelivered messages from external senders**: If you select this option, enter a notification email address in the **Administrator email address** box.
+
+ - **Customize Notifications**: These settings replace the default notification text that's used for senders or administrators. For more information about the default values, see [Anti-malware policies](anti-malware-protection.md#anti-malware-policies).
+
+ - **Use customized notification text**: If you select this option, you need to use the **From name** and **From address** boxes to specify the sender's name and email address that's used in the customized notification message.
+
+ - **Messages from internal senders**: If you elected to notify senders or administrators about undeliverable messages from internal senders, you need to use the **Subject** and **Message** boxes to specify the subject and message body of the custom notification message.
+
+ - **Messages from external senders**: If you elected to notify senders or administrators about undeliverable messages from external senders, you need to use the **Subject** and **Message** boxes to specify the subject and message body of the custom notification message.
+
+ - **Applied to**: The settings in this section identify the internal recipients that the policy applies to.
+
+ - **If**: Click on the **Select one** drop-down, and select conditions for the rule:
+
+ - **The recipient is**: Specifies one or more mailboxes, mail users, or mail contacts in your organization. In the **Select members** dialog box that appears, select one or more recipients from the list, and then click **add -\>**. In the **Check names** box, you can use wildcards for multiple email addresses (for example: \*@fabrikam.com). When you're finished, click **OK**.
+
+ - **The recipient domain is**: Specifies recipients in one or more of the configured accepted domains your organization. In the dialog box that appears, select one or more domains, and then click **add -\>**. When you're finished, click **OK**.
+
+ - **The recipient is a member of**: Specifies one or more groups in your organization. In the **Select members** dialog box that appears, select one or more groups from the list, and then click **add -\>**. When you're finished, click **OK**.
+
+ You can only use a condition once, but you can specify multiple values for the condition. Multiple values of the same condition use OR logic (for example, _\<recipient1\>_ or _\<recipient2\>_). Different conditions use AND logic (for example, _\<recipient1\>_ and _\<member of group 1\>_). To add more conditions, click **Add condition** and select from the remaining options.
+
+ - **Except if**: To add exceptions for the rule, click **Add exception**, click on the **Select one** drop-down, and configure the exceptions. The settings and behavior are exactly like the conditions.
+
+3. When you're finished, click **Save**.
+
+## Use the Security & Compliance Center to view anti-malware policies
+
+1. In the Security & Compliance Center, go to **Threat management** \> **Policy** \> **Anti-Malware**.
+
+2. When you select a policy, information about the policy is displayed in the details pane. To see more information about the policy, click **Edit** ![Edit icon](../../media/ITPro-EAC-EditIcon.png).
+
+ - The **Enabled** property value, the **Priority** property value, and the settings on the **Applied to** tab are in the malware filter rule.
+
+ - The settings on the **General** and **Settings** tabs are in the malware filter policy.
+
+## Use the Security & Compliance Center to modify anti-malware policies
+
+1. In the Security & Compliance Center, go to **Threat management** \> **Policy** \> **Anti-Malware**.
+
+2. Select the policy, and then click **Edit** ![Edit icon](../../media/ITPro-EAC-EditIcon.png). For information about the settings, see the [Use the Security & Compliance Center to create anti-malware policies](#use-the-security--compliance-center-to-create-anti-malware-policies) section in this article.
+
+ **Notes**:
+
+ - Instead of everything on one page, the settings are divided among the **General**, **Settings**, and **Applied to** tabs. The **Applied to** tab isn't available in the default policy named Default (which is automatically applied to everyone).
+
+ - You can't rename the default policy.
+
+## Use the Security & Compliance Center to enable or disable anti-malware policies
+
+1. In the Security & Compliance Center, go to **Threat management** \> **Policy** \> **Anti-Malware**.
+
+2. Select the policy from the list, and then configure one of the following settings:
+
+ - **Disable the policy**: Clear the check box in the **Enabled** column. By default, anti-malware policies are enabled when you create them in the Security & Compliance Center.
+
+ - **Enable the policy**: Select the check box in the **Enabled** column.
+
+## Use the Security & Compliance Center to set the priority of custom anti-malware policies
+
+By default, anti-malware policies are given a priority that's based on the order they were created in (newer polices are lower priority than older policies). A lower priority number indicates a higher priority for the policy, and policies are processed in priority order (higher priority policies are processed before lower priority policies). No two policies can have the same priority, and policy processing stops after the first policy is applied.
+
+ **Notes**:
+
+- In the Security & Compliance Center, you can only change the priority of the anti-malware policy after you create it. In PowerShell, you can override the default priority when you create the malware filter rule (which can affect the priority of existing rules).
+
+- In the Security & Compliance Center, anti-malware policies are processed in the order that they're displayed (the first policy has the **Priority** value 0). The default anti-malware policy named Default has the priority value **Lowest**, and you can't change it.
+
+To change the priority of a policy, move the policy up or down in the list (you can't directly modify the **Priority** number in the Security & Compliance Center).
+
+1. In the Security & Compliance Center, go to **Threat management** \> **Policy** \> **Anti-Malware**.
+
+2. Select a policy, and then click **Move up** ![Up Arrow icon](../../media/ITPro-EAC-UpArrowIcon.png) or **Move down** ![Down Arrow icon](../../media/ITPro-EAC-DownArrowIcon.png) to move the rule up or down in the list.
+
+## Use the Security & Compliance Center to remove anti-malware policies
+
+When you use the Security & Compliance Center to remove an anti-malware policy, the malware filter rule and the corresponding malware filter policy are both deleted.
+
+1. In the Security & Compliance Center, go to **Threat management** \> **Policy** \> **Anti-Malware**.
+
+2. Select the anti-malware policy you want to remove from the list, and then click **Delete** ![Delete icon](../../media/ITPro-EAC-DeleteIcon.png).
+
+## Use Exchange Online PowerShell or standalone EOP PowerShell to configure anti-malware policies
+
+### Use PowerShell to create anti-malware policies
+
+Creating an anti-malware policy in PowerShell is a two-step process:
+
+1. Create the malware filter policy.
+
+2. Create the malware filter rule that specifies the malware filter policy that the rule applies to.
+
+ **Notes**:
+
+- You can create a new malware filter rule and assign an existing, unassociated malware filter policy to it. A malware filter rule can't be associated with more than one malware filter policy.
+
+- There are two settings that you can configure on new anti-malware policies in PowerShell that aren't available in the Security & Compliance Center until after you create the policy:
+
+ - Create the new policy as disabled (_Enabled_ `$false` on the **New-MalwareFilterRule** cmdlet).
+
+ - Set the priority of the policy during creation (_Priority_ _\<Number\>_) on the **New-MalwareFilterRule** cmdlet).
+
+- A new malware filter policy that you create in PowerShell isn't visible in the Security & Compliance Center until you assign the policy to a malware filter rule.
+
+#### Step 1: Use PowerShell to create a malware filter policy
+
+**Note**: In EOP, the _Action_ parameter values `DeleteMessage`, `DeleteAttachmentAndUseDefaultAlert`, and `DeleteAttachmentAndUseCustomAlert` don't delete messages. Instead, the messages are quarantined. For more information about retrieving quarantined messages, see [Manage quarantined messages and files as an admin in EOP](manage-quarantined-messages-and-files.md).
+
+To create a malware filter policy, use this syntax:
+
+```PowerShell
+New-MalwareFilterPolicy -Name "<PolicyName>" [-Action <DeleteMessage | DeleteAttachmentAndUseDefaultAlert | DeleteAttachmentAndUseCustomAlert>] [-AdminDisplayName "<OptionalComments>"] [-CustomNotifications <$true | $false>] [<Inbound notification options>] [<Outbound notification options>]
+```
+
+This example creates a new malware filter policy named Contoso Malware Filter Policy with these settings:
+
+- Quarantine messages that contain malware without notifying the recipients (we aren't using the _Action_ parameter, and the default value is `DeleteMessage`).
+
+- Don't notify the message sender when malware is detected in the message (we aren't using the _EnableExternalSenderNotifications_ or _EnableInternalSenderNotifications_ parameters, and the default value for both is `$false`).
+
+- Notify the administrator admin@contoso.com when malware is detected in a message from an internal sender.
+
+```PowerShell
+New-MalwareFilterPolicy -Name "Contoso Malware Filter Policy" -EnableInternalSenderAdminNotifications $true -InternalSenderAdminAddress admin@contoso.com
+```
+
+For detailed syntax and parameter information, see [New-MalwareFilterPolicy](/powershell/module/exchange/new-malwarefilterpolicy).
+
+#### Step 2: Use PowerShell to create a malware filter rule
+
+To create a malware filter rule, use this syntax:
+
+```PowerShell
+New-MalwareFilterRule -Name "<RuleName>" -MalwareFilterPolicy "<PolicyName>" <Recipient filters> [<Recipient filter exceptions>] [-Comments "<OptionalComments>"]
+```
+
+This example creates a new malware filter rule named Contoso Recipients with these settings:
+
+- The malware filter policy named Contoso Malware Filter Policy is associated with the rule.
+
+- The rule applies to recipients in the contoso.com domain.
+
+```PowerShell
+New-MalwareFilterRule -Name "Contoso Recipients" -MalwareFilterPolicy "Contoso Malware Filter Policy" -RecipientDomainIs contoso.com
+```
+
+For detailed syntax and parameter information, see [New-MalwareFilterRule](/powershell/module/exchange/new-malwarefilterrule).
+
+### Use PowerShell to view malware filter policies
+
+To return a summary list of all malware filter policies, run this command:
+
+```PowerShell
+Get-MalwareFilterPolicy
+```
+
+To return detailed information about a specific malware filter policy, use the this syntax:
+
+```PowerShell
+Get-MalwareFilterPolicy -Identity "<PolicyName>" | Format-List [<Specific properties to view>]
+```
+
+This example returns all the property values for the malware filter policy named Executives.
+
+```PowerShell
+Get-MalwareFilterPolicy -Identity "Executives" | Format-List
+```
+
+This example returns only the specified properties for the same policy.
+
+```PowerShell
+Get-MalwareFilterPolicy -Identity "Executives" | Format-List Action,AdminDisplayName,CustomNotifications,Enable*Notifications
+```
+
+For detailed syntax and parameter information, see [Get-MalwareFilterPolicy](/powershell/module/exchange/get-malwarefilterpolicy).
+
+### Use PowerShell to view malware filter rules
+
+To return a summary list of all malware filter rules, run this command:
+
+```PowerShell
+Get-MalwareFilterRule
+```
+
+To filter the list by enabled or disabled rules, run the following commands:
+
+```PowerShell
+Get-HostedContentFilterRule -State Disabled
+```
+
+```PowerShell
+Get-HostedContentFilterRule -State Enabled
+```
+
+To return detailed information about a specific malware filter rule, use this syntax:
+
+```PowerShell
+Get-MalwareFilterRule -Identity "<RuleName>" | Format-List [<Specific properties to view>]
+```
+
+This example returns all the property values for the malware filter rule named Executives.
+
+```PowerShell
+Get-MalwareFilterRule -Identity "Executives" | Format-List
+```
+
+This example returns only the specified properties for the same rule.
+
+```PowerShell
+Get-MalwareFilterRule -Identity "Executives" | Format-List Name,Priority,State,MalwareFilterPolicy,*Is,*SentTo,*MemberOf
+```
+
+For detailed syntax and parameter information, see [Get-MalwareFilterRule](/powershell/module/exchange/get-malwarefilterrule).
+
+### Use PowerShell to modify malware filter policies
+
+Other than the following items, the same settings are available when you modify a malware filter policy in PowerShell as when you create the policy as described in the [Step 1: Use PowerShell to create a malware filter policy](#step-1-use-powershell-to-create-a-malware-filter-policy) section earlier in this article.
+
+- The _MakeDefault_ switch that turns the specified policy into the default policy (applied to everyone, unmodifiable **Lowest** priority, and you can't delete it) is only available when you modify a malware filter policy in PowerShell.
+
+- You can't rename a malware filter policy (the **Set-MalwareFilterPolicy** cmdlet has no _Name_ parameter). When you rename an anti-malware policy in the Security & Compliance Center, you're only renaming the malware filter _rule_.
+
+To modify a malware filter policy, use this syntax:
+
+```PowerShell
+Set-MalwareFilterPolicy -Identity "<PolicyName>" <Settings>
+```
+
+For detailed syntax and parameter information, see [Set-MalwareFilterPolicy](/powershell/module/exchange/set-malwarefilterpolicy).
+
+### Use PowerShell to modify malware filter rules
+
+The only setting that isn't available when you modify a malware filter rule in PowerShell is the _Enabled_ parameter that allows you to create a disabled rule. To enable or disable existing malware filter rules, see the next section.
+
+Otherwise, no additional settings are available when you modify a malware filter rule in PowerShell. The same settings are available when you create a rule as described in the [Step 2: Use PowerShell to create a malware filter rule](#step-2-use-powershell-to-create-a-malware-filter-rule) section earlier in this article.
+
+To modify a malware filter rule, use this syntax:
+
+```PowerShell
+Set-MalwareFilterRule -Identity "<RuleName>" <Settings>
+```
+
+For detailed syntax and parameter information, see [Set-MalwareFilterRule](/powershell/module/exchange/set-malwarefilterrule).
+
+### Use PowerShell to enable or disable malware filter rules
+
+Enabling or disabling a malware filter rule in PowerShell enables or disables the whole anti-malware policy (the malware filter rule and the assigned malware filter policy). You can't enable or disable the default anti-malware policy (it's always always applied to all recipients).
+
+To enable or disable a malware filter rule in PowerShell, use this syntax:
+
+```PowerShell
+<Enable-MalwareFilterRule | Disable-MalwareFilterRule> -Identity "<RuleName>"
+```
+
+This example disables the malware filter rule named Marketing Department.
+
+```PowerShell
+Disable-MalwareFilterRule -Identity "Marketing Department"
+```
+
+This example enables same rule.
+
+```PowerShell
+Enable-MalwareFilterRule -Identity "Marketing Department"
+```
+
+For detailed syntax and parameter information, see [Enable-MalwareFilterRule](/powershell/module/exchange/enable-malwarefilterrule) and [Disable-MalwareFilterRule](/powershell/module/exchange/disable-malwarefilterrule).
+
+### Use PowerShell to set the priority of malware filter rules
+
+The highest priority value you can set on a rule is 0. The lowest value you can set depends on the number of rules. For example, if you have five rules, you can use the priority values 0 through 4. Changing the priority of an existing rule can have a cascading effect on other rules. For example, if you have five custom rules (priorities 0 through 4), and you change the priority of a rule to 2, the existing rule with priority 2 is changed to priority 3, and the rule with priority 3 is changed to priority 4.
+
+To set the priority of a malware filter rule in PowerShell, use the following syntax:
+
+```PowerShell
+Set-MalwareFilterRule -Identity "<RuleName>" -Priority <Number>
+```
+
+This example sets the priority of the rule named Marketing Department to 2. All existing rules that have a priority less than or equal to 2 are decreased by 1 (their priority numbers are increased by 1).
+
+```PowerShell
+Set-MalwareFilterRule -Identity "Marketing Department" -Priority 2
+```
+
+**Notes**:
+
+- To set the priority of a new rule when you create it, use the _Priority_ parameter on the **New-MalwareFilterRule** cmdlet instead.
+
+- The default malware filter policy doesn't have a corresponding malware filter rule, and it always has the unmodifiable priority value **Lowest**.
+
+### Use PowerShell to remove malware filter policies
+
+When you use PowerShell to remove a malware filter policy, the corresponding malware filter rule isn't removed.
+
+To remove a malware filter policy in PowerShell, use this syntax:
+
+```PowerShell
+Remove-MalwareFilterPolicy -Identity "<PolicyName>"
+```
+
+This example removes the malware filter policy named Marketing Department.
+
+```PowerShell
+Remove-MalwareFilterPolicy -Identity "Marketing Department"
+```
+
+For detailed syntax and parameter information, see [Remove-MalwareFilterPolicy](/powershell/module/exchange/remove-malwarefilterpolicy).
+
+### Use PowerShell to remove malware filter rules
+
+When you use PowerShell to remove a malware filter rule, the corresponding malware filter policy isn't removed.
+
+To remove a malware filter rule in PowerShell, use this syntax:
+
+```PowerShell
+Remove-MalwareFilterRule -Identity "<PolicyName>"
+```
+
+This example removes the malware filter rule named Marketing Department.
+
+```PowerShell
+Remove-MalwareFilterRule -Identity "Marketing Department"
+```
+
+For detailed syntax and parameter information, see [Remove-MalwareFilterRule](/powershell/module/exchange/remove-malwarefilterrule).
+
+## How do you know these procedures worked?
+
+### Use the EICAR.TXT file to verify your anti-malware policy settings
+
+> [!IMPORTANT]
+> The EICAR.TXT file is not a virus. The European Institute for Computer Antivirus Research (EICAR) developed this file to safely test anti-virus installations and settings.
+
+1. Open Notepad and paste the following text into an empty file:
+
+ ```Text
+ X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
+ ```
+
+ Be sure that these are the only text characters in the file. The file size should be 68 bytes.
+
+2. Save the file as EICAR.TXT
+
+ In your desktop anti-virus program, be sure to exclude the EICAR.TXT from scanning (otherwise, the file will be quarantined).
+
+3. Send an email message that contains the EICAR.TXT file as an attachment, using an email client that won't automatically block the file. Use your anti-malware policy settings to determine the following scenarios to test:
+
+ - Email from an internal mailbox to an internal recipient.
+
+ - Email from an internal mailbox to an external recipient.
+
+ - Email from an external mailbox to an internal recipient.
+
+4. Verify that the message was quarantined, and verify the recipient and sender notification results based on your anti-malware policy settings. For example:
+
+ - Recipients aren't notified, or recipients receive the original message with the EICAR.TXT attachment replaced by **Malware Alert Text.txt** that contains the default or customized text.
+
+ - Internal or external senders are notified with the default or customized notification messages.
+
+ - The admin email address that you specified is notified for internal or external message senders, with the default or customized notification messages.
+
+5. Delete the EICAR.TXT file after your testing is complete (so other users aren't unnecessarily alarmed by it).
security Configure Anti Phishing Policies Eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-365-security/configure-anti-phishing-policies-eop.md
+
+ Title: Configure anti-phishing policies in EOP
+f1.keywords:
+ - NOCSH
+++
+audience: ITPro
+ Last updated : +
+localization_priority: Normal
+ms.assetid:
+
+ - M365-security-compliance
+description: Admins can learn how to create, modify, and delete the anti-phishing policies that are available in Exchange Online Protection (EOP) organizations with or without Exchange Online mailboxes.
+ms.technology: mdo
++
+# Configure anti-phishing policies in EOP
++
+**Applies to**
+- [Exchange Online Protection](exchange-online-protection-overview.md)
+
+In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, there's a default anti-phishing policy that contains a limited number of anti-spoofing features that are enabled by default. For more information, see [Spoof settings in anti-phishing policies](set-up-anti-phishing-policies.md#spoof-settings).
+
+Admins can view, edit, and configure (but not delete) the default anti-phishing policy. For greater granularity, you can also create custom anti-phishing policies that apply to specific users, groups, or domains in your organization. Custom policies always take precedence over the default policy, but you can change the priority (running order) of your custom policies.
+
+Organizations with Exchange Online mailboxes can configure anti-phishing policies in the Security & Compliance Center or in Exchange Online PowerShell. Standalone EOP organizations can only use the Security & Compliance Center.
+
+For information about creating and modifying the more advanced anti-phishing policies in Microsoft Defender for Office 365 that are available in Defender for Office 365, see [Configure anti-phishing policies in Microsoft Defender for Office 365](configure-atp-anti-phishing-policies.md).
+
+The basic elements of an anti-phishing policy are:
+
+- **The anti-phish policy**: Specifies the phishing protections to enable or disable, and the actions to apply options.
+- **The anti-phish rule**: Specifies the priority and recipient filters (who the policy applies to) for an anti-phish policy.
+
+The difference between these two elements isn't obvious when you manage anti-phishing policies in the Security & Compliance Center:
+
+- When you create an anti-phishing policy, you're actually creating an anti-phish rule and the associated anti-phish policy at the same time using the same name for both.
+- When you modify an anti-phishing policy, settings related to the name, priority, enabled or disabled, and recipient filters modify the anti-phish rule. All other settings modify the associated anti-phish policy.
+- When you remove an anti-phishing policy, the anti-phish rule and the associated anti-phish policy are removed.
+
+In Exchange Online PowerShell, you manage the policy and the rule separately. For more information, see the [Use Exchange Online PowerShell to configure anti-phishing policies](#use-exchange-online-powershell-to-configure-anti-phishing-policies) section later in this article.
+
+Every organization has a built-in anti-phishing policy named Office365 AntiPhish Default that has these properties:
+
+- The policy is applied to all recipients in the organization, even though there's no anti-phish rule (recipient filters) associated with the policy.
+- The policy has the custom priority value **Lowest** that you can't modify (the policy is always applied last). Any custom policies that you create always have a higher priority.
+- The policy is the default policy (the **IsDefault** property has the value `True`), and you can't delete the default policy.
+
+To increase the effectiveness of anti-phishing protection, you can create custom anti-phishing policies with stricter settings that are applied to specific users or groups of users.
+
+## What do you need to know before you begin?
+
+- You open the Security & Compliance Center at <https://protection.office.com/>. To go directly to the **Anti-phishing** page, use <https://protection.office.com/antiphishing>.
+
+- To connect to Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell).
+
+ You can't manage anti-phishing policies in standalone EOP PowerShell.
+
+- You need to be assigned permissions in **Exchange Online** before you can do the procedures in this article:
+ - To add, modify, and delete anti-phishing policies, you need to be a member of the **Organization Management** or **Security Administrator** role groups.
+ - For read-only access to anti-phishing policies, you need to be a member of the **Global Reader** or **Security Reader** role groups<sup>\*</sup>.
+
+ For more information, see [Permissions in Exchange Online](/exchange/permissions-exo/permissions-exo).
+
+ **Notes**:
+
+ - Adding users to the corresponding Azure Active Directory role in the Microsoft 365 admin center gives users the required permissions _and_ permissions for other features in Microsoft 365. For more information, see [About admin roles](../../admin/add-users/about-admin-roles.md).
+ - The **View-Only Organization Management** role group in [Exchange Online](/Exchange/permissions-exo/permissions-exo#role-groups) also gives read-only access to the feature<sup>\*</sup>.
+ - <sup>\*</sup> In the Security & Compliance Center, read-only access allows users to view the settings of custom anti-phishing policies. Read-only users can't see the settings in the default anti-phishing policy.
+
+- To create and modify anti-phishing policies in standalone EOP, you need to do something that requires _hydration_ for your tenant. For example, in the Exchange admin center (EAC), you can go to the **Permissions** tab, select an existing role group, click **Edit** ![Edit icon](../../medilet (which isn't available in standalone EOP PowerShell or in the Security & Compliance Center).
+
+- For our recommended settings for anti-phishing policies, see [EOP default anti-phishing policy settings](recommended-settings-for-eop-and-office365.md#eop-default-anti-phishing-policy-settings).
+
+- Allow up to 30 minutes for the updated policy to be applied.
+
+- For information about where anti-phishing policies are applied in the filtering pipeline, see [Order and precedence of email protection](how-policies-and-protections-are-combined.md).
+
+## Use the Security & Compliance Center to create anti-phishing policies
+
+Creating a custom anti-phishing policy in the Security & Compliance Center creates the anti-phish rule and the associated anti-phish policy at the same time using the same name for both.
+
+When you create an anti-phishing policy, you can only specify the policy name, description, and the recipient filter that identifies who the policy applies to. After you create the policy, you can modify the policy to change or review the default anti-phishing settings.
+
+1. In the Security & Compliance Center, go to **Threat management** \> **Policy** \> **Anti-phishing**.
+
+2. On the **Anti-phishing** page, click **Create**.
+
+3. The **Create a new anti-phishing policy** wizard opens. On the **Name your policy** page, configure the following settings:
+
+ - **Name**: Enter a unique, descriptive name for the policy.
+
+ - **Description**: Enter an optional description for the policy.
+
+ When you're finished, click **Next**.
+
+4. On the **Applied to** page that appears, identify the internal recipients that the policy applies to.
+
+ You can only use a condition or exception once, but you can specify multiple values for the condition or exception. Multiple values of the same condition or exception use OR logic (for example, _\<recipient1\>_ or _\<recipient2\>_). Different conditions or exceptions use AND logic (for example, _\<recipient1\>_ and _\<member of group 1\>_).
+