Updates from: 03/26/2021 04:19:17
Category Microsoft Docs article Related commit history on GitHub Change details
admin Let Users Reset Passwords https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/let-users-reset-passwords.md
As the Microsoft 365 admin, you can let people use the [self-service password re
- **If you're using an on-premises Active Directory**, the above two points don't apply. Rather, you can set this up but **it requires a paid subscription to Azure AD Premium**.
-This article is for people who set password expiration policy for a business, school, or nonprofit. To complete these steps, you need to sign in with your Microsoft 365 admin account. [What's an admin account?](../admin-overview/admin-overview.md)
+This article is for people who set password expiration policy for a business, school, or nonprofit. To complete these steps, you need to sign in with your Microsoft 365 admin account. [What's an admin account?](https://docs.microsoft.com/microsoft-365/business-video/admin-center-overview)
You must be an [global admin or password administrator](about-admin-roles.md) to perform these steps.
admin Resend User Password https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/resend-user-password.md
This article explains how to resend the notification email to a new user in Offi
## Before you begin
-This article is for people who set password expiration policy for a business, school, or nonprofit. To complete these steps, you need to sign in with your Microsoft 365 admin account. [What's an admin account?](../admin-overview/admin-overview.md).
+This article is for people who set password expiration policy for a business, school, or nonprofit. To complete these steps, you need to sign in with your Microsoft 365 admin account. [What's an admin account?](https://docs.microsoft.com/microsoft-365/business-video/admin-center-overview).
You must be an [global admin or password administrator](about-admin-roles.md) to perform these steps.
admin Reset Passwords https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/reset-passwords.md
This article explains how to reset passwords for yourself and for your users whe
## Before you begin
-This article is for people who set password expiration policy for a business, school, or nonprofit. To complete these steps, you need to sign in with your Microsoft 365 admin account. [What's an admin account?](../admin-overview/admin-overview.md).
+This article is for people who set password expiration policy for a business, school, or nonprofit. To complete these steps, you need to sign in with your Microsoft 365 admin account. [What's an admin account?](https://docs.microsoft.com/microsoft-365/business-video/admin-center-overview).
You must be an [global admin or password administrator](about-admin-roles.md) to perform these steps.
admin Set Password To Never Expire https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/set-password-to-never-expire.md
This article explains how to set a password for an individual user to not expire
## Before you begin
-This article is for people who set password expiration policy for a business, school, or nonprofit. To complete these steps, you need to sign in with your Microsoft 365 admin account. [What's an admin account?](../admin-overview/admin-overview.md).
+This article is for people who set password expiration policy for a business, school, or nonprofit. To complete these steps, you need to sign in with your Microsoft 365 admin account. [What's an admin account?](https://docs.microsoft.com/microsoft-365/business-video/admin-center-overview).
You must be an [global admin or password administrator](about-admin-roles.md) to perform these steps.
admin Strong Password https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/strong-password.md
This article explains how to turn off strong password requirements for your user
## Before you begin
-This article is for people who manage password policy for a business, school, or nonprofit. To complete these steps, you need to sign in with your Microsoft 365 admin account. [What's an admin account?](../admin-overview/admin-overview.md) You must be an [global admin or password administrator](about-admin-roles.md) to perform these steps.
+This article is for people who manage password policy for a business, school, or nonprofit. To complete these steps, you need to sign in with your Microsoft 365 admin account. [What's an admin account?](https://docs.microsoft.com/microsoft-365/business-video/admin-center-overview) You must be an [global admin or password administrator](about-admin-roles.md) to perform these steps.
You must also connect to Microsoft 365 with PowerShell.
admin About The Admin Center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/about-the-admin-center.md
If you found this video helpful, check out the [complete training series for sma
## Admin center features and settings
-Here are the features and settings you'll find in the left-hand navigation of the admin center. Learn more about admin tasks in [admin help](./admin-overview.md).
+Here are the features and settings you'll find in the left-hand navigation of the admin center. Learn more about admin tasks in [admin help](https://docs.microsoft.com/microsoft-365/business-video/admin-center-overview).
|**Menu**|**What it's for**| |--|--|
Here are the features and settings you'll find in the left-hand navigation of th
|**Settings** <br/> |Manage global settings for apps like email, sites, and the Office suite. Change your password policy and expiration date. Add and update domain names like contoso.com. Change your organization profile and release preferences. And choose whether partners can access your admin center. <br/> | |**Setup** <br/> |Manage existing domains, turn on and manage multi-factor authentication, manage admin access, migrate user mailboxes to Office 365, manage feature updates, and help users install their Office apps. | |**Reports** <br/> |See at a glance how your organization is using Microsoft 365 with detailed reports on email use, Office activations, and more. Learn how to use the new [activity reports](../activity-reports/activity-reports.md). <br/> |
-|**Health** <br/> |View the service health at a glance. You can also check out more details and the service health history. Check out [How to check service health](../../enterprise/view-service-health.md). <br/> Use Message center to keep track of upcoming changes to features and services. We post announcements there with information that helps you plan for change and understand how it may affect users. Get more details in [Message center in Office 365](../manage/message-center.md). <br/> |
+|**Health** <br/> |View health at a glance. You can also check out more details and the health history. See [How to check service health](https://docs.microsoft.com/microsoft-365/enterprise/view-service-health) and [How to check Windows release health](https://docs.microsoft.com/windows/deployment/update/check-release-health) for more information. ΓÇï <br/><br/>Use Message center to keep track of upcoming changes to features and services. We post announcements there with information that helps you plan for change and understand how it may affect users. Get more details in [Message center](../manage/message-center.md). <br/> |
|**Admin centers** <br/> |Open separate admin centers for Exchange, Skype for Business, SharePoint, Yammer, and Azure AD. Each admin center includes all available settings for that service. <br/> For example, in the Exchange admin center, set up and manage email, calendars, distribution groups, and more. In the SharePoint admin center, create and manage site collections, site settings, and OneDrive for Business. In the Skype for Business admin center, set up instant messaging notifications, dial-in conferencing, and online presence. <br/> Learn more about the [Exchange admin center](/exchange/exchange-admin-center) and [SharePoint Admin Center](/sharepoint/sharepoint-online).<br/> **Note:** The admin centers available to you depend on your plan and region. | ## Common tasks in the admin center
admin Admin Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/admin-overview.md
- Title: "Admin center overview"-- NOCSH-----
-localization_priority: Normal
--- M365-subscription-management-- Adm_O365-- Adm_TOC--- BCS160-- MET150-- MOE150
-description: "Learn about the Microsoft 365 admin center: how to sign in, who your admin is, and watch a video introduction about it."
--
-# Admin center overview
-
-
-When you buy a [Microsoft 365 Apps for business plan](https://go.microsoft.com/fwlink/?linkid=856886) or a [Microsoft 365 for business plan](https://www.microsoft.com/microsoft-365/business), we give you a special account that has admin permissions. This account is called an admin account.
-
-With this account you can access the Microsoft 365 admin center to manage your business: add users, manage your subscription, reset passwords, and more. Try it!
-
-
- **Sign in with your admin account at <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">https://admin.microsoft.com</a>.**
---
-**Sign in with your admin account to Office 365 Germany at <a href="https://go.microsoft.com/fwlink/p/?linkid=848041" target="_blank">https://portal.office.de</a>.**
---
-**Sign in with your admin account to Office 365 operated by 21Vianet at <a href="https://go.microsoft.com/fwlink/p/?linkid=850627" target="_blank">https://portal.partner.microsoftonline.cn</a>.**
--
-If you get the message "**You don't have permission to access this page or perform this action**," you aren't an admin.
-<br><br>
-> [!VIDEO https://www.microsoft.com/videoplayer/embed/3a4e19ee-1a2a-473f-8995-06de0052c169?autoplay=false]
-
-## Who has admin permissions in my business?
-<a name="bkmk_admin"> </a>
-
-When looking for your admin to reset your password, delete an account, or do other tasks, here's who you should contact:
-
-- **Universities and schools**: Contact your technical support team. Usually you can find a link on your university site. At smaller schools, there may be just a few individuals who have admin permissions.
-
-- **Large businesses**: Contact your internal help desk / technical support.
-
-- **Small businesses**: Contact the business owner / co-owner. Often they give admin permissions to their IT consultant who does all the computer maintenance work for their business.
-
-By default, the person who signs up for and buys an Microsoft 365 for business subscription gets admin permissions. That person can assign admin permissions to other people to help them manage Microsoft 365 for their organization.
-
-If you have no idea who to contact at your work or school for help, try asking the person who gave you your user account and password.
admin Get Started With Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/get-started-with-office-365.md
Here are some resources to help you get started.
- [Training for admins](../index.yml): Get links to free online classes for admins. -- [Admin Help](./admin-overview.md): Get info about top tasks, getting started with admin tools, and troubleshooting problems.
+- [Admin Help](https://docs.microsoft.com/microsoft-365/business-video/admin-center-overview): Get info about top tasks, getting started with admin tools, and troubleshooting problems.
- [Contact support - Admin Help](../contact-support-for-business-products.md) : Call us, open an online request, or let the community help.
admin Contact Support For Business Products https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/contact-support-for-business-products.md
Start by [checking the current health of your services](../enterprise/view-servi
Save time by starting your service request online. We'll help you find a solution or connect you to technical support.
-1. Go to the admin center at <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">https://admin.microsoft.com</a>. If you get a message that says you don't have permission to access this page or perform this action, then you aren't an admin. [Who has admin permissions in my business?](admin-overview/admin-overview.md#who-has-admin-permissions-in-my-business)
+1. Go to the admin center at <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">https://admin.microsoft.com</a>. If you get a message that says you don't have permission to access this page or perform this action, then you aren't an admin. [Who has admin permissions in my business?](https://docs.microsoft.com/microsoft-365/business-video/admin-center-overview?#who-has-admin-permissions-in-my-business)
2. Select the **Need help?** button.
admin Create Dns Records At Google Domains https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/dns/create-dns-records-at-google-domains.md
When Microsoft finds the correct TXT record, your domain is verified.
## Add a TXT record for SPF to help prevent email spam > [!IMPORTANT]
-> You cannot have more than one TXT record for SPF for a domain. If your domain has more than one SPF record, you'll get email errors, as well as delivery and spam classification issues. If you already have an SPF record for your domain, don't create a new one for Microsoft. Instead, add the required Microsoft values to the current record so that you have a single SPF record that includes both sets of values. Need examples? Check out these [External Domain Name System records for Microsoft](../../enterprise/external-domain-name-system-records.md#bkmk_spfrecords). To validate your SPF record, you can use one of these [SPF validation tools](../setup/domains-faq.yml).
+> You cannot have more than one TXT record for SPF for a domain. If your domain has more than one SPF record, you'll get email errors, as well as delivery and spam classification issues. If you already have an SPF record for your domain, don't create a new one for Microsoft. Instead, add the required Microsoft values to the current record so that you have a single SPF record that includes both sets of values. Need examples? Check out these [External Domain Name System records for Microsoft](../../enterprise/external-domain-name-system-records.md). To validate your SPF record, you can use one of these [SPF validation tools](../setup/domains-faq.yml).
1. To get started, go to your domains page at Google Domains by using [this link](https://domains.google.com/registrar). You'll be prompted to sign in. To do so:
admin Create Dns Records At Hostgator https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/dns/create-dns-records-at-hostgator.md
When Microsoft finds the correct TXT record, your domain is verified.
<a name="BKMK_add_TXT"> </a> > [!IMPORTANT]
-> You cannot have more than one TXT record for SPF for a domain. If your domain has more than one SPF record, you'll get email errors, as well as delivery and spam classification issues. If you already have an SPF record for your domain, don't create a new one for Microsoft. Instead, add the required Microsoft values to the current record so that you have a single SPF record that includes both sets of values. Need examples? Check out these [External Domain Name System records for Microsoft](../../enterprise/external-domain-name-system-records.md#bkmk_spfrecords). To validate your SPF record, you can use one of these [SPF validation tools](../setup/domains-faq.yml).
+> You cannot have more than one TXT record for SPF for a domain. If your domain has more than one SPF record, you'll get email errors, as well as delivery and spam classification issues. If you already have an SPF record for your domain, don't create a new one for Microsoft. Instead, add the required Microsoft values to the current record so that you have a single SPF record that includes both sets of values. Need examples? Check out these [External Domain Name System records for Microsoft](../../enterprise/external-domain-name-system-records.md). To validate your SPF record, you can use one of these [SPF validation tools](../setup/domains-faq.yml).
> [!IMPORTANT] > Before you perform this procedure, you must first perform the procedure in the first section of this article, [Point your domain to your hosting account](#point-your-domain-to-your-hosting-account).
admin Create Dns Records At Mydomain https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/dns/create-dns-records-at-mydomain.md
When Microsoft finds the correct TXT record, your domain is verified.
<a name="BKMK_add_TXT"> </a> > [!IMPORTANT]
-> You cannot have more than one TXT record for SPF for a domain. If your domain has more than one SPF record, you'll get email errors, as well as delivery and spam classification issues. If you already have an SPF record for your domain, don't create a new one for Microsoft. Instead, add the required Microsoft values to the current record so that you have a single SPF record that includes both sets of values. Need examples? Check out these [External Domain Name System records for Microsoft](../../enterprise/external-domain-name-system-records.md#bkmk_spfrecords). To validate your SPF record, you can use one of these [SPF validation tools](../setup/domains-faq.yml).
+> You cannot have more than one TXT record for SPF for a domain. If your domain has more than one SPF record, you'll get email errors, as well as delivery and spam classification issues. If you already have an SPF record for your domain, don't create a new one for Microsoft. Instead, add the required Microsoft values to the current record so that you have a single SPF record that includes both sets of values. Need examples? Check out these [External Domain Name System records for Microsoft](../../enterprise/external-domain-name-system-records.md). To validate your SPF record, you can use one of these [SPF validation tools](../setup/domains-faq.yml).
1. To get started, go to your domains page at MyDomain by using [this link](https://www.mydomain.com/controlpanel). You'll be prompted to log in first.
admin What Is A Domain https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/what-is-a-domain.md
description: "Understand what a domain is and how you can buy a domain or use th
- okr_smb - AdminSurgePortfolio+ # What is a domain?
admin Centralized Deployment FAQ https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/centralized-deployment-FAQ.md
The add-in is deployed automatically to the assigned users, but they can choose
Yes. Admins can upload a new manifest file to support metadata changes for admin-deployed LOB add-ins. The add-in updates the next time the Office applications starts. The web application can change at any time.ΓÇ»
-For more information, see [line-of-business add-in](./manage-addins-in-the-admin-center.md#more-about-office-add-ins-security).
+For more information, see [line-of-business add-in](./manage-addins-in-the-admin-center.md).
## Can admins turn off add-ins?ΓÇ»
admin Language Translation For Message Center Posts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/language-translation-for-message-center-posts.md
- M365-subscription-management - Adm_O365 - Adm_NonTOC- search.appverid: - BCS160 - MET150
admin Set Password Expiration Policy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/set-password-expiration-policy.md
description: "Learn how to set a password expiration policy for your organizatio
## Before you begin
-This article is for people who set password expiration policy for a business, school, or nonprofit. To complete these steps, you need to sign in with your Microsoft 365 admin account. [What's an admin account?](../admin-overview/admin-overview.md).
+This article is for people who set password expiration policy for a business, school, or nonprofit. To complete these steps, you need to sign in with your Microsoft 365 admin account. [What's an admin account?](https://docs.microsoft.com/microsoft-365/business-video/admin-center-overview).
You must be a [global admin](../add-users/about-admin-roles.md) to perform these steps.
admin Microsoft 365 Admin Center Preview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/microsoft-365-admin-center-preview.md
- Title: "About the Microsoft 365 admin center"-- CSH-----
-localization_priority: Normal
--- Adm_O365-- Adm_TOC--- MET150-- MOE150-- FRP150
-description: "Learn about the Microsoft 365 admin center."
--
-# About the Microsoft 365 admin center
--
-The Microsoft 365 admin center is built for IT teams as a simplified way to manage your Microsoft 365 services. The admin center provides a tailored experience based on the unique needs of your role or organization, improves efficiency for everyday tasks, and provides actionable insights that help you make data-driven decisions to deliver a better experience for your users.
-
-The Microsoft 365 admin center is the common entry point for all Microsoft 365 admins and can be accessed at [https://admin.microsoft.com](https://go.microsoft.com/fwlink/?linkid=2024339). Specialist workspaces, like Security or Device management, allow for more granular control. For more information about how the admin centers will work together, see [What about the specific types of IT roles and other workspaces like Security, Device Management, or Exchange?](#what-about-the-specific-types-of-it-roles-and-other-workspaces-like-security-device-management-or-exchange) later in this article.
---
-The Microsoft 365 admin center is built for IT teams as a simplified way to manage your Microsoft 365 services. The admin center provides a tailored experience based on the unique needs of your role or organization, improves efficiency for everyday tasks, and provides actionable insights that help you make data-driven decisions to deliver a better experience for your users.
-
-The Microsoft 365 admin center is the common entry point for all Microsoft 365 admins and can be accessed by logging in at [https://portal.partner.microsoftonline.cn/AdminPortal/Home#/homepage](https://go.microsoft.com/fwlink/p/?linkid=850627). Additionally, specialist workspaces, like Azure Active Directory and Exchange, allow for more granular control. You can access the specialist workspaces from the navigation pane in the Microsoft 365 admin center.
---
-As new features become available in the Microsoft 365 admin center, you'll be able to opt in to the admin center and share your feedback with Microsoft so that we can continue to improve the admin experience. If you opt in, there will be no impact to your users, and you can switch back to the old admin center at any time.
-[What's new in the Microsoft 365 admin center](whats-new-in-preview.md).
-
-> [!NOTE]
-> Targeted release admins will have first access to new features. New features will then roll out to all admins. This means that you may not see the admin center, or it may look different than what is described in help articles. To be among the first to see new features, see Participate in the admin center, below.
-
-### Turn on Targeted release
-
-1. Sign in at [admin.microsoft.com](https://admin.microsoft.com), go to the navigation pane and select **Settings** \> **Organization profile**.
-
-2. Go to the **Release preferences** card, and then select **Edit**.
-
-3. Select either **Targeted release for everyone** or **Targeted release for selected users**. If you choose Targeted release for selected users, make sure that you add your admin account (and any other admins in your org who want to participate) to the list of selected users.
-
-### Admin center feedback
-
-While in the admin center, you can give Microsoft feedback about your experience by selecting **Give feedback** right next to the **Need help?** button at the bottom of every page. Tell us what you like and what we could do better. In addition, you may get pop-up surveys from time-to-time asking about your overall impressions or a particular experience that's newly released. You can also give feedback at the end of this article by selecting **Was this information helpful?**
-
--
-### Switch to the new admin center and back again
-
-While the new admin center is in preview, you can switch back and forth between the new admin center and the old admin center by using the toggle located at the top of the admin center Home page. The new admin center is fully functional and has all the capabilities of the old admin center.
-
-To try the new admin center, turn the toggle to <b>Try the preview</b>. The toggle will then show <b>Preview on</b>. Next time you sign in to the admin center, we'll remember your selection and sign you in to the new admin center.
-
-To go back to using the old admin center, turn the toggle from <b>Preview on</b> to the off position. Next time you sign in to the admin center, we'll sign you in to the old admin center.
---
-## Frequently asked questions
-
-Don't see your questions answered here? Go to the **Feedback** section at the bottom of this page and ask your question.
-
-## Can I do everything in the new admin center that I can do in the old admin center?
-
-Yes. The new admin center is fully functional and has all the capabilities of the old admin center.
-
-## Which Microsoft 365 plans are available to trial or buy?
-
-Microsoft 365 is a complete, intelligent solution that includes Office 365, Windows 10, and Enterprise Mobility + Security that empowers everyone to be creative and work together, securely. The following Microsoft 365 subscriptions are available in the admin center for you to try or buy now:
-
-- Microsoft 365 for business-- Microsoft 365 Enterprise E3-- Microsoft 365 Enterprise E5
-
-For more information, see [Try or buy a Microsoft 365 subscription](../commerce/try-or-buy-microsoft-365.md).
-
-## I found a bug or I want to request a feature enhancement. How do I let Microsoft know?
-
-We love to hear from you! Reporting bugs and sharing feedback helps us make the Microsoft 365 admin center better. To give feedback, select the **Feedback** button on the bottom of the page and use the form to send us your thoughts. Select the checkbox and confirm your email address if you want someone from the Microsoft 365 admin center team to follow up on your comments. We can't promise to follow up on every piece of feedback, but we're going to try!
-
-You can also give feedback from outside of the admin center on our UserVoice forum. You can use this page to make feature suggestions that can be voted on by other forum users: [UserVoice forum for the new admin center](https://go.microsoft.com/fwlink/?linkid=2024994).
-
-## What about the specific types of IT roles and other workspaces like Security, Device Management, or Exchange?
-
-The Microsoft 365 admin center is the common entry point for all teams and roles managing Microsoft 365. The experience, information, and controls are tailored and customizable for each admin and role. Additionally, specialist workspaces allow for deep, granular control. These specialist workspaces include SharePoint, Teams &amp; Skype, Exchange, Security, Compliance, Device Management, and Azure Active Directory. You can find the specialist workspaces from the navigation pane in the Microsoft 365 admin center at [https://admin.microsoft.com](https://go.microsoft.com/fwlink/?linkid=2024339).
-
-Updating all of the admin centers to have a coherent experience will take awhile, but you can learn more about the admin centers we've already started to makeover:
-
-- [Get started with the new SharePoint Admin Center](/sharepoint/get-started-new-admin-center)
-
-- [Manage Teams during the transition to the new Microsoft Teams &amp; Skype for Business Admin Center](/microsoftteams/manage-teams-skypeforbusiness-admin-center)
-
-- [Overview of Microsoft 365 Device Management](/mem/intune/fundamentals/what-is-device-management)
-
-- [Introducing the Microsoft 365 Security and Compliance Center](https://go.microsoft.com/fwlink/?linkid=2025413)-
-## What language options are available the Admin Center?
-
-The Microsoft 365 admin center is fully localized in 40 languages.
-
-|Language |Locale |
-|||
-|Arabic | ar |
-|Bulgarian | bg |
-|Catalan | ca |
-|Czech | cs |
-|Danish | da |
-|German | de |
-|Greek | el |
-|Spanish | es |
-|English | en |
-|Estonian | et |
-|Basque | eu |
-|Finnish | fi |
-|French | fr |
-|Galician | gl |
-|Hebrew | he |
-|Croatian | hr |
-|Hungarian | hu |
-|Indonesian | id |
-|Italian | it |
-|Japanese | ja |
-|Korean | ko |
-|Lithuanian | lt |
-|Latvian | lv |
-|Dutch | nl |
-|Norwegian | no |
-|Polish | pl |
-|Portuguese ( Brazil) | pt |
-|Portuguese (Portugal) | pt-pt |
-|Romanian | ro |
-|Russian | ru |
-|Slovak | sk |
-|Slovenian | sl |
-|Serbian (Cyrillic) | sr-cyrl |
-|Serbian Latin | sr |
-|Swedish | sv |
-|Thai | th |
-|Turkish | tr |
-|Ukrainian | uk |
-|Vietnamese | vi |
-|Chinese Simplified | zh-hans |
-|Chinese Traditional | zh-hant |
-
admin Whats New In Preview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/whats-new-in-preview.md
::: moniker-end
-We're continuously adding new features to [the Microsoft 365 admin center](microsoft-365-admin-center-preview.md), fixing issues we learn about, and making changes based on your feedback. Take a look below to see what's available for you today. Some features get rolled out at different speeds to our customers. If you aren't seeing a feature yet, [try adding yourself to targeted release](manage/release-options-in-office-365.md).
+We're continuously adding new features to [the Microsoft 365 admin center](https://docs.microsoft.com/microsoft-365/business-video/admin-center-overview), fixing issues we learn about, and making changes based on your feedback. Take a look below to see what's available for you today. Some features get rolled out at different speeds to our customers. If you aren't seeing a feature yet, [try adding yourself to targeted release](manage/release-options-in-office-365.md).
And if you'd like to know what's new with other Microsoft cloud
And if you'd like to know what's new with other Microsoft cloud
- [What's new in Microsoft 365 Defender](../security/mtp/whats-new.md) - [What's new in the SharePoint admin center](/sharepoint/what-s-new-in-admin-center) - [Office updates](/OfficeUpdates/)
+- [How to check Windows release health](https://docs.microsoft.com/windows/deployment/update/check-release-health)
## Ignite 2021 (March)
business-video Admin Center Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/admin-center-overview.md
Title: "Microsoft 365 admin center - Overview" f1.keywords: - NOCSH--++ audience: Admin
description: "Learn more about the Microsoft 365 admin center."
The Microsoft 365 admin center is where you manage your business in the cloud. You can complete such tasks as adding and removing users, changing licenses, and resetting passwords.
+Specialist workspaces, like Security or Device management, allow for more granular control. For more information about how the admin centers work together, see [What about the specific types of IT roles and other workspaces like Security, Device Management, or Exchange?](#what-about-the-specific-types-of-it-roles-and-other-workspaces-like-security-device-management-or-exchange) in this article.
+ To get to the Microsoft 365 admin center, go to [admin.microsoft.com](https://admin.microsoft.com) or, if you're already signed in, select the app launcher, and choose **Admin**. On the home page, you can create cards for tasks that you perform frequently. To add a new card, select **Add card**, then select the plus sign next to the card you want to add. When you are finished, close the window. You can rearrange the cards by selecting and then dragging them to where you want. To remove a card, select **More actions**, and then choose **Remove**.
To enable more features that come with your subscription, select **Setup**. Here
If you need support at any time, choose **Need help**. Enter your question, then check out the links that appear. If you don't get your answer here, choose **Contact support** to open a service request. For more information on managing billing, passwords, users, and admins, see the other lessons in this course.+
+## Who is an admin?
+
+By default, the person who signs up for and buys an Microsoft 365 for business subscription gets admin permissions. That person can assign admin permissions to other people to help them manage Microsoft 365 for their organization.
+
+If you get the message "**You don't have permission to access this page or perform this action**," you aren't an admin.
+<br><br>
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/3a4e19ee-1a2a-473f-8995-06de0052c169?autoplay=false]
+
+### Who has admin permissions in my business?
+<a name="bkmk_admin"> </a>
+
+When looking for your admin to reset your password, delete an account, or do other tasks, here's who you should contact:
+
+- **Universities and schools**: Contact your technical support team. Usually you can find a link on your university site. At smaller schools, there may be just a few individuals who have admin permissions.
+
+- **Large businesses**: Contact your internal help desk / technical support.
+
+- **Small businesses**: Contact the business owner / co-owner. Often they give admin permissions to their IT consultant who does all the computer maintenance work for their business.
+
+If you have no idea who to contact at your work or school for help, try asking the person who gave you your user account and password.
+
+> [!NOTE]
+> Targeted release admins have first access to new features. New features later roll out to all admins. This means that you might not see the admin center, or it might look different than what is described in help articles. To be among the first to see new features, see Participate in the admin center, below.
+
+## Turn on Targeted release
+
+1. Sign in at [admin.microsoft.com](https://admin.microsoft.com), go to the navigation pane and select **Settings** \> **Organization profile**.
+
+2. Go to the **Release preferences** card, and then select **Edit**.
+
+3. Select either **Targeted release for everyone** or **Targeted release for selected users**. If you choose Targeted release for selected users, make sure that you add your admin account (and any other admins in your org who want to participate) to the list of selected users.
+
+## Admin center feedback
+
+While in the admin center, you can give Microsoft feedback about your experience by selecting **Give feedback** right next to the **Need help?** button at the bottom of every page. Tell us what you like and what we could do better. In addition, you may get pop-up surveys from time-to-time asking about your overall impressions or a particular experience that's newly released. You can also give feedback at the end of this article by selecting **Was this information helpful?**
+
+## Frequently asked questions
+
+Don't see your questions answered here? Go to the **Feedback** section at the bottom of this page and ask your question.
+
+### Which Microsoft 365 plans are available to trial or buy?
+
+Microsoft 365 is a complete, intelligent solution that includes Office 365, Windows 10, and Enterprise Mobility + Security that empowers everyone to be creative and work together, securely. The following Microsoft 365 subscriptions are available in the admin center for you to try or buy now:
+
+- Microsoft 365 for business
+- Microsoft 365 Enterprise E3
+- Microsoft 365 Enterprise E5
+
+For more information, see [Try or buy a Microsoft 365 subscription](../commerce/try-or-buy-microsoft-365.md).
+
+### I found a bug or I want to request a feature enhancement. How do I let Microsoft know?
+
+We love to hear from you! Reporting bugs and sharing feedback helps us make the Microsoft 365 admin center better. To give feedback, select the **Feedback** button on the bottom of the page and use the form to send us your thoughts. Select the checkbox and confirm your email address if you want someone from the Microsoft 365 admin center team to follow up on your comments. We can't promise to follow up on every piece of feedback, but we're going to try!
+
+You can also give feedback from outside of the admin center on our UserVoice forum. You can use this page to make feature suggestions that can be voted on by other forum users: [UserVoice forum for the new admin center](https://go.microsoft.com/fwlink/?linkid=2024994).
+
+### What about the specific types of IT roles and other workspaces like Security, Device Management, or Exchange?
+
+The Microsoft 365 admin center is the common entry point for all teams and roles managing Microsoft 365. The experience, information, and controls are tailored and customizable for each admin and role. Additionally, specialist workspaces allow for deep, granular control. These specialist workspaces include SharePoint, Teams &amp; Skype, Exchange, Security, Compliance, Device Management, and Azure Active Directory. You can find the specialist workspaces from the navigation pane in the Microsoft 365 admin center at [https://admin.microsoft.com](https://go.microsoft.com/fwlink/?linkid=2024339).
+
+### What language options are available the Admin Center?
+
+The Microsoft 365 admin center is fully localized in 40 languages.
+
+|Language |Locale |
+|||
+|Arabic | ar |
+|Bulgarian | bg |
+|Catalan | ca |
+|Czech | cs |
+|Danish | da |
+|German | de |
+|Greek | el |
+|Spanish | es |
+|English | en |
+|Estonian | et |
+|Basque | eu |
+|Finnish | fi |
+|French | fr |
+|Galician | gl |
+|Hebrew | he |
+|Croatian | hr |
+|Hungarian | hu |
+|Indonesian | id |
+|Italian | it |
+|Japanese | ja |
+|Korean | ko |
+|Lithuanian | lt |
+|Latvian | lv |
+|Dutch | nl |
+|Norwegian | no |
+|Polish | pl |
+|Portuguese ( Brazil) | pt |
+|Portuguese (Portugal) | pt-pt |
+|Romanian | ro |
+|Russian | ru |
+|Slovak | sk |
+|Slovenian | sl |
+|Serbian (Cyrillic) | sr-cyrl |
+|Serbian Latin | sr |
+|Swedish | sv |
+|Thai | th |
+|Turkish | tr |
+|Ukrainian | uk |
+|Vietnamese | vi |
+|Chinese Simplified | zh-hans |
+|Chinese Traditional | zh-hant |
+
business Manage Protected Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business/manage-protected-devices.md
- MiniMaven - MSB365 - seo-marvel-mar-- AdminSurgePortfolio search.appverid: - BCS160 - MET150
compliance Archive Bloomberg Message Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-bloomberg-message-data.md
localization_priority: Normal
-description: "Administrators can set up a data connector to import and archive data from the Bloomberg Message email tool into Microsoft 365. This lets you archive data from third-party data sources in Microsoft 365 so you can use compliance features such as legal hold, Content Search, and retention policies to manage your organization's third-party data."
+description: "Administrators can set up a data connector to import and archive data from the Bloomberg Message email tool in Microsoft 365. This lets you archive data from third-party data sources in Microsoft 365 so you can use compliance features such as legal hold, Content Search, and retention policies to manage your organization's third-party data."
# Set up a connector to archive Bloomberg Message data
The following overview explains the process of using a connector to archive Bloo
3. The Bloomberg Message connector that you create in the Microsoft 365 compliance center connects to the Bloomberg SFTP site every day and transfers the email messages from the previous 24 hours to a secure Azure Storage area in the Microsoft Cloud.
-4. The connector imports the email message items to the mailbox of a specific user. A new folder named BloombergMessage is created in the specific user's mailbox and the items will be imported to it.
+4. The connector imports the email message items to the mailbox of a specific user. A new folder named BloombergMessage is created in the specific user's mailbox and the items will be imported to it.
The connector does this by using the value of the CorporateEmailAddress property. Every email message contains this property, which is populated with the email address of every participant of the email message. In addition to automatic user mapping using the value of the *CorporateEmailAddress* property, you can also define a custom mapping by uploading a CSV mapping file. This mapping file contains a Bloomberg UUID and the corresponding Microsoft 365 mailbox address for each user in your organization. If you enable automatic user mapping and provide a custom mapping, for every email item the connector will first look at the custom-mapping file. If it doesn't find a valid Microsoft 365 user that corresponds to a user's Bloomberg UUID, the connector uses the *CorporateEmailAddress* property of the email item. If the connector doesn't find a valid Microsoft 365 user in either the custom-mapping file or the *CorporateEmailAddress* property of the email item, the item won't be imported.
-## Before you begin
+## Before you set up a connector
Some of the implementation steps required to archive Bloomberg Message data are external to Microsoft 365 and must be completed before you can create the connector in the compliance center.
+- To set up a Bloomberg Message connector, you have to use keys and key passphrases for Pretty Good Privacy (PGP) and Secure Shell (SSH). These keys are used to configure the Bloomberg SFTP site and used by the connector to connect to the Bloomberg SFTP site to import data to Microsoft 365. The PGP key is used to configure the encryption of data that's transferred from the Bloomberg SFTP site to Microsoft 365. The SSH key is used to configure secure shell to enable a secure remote login when the connector connects to the Bloomberg SFTP site.
+
+ When setting up a connector, you have the option to use public keys and key passphrases provided by Microsoft or you can use your own private keys and passphrases. We recommend that you use the public keys provided by Microsoft. However, if your organization has already configured a Bloomberg SFTP site using private keys, then you can create a connector using these same private keys.
+ - Subscribe to [Bloomberg Anywhere](https://www.bloomberg.com/professional/product/remote-access/?bbgsum-page=DG-WS-PROF-PROD-BBA). This is required so that you can log in to Bloomberg Anywhere to access the Bloomberg SFTP site that you have to set up and configure. - Set up a Bloomberg SFTP (Secure file transfer protocol) site. After working with Bloomberg to set up the SFTP site, data from Bloomberg Message is uploaded to the SFTP site every day. The connector you create in Step 2 connects to this SFTP site and transfers the email data to Microsoft 365 mailboxes. SFTP also encrypts the Bloomberg Message data that is sent to mailboxes during the transfer process.
Some of the implementation steps required to archive Bloomberg Message data are
- Contact [Bloomberg customer support](https://service.bloomberg.com/portal/sessions/new?utm_source=bloomberg-menu&utm_medium=csc).
- > [!NOTE]
- > If your organization already deployed a connector to archive Instant Bloomberg data, you don't need to set up another SFTP site. You can use the same SFTP site for the Bloomberg Message connector.
- - After you work with Bloomberg to set up an SFTP site, Bloomberg will provide some information to you after you respond to the Bloomberg implementation email message. Save a copy of the following information. You use it to set up a connector in Step 3. - Firm code, which is an ID for your organization and is used to log in to the Bloomberg SFTP site.
Some of the implementation steps required to archive Bloomberg Message data are
- The user who creates a Bloomberg Message connector in Step 3 (and who downloads the public keys and IP address in Step 1) must be assigned the Mailbox Import Export role in Exchange Online. This is required to add connectors in the **Data connectors** page in the Microsoft 365 compliance center. By default, this role isn't assigned to any role group in Exchange Online. You can add the Mailbox Import Export role to the Organization Management role group in Exchange Online. Or you can create a role group, assign the Mailbox Import Export role, and then add the appropriate users as members. For more information, see the [Create role groups](/Exchange/permissions-exo/role-groups#create-role-groups) or [Modify role groups](/Exchange/permissions-exo/role-groups#modify-role-groups) sections in the article "Manage role groups in Exchange Online".
-## Step 1: Obtain SSH and PGP public keys
+## Set up a connector using public keys
-The first step is to obtain a copy of the public keys for Secure Shell (SSH) and Pretty Good Privacy (PGP). You use these keys in Step 2 to configure the Bloomberg SFTP site to allow the connector (that you create in Step 3) to connect to the SFTP site and transfer the Bloomberg Message email data to Microsoft 365 mailboxes. You also obtain an IP address in this step, which you use when configuring the Bloomberg SFTP site.
+The steps in this section show you how to set up a Bloomberg Message connector using the public keys for Pretty Good Privacy (PGP) and Secure Shell (SSH).
-1. Go to [https://compliance.microsoft.com\](https://compliance.microsoft.com) and click **Data connectors** in the left nav.
+### Step 1: Obtain PGP and SSH public keys
+
+The first step is to obtain a copy of the PGP and SSH public keys. You use these keys in Step 2 to configure the Bloomberg SFTP site to allow the connector (that you create in Step 3) to connect to the SFTP site and transfer the Bloomberg Message email data to Microsoft 365 mailboxes. You also obtain an IP address in this step, which you use when configuring the Bloomberg SFTP site.
+
+1. Go to <https://compliance.microsoft.com> and click **Data connectors** in the left nav.
2. On the **Data connectors** page under **Bloomberg Message**, click **View**.
The first step is to obtain a copy of the public keys for Secure Shell (SSH) and
4. On the **Terms of service** page, click **Accept**.
-5. On the **Add credentials for Bloomberg SFTP site** under step 1, click the **Download SSH key**, **Download PGP key**, and **Download IP address** links to save a copy of each file to your local computer. These files contain the following items that are used to configure the Bloomberg SFTP site in Step 2:
+5. On the **Add credentials for content source** page, click **I want to use PGP and SSH public keys provided by Microsoft**.
+
+ ![Select the option to use public keys](../media/BloombergMessagePublicKeysOption.png)
+
+6. Under step 1, click the **Download SSH key**, **Download PGP key**, and **Download IP address** links to save a copy of each file to your local computer.
- - SSH public key: This key is used to configure Secure Shell (SSH) to enable a secure remote login when the connector connects to the Bloomberg SFTP site.
+ ![Links to download public keys and IP address](../media/BloombergMessagePublicKeyDownloadLinks.png)
+
+ These files contain the following items that are used to configure the Bloomberg SFTP site in Step 2:
- PGP public key: This key is used to configure the encryption of data that's transferred from the Bloomberg SFTP site to Microsoft 365.
- - IP address: The Bloomberg SFTP site is configured to accept a connection request only from this IP address, which is used by the Bloomberg Message connector that you create in Step 3.
+ - SSH public key: This key is used to configure secure shell to enable a secure remote login when the connector connects to the Bloomberg SFTP site.
+
+ - IP address: The Bloomberg SFTP site is configured to accept connection requests from this IP address. The same IP address is used by the Bloomberg Message connector to connect to the SFTP site and transfer Bloomberg Message data to Microsoft 365.
-6. Click **Cancel** to close the wizard. You come back to this wizard in Step 3 to create the connector.
+7. Click **Cancel** to close the wizard. You come back to this wizard in Step 3 to create the connector.
-## Step 2: Configure the Bloomberg SFTP site
+### Step 2: Configure the Bloomberg SFTP site
> [!NOTE]
-> As previously stated, if you're organization has previously set up a Bloomberg SFTP site to archive Instant Bloomberg data, you don't have to set up another one. You can specify the same SFTP site when you create the connector in Step 3.
+> If your organization has previously set up a Bloomberg SFTP site to archive Instant Bloomberg data using public PGP and SSH keys, you don't have to set up another one. You can specify the same SFTP site when you create the connector in Step 3.
-The next step is to use the SSH and PGP public keys and the IP address that you obtained in Step 1 to configure SSH authentication and PGP encryption for the Bloomberg SFTP site. This lets the Bloomberg Message connector that you create in Step 3 connect to the Bloomberg SFTP site and transfer Bloomberg Message data to Microsoft 365. You need to work with Bloomberg customer support to set up your Bloomberg SFTP site. Contact [Bloomberg customer support](https://service.bloomberg.com/portal/sessions/new?utm_source=bloomberg-menu&utm_medium=csc) for assistance.
+The next step is to use the PGP and SSH public keys and the IP address that you obtained in Step 1 to configure PGP encryption and SSH authentication for the Bloomberg SFTP site. This lets the Bloomberg Message connector that you create in Step 3 connect to the Bloomberg SFTP site and transfer Bloomberg Message data to Microsoft 365. You need to work with Bloomberg customer support to set up your Bloomberg SFTP site. Contact [Bloomberg customer support](https://service.bloomberg.com/portal/sessions/new?utm_source=bloomberg-menu&utm_medium=csc) for assistance.
> [!IMPORTANT] > Bloomberg recommends that you attach the three files that you downloaded in Step 1 to an email message and send it to their customer support team when working with them to set up your Bloomberg SFTP site.
-## Step 3: Create a Bloomberg Message connector
+### Step 3: Create a Bloomberg Message connector
The last step is to create a Bloomberg Message connector in the Microsoft 365 compliance center. The connector uses the information you provide to connect to the Bloomberg SFTP site and transfer email messages to the corresponding user mailbox boxes in Microsoft 365.
-1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com) and click **Data connectors** in the left nav.
+1. Go to <https://compliance.microsoft.com> and click **Data connectors** in the left nav.
+
+2. On the **Data connectors** page under **Bloomberg Message**, click **View**.
+
+3. On the **Bloomberg Message** product description page, click **Add connector**
+
+4. On the **Terms of service** page, click **Accept**.
+
+5. On the **Add credentials for content source** page, click **I want to use PGP and SSH public keys provided by Microsoft**.
+
+6. Under Step 3, enter the required information in the following boxes and then click **Validate connection**.
+
+ - **Name:** The name for the connector. It must be unique in your organization.
+
+ - **Firm code:** The ID for your organization that is used as the username for the Bloomberg SFTP site.
+
+ - **Password:** The password for your organization's Bloomberg SFTP site.
+
+ - **SFTP URL:** The URL for the Bloomberg SFTP site (for example, `sftp.bloomberg.com`). You can also use an IP address for this value.
+
+ - **SFTP port:** The port number for the Bloomberg SFTP site. The connector uses this port to connect to the SFTP site.
+
+7. After the connection is successfully validated, click **Next**.
+
+8. On the **Map Bloomberg Message users to Microsoft 365 users** page, enable automatic user mapping and provide custom user mapping as required.
+
+ > [!NOTE]
+ > The connector imports message items to the mailbox of a specific user. A new folder named **BloombergMessage** is created in the specific user's mailbox and the items will be imported to it. The connector does by using the value of the *CorporateEmailAddress* property. Every chat message contains this property, and the property is populated with the email address of every participant of the chat message. In addition to automatic user mapping using the value of the *CorporateEmailAddress* property, you can also define custom mapping by uploading a CSV mapping file. The mapping file should contain the Bloomberg UUID and corresponding Microsoft 365 mailbox address for each user. If you enable automatic user mapping and provide a custom mapping, for every message item the connector will first look at custom mapping file. If it doesn't find a valid Microsoft 365 user that corresponds to a user's Bloomberg UUID, the connector will use the *CorporateEmailAddress* property of the chat item. If the connector doesn't find a valid Microsoft 365 user in either the custom mapping file or the *CorporateEmailAddress* property of the message item, the item won't be imported.
+
+9. Click **Next**, review your settings, and then click **Finish** to create the connector.
+
+10. Go to the **Data connectors** page to see the progress of the import process for the new connector. Click the connector to display the flyout page, which contains information about the connector.
+
+## Set up a connector using private keys
+
+The steps in this section show you how to set up a Bloomberg Message connector using PGP and SSH private keys. This connector setup option is intended for organizations that have already configured a Bloomberg SFTP site using private keys.
+
+### Step 1: Obtain an IP address to configure the Bloomberg SFTP site
+
+> [!NOTE]
+> If your organization has previously configured a Bloomberg SFTP site to archive Instant Bloomberg data using PGP and SSH private keys, you don't have to configure another one. You can specify the same SFTP site when you create the connector in Step 2.
+
+If your organization has used PGP and SSH private keys to set up a Bloomberg SFTP site, then you have to obtain an IP address and provide it to Bloomberg customer support. The Bloomberg SFTP site must be configured to accept connection requests from this IP address. The same IP address is used by the Bloomberg Message connector to connect to the SFTP site and transfer Bloomberg Message data to Microsoft 365.
+
+To obtain the IP address:
+
+1. Go to <https://compliance.microsoft.com> and click **Data connectors** in the left nav.
+
+2. On the **Data connectors** page under **Bloomberg Message**, click **View**.
+
+3. On the **Bloomberg Message** product description page, click **Add connector**
+
+4. On the **Terms of service** page, click **Accept**.
+
+5. On the **Add credentials for content source** page, click **I want to use PGP and SSH private keys**.
+
+6. Under step 1, click **Download IP address** to save a copy of the IP address file to your local computer.
+
+ ![Download the IP address](../media/BloombergMessageConnectorIPAddress.png)
+
+7. Click **Cancel** to close the wizard. You come back to this wizard in Step 2 to create the connector.
+
+You need to work with Bloomberg customer support to configure your Bloomberg SFTP site to accept connection requests from this IP address. Contact [Bloomberg customer support](https://service.bloomberg.com/portal/sessions/new?utm_source=bloomberg-menu&utm_medium=csc) for assistance.
+
+### Step 2: Create a Bloomberg Message connector
+
+After your Bloomberg SFTP site is configured, the next step is to create a Bloomberg Message connector in the Microsoft 365 compliance center. The connector uses the information you provide to connect to the Bloomberg SFTP site and transfer email messages to the corresponding user mailbox boxes in Microsoft 365. To complete this step, be sure to have copies of the same private keys and key passphrases that you used to set up your Bloomberg SFTP site.
+
+1. Go to <https://compliance.microsoft.com> and click **Data connectors** in the left nav.
2. On the **Data connectors** page under **Bloomberg Message**, click **View**.
The last step is to create a Bloomberg Message connector in the Microsoft 365 co
4. On the **Terms of service** page, click **Accept**.
-5. On the **Add credentials for Bloomberg SFTP site** page, under Step 3, enter the required information in the following boxes and then click **Next**.
+5. On the **Add credentials for content source** page, click **I want to use PGP and SSH private keys**.
+
+ ![Select the option to use private keys](../media/BloombergMessagePrivateKeysOption.png)
+
+6. Under Step 3, enter the required information in the following boxes and then click **Validate connection**.
+
+ - **Name:** The name for the connector. It must be unique in your organization.
- **Firm code:** The ID for your organization that is used as the username for the Bloomberg SFTP site. - **Password:** The password for your organization's Bloomberg SFTP site.
- - **SFTP URL:** The URL for the Bloomberg SFTP site (for example, sftp.bloomberg.com).
+ - **SFTP URL:** The URL for the Bloomberg SFTP site (for example, `sftp.bloomberg.com`). You can also use an IP address for this value.
- **SFTP port:** The port number for the Bloomberg SFTP site. The connector uses this port to connect to the SFTP site.
-6. On the **User-mapping** page, enable automatic user mapping and provide custom user mapping as required
+ - **PGP private key:** The PGP private key for the Bloomberg SFTP site. Be sure to include the entire private key value, including the beginning and ending lines of the key block.
+
+ - **PGP key passphrase:** The passphrase for the PGP private key.
+
+ - **SSH private key:** The SSH private key for the Bloomberg SFTP site. Be sure to include the entire private key value, including the beginning and ending lines of the key block.
+
+ - **SSH key passphrase:** The passphrase for the SSH private key.
+
+7. After the connection is successfully validated, click **Next**.
+
+8. On the **Map Bloomberg Message users to Microsoft 365 users** page, enable automatic user mapping and provide custom user mapping as required.
+
+ > [!NOTE]
+ > The connector imports message items to the mailbox of a specific user. A new folder named **BloombergMessage** is created in the specific user's mailbox and the items will be imported to it. The connector does by using the value of the *CorporateEmailAddress* property. Every chat message contains this property, and the property is populated with the email address of every participant of the chat message. In addition to automatic user mapping using the value of the *CorporateEmailAddress* property, you can also define custom mapping by uploading a CSV mapping file. The mapping file should contain the Bloomberg UUID and corresponding Microsoft 365 mailbox address for each user. If you enable automatic user mapping and provide a custom mapping, for every message item the connector will first look at custom mapping file. If it doesn't find a valid Microsoft 365 user that corresponds to a user's Bloomberg UUID, the connector will use the *CorporateEmailAddress* property of the chat item. If the connector doesn't find a valid Microsoft 365 user in either the custom mapping file or the *CorporateEmailAddress* property of the message item, the item won't be imported.
-7. Click **Next**, review your settings, and then click prepare to create the connector.
+9. Click **Next**, review your settings, and then click **Finish** to create the connector.
-8. Go to the **Data connectors** page to see the progress of the import process for the new connector.
+10. Go to the **Data connectors** page to see the progress of the import process for the new connector. Click the connector to display the flyout page, which contains information about the connector.
## Known issues -- Threading of Bloomberg Message email imported to Microsoft 365 isn't supported. Individual messages sent to a person are imported, but they aren't presented in a threaded conversation. Microsoft is working to support threading in later versions of the Bloomberg Message data connector.
+- Threading of Bloomberg Message email imported to Microsoft 365 isn't supported. Individual messages sent to a person are imported, but they aren't presented in a threaded conversation. Microsoft is working to support threading in later versions of the Bloomberg Message data connector.
compliance Archive Icechat Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-icechat-data.md
The following overview explains the process of using a connector to archive ICE
In addition to automatic user mapping that uses the values of the *SenderEmail* and *RecipientEmail* property (which means that the connector imports a chat message to the sender's mailbox and the mailboxes of every recipient), you can also define custom user mapping by uploading a CSV mapping file. This mapping file contains the ICE Chat *ImId* and the corresponding Microsoft 365 mailbox address for every user in your organization. If you enable automatic user mapping and provide a custom-mapping file, for every chat item the connector will first look at the custom-mapping file. If it doesn't find a valid Microsoft 365 user account that corresponds to a user's ICE Chat ImId, the connector will use the *SenderEmail* and *RecipientEmail* properties of the chat item to import the item to the mailboxes of the chat participants. If the connector doesn't find a valid Microsoft 365 user in either the custom-mapping file or the *SenderEmail* and *RecipientEmail* properties, the item won't be imported.
-## Before you begin
+## Before you set up a connector
Some of the implementation steps required to archive ICE Chat data are external to Microsoft 365 and must be completed before you can create the connector in the compliance center.
Some of the implementation steps required to archive ICE Chat data are external
- You must set up an ICE Chat SFTP site before creating the connector in Step 3. After working with ICE Chat to set up the SFTP site, data from ICE Chat is uploaded to the SFTP site every day. The connector you create in Step 3 connects to this SFTP site and transfers the chat data to Microsoft 365 mailboxes. SFTP also encrypts the ICE Chat data that's sent to mailboxes during the transfer process.
+- To set up an ICE Chat connector, you have to use keys and key passphrases for Pretty Good Privacy (PGP) and Secure Shell (SSH). These keys are used to configure the ICE Chat SFTP site and used by the connector to connect to the ICE Chat SFTP site to import data to Microsoft 365. The PGP key is used to configure the encryption of data that's transferred from the ICE Chat SFTP site to Microsoft 365. The SSH key is used to configure secure shell to enable a secure remote login when the connector connects to the ICE Chat SFTP site.
+
+ When setting up a connector, you have the option to use public keys and key passphrases provided by Microsoft or you can use your own private keys and passphrases. We recommend that you use the public keys provided by Microsoft. However, if your organization has already configured an ICE Chat SFTP site using private keys, then you can create a connector using these same private keys.
+ - The ICE Chat connector can import a total of 200,000 items in a single day. If there are more than 200,000 items on the SFTP site, none of those items will be imported to Microsoft 365. - The admin who creates the ICE Chat connector in Step 3 (and who downloads the public keys and IP address in Step 1) must be assigned the Mailbox Import Export role in Exchange Online. This role is required to add connectors on the **Data connectors** page in the Microsoft 365 compliance center. By default, this role isn't assigned to any role group in Exchange Online. You can add the Mailbox Import Export role to the Organization Management role group in Exchange Online. Or you can create a role group, assign the Mailbox Import Export role, and then add the appropriate users as members. For more information, see the [Create role groups](/Exchange/permissions-exo/role-groups#create-role-groups) or [Modify role groups](/Exchange/permissions-exo/role-groups#modify-role-groups) sections in the article "Manage role groups in Exchange Online".
-## Step 1: Obtain SSH and PGP public keys
+## Set up a connector using public keys
+
+The steps in this section show you how to set up an ICE Chat connector using the public keys for Pretty Good Privacy (PGP) and Secure Shell (SSH).
+
+### Step 1: Obtain PGP and SSH public keys
-The first step is to obtain a copy of the public keys for Secure Shell (SSH) and Pretty Good Privacy (PGP). You use these keys in Step 2 to configure the ICE Chat SFTP site to allow the connector (that you create in Step 3) to connect to the SFTP site and transfer the ICE Chat data to Microsoft 365 mailboxes. You will also obtain an IP address in this step, which you use when configuring the ICE Chat SFTP site.
+The first step is to obtain a copy of the public keys for Pretty Good Privacy (PGP) and Secure Shell (SSH). You use these keys in Step 2 to configure the ICE Chat SFTP site to allow the connector (that you create in Step 3) to connect to the SFTP site and transfer the ICE Chat data to Microsoft 365 mailboxes. You will also obtain an IP address in this step, which you use when configuring the ICE Chat SFTP site.
1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com) and click **Data connectors** in the left nav.
The first step is to obtain a copy of the public keys for Secure Shell (SSH) and
4. On the **Terms of service** page, click **Accept**.
-5. On the **Add credentials for ICE Chat SFTP site** page under step 1, click the **Download SSH key**, **Download PGP key**, and **Download IP address** links to save a copy of each file to your local computer. These files contain the following items that are used to configure the ICE Chat SFTP site in Step 2:
+5. On the **Add credentials for content source** page, click **I want to use PGP and SSH public keys provided by Microsoft**.
- - SSH public key: This key is used to configure Secure SSH to enable a secure remote login when the connector connects to the ICE Chat SFTP site.
+ ![Select the option to use public keys](../media/ICEChatPublicKeysOption.png)
+
+6. Under step 1, click the **Download SSH key**, **Download PGP key**, and **Download IP address** links to save a copy of each file to your local computer.
+
+ ![Links to download public keys and IP address](../media/ICEChatPublicKeyDownloadLinks.png)
+
+ These files contain the following items that are used to configure the ICE Chat SFTP site in Step 2:
- PGP public key: This key is used to configure the encryption of data that's transferred from the ICE Chat SFTP site to Microsoft 365.
+ - SSH public key: This key is used to configure Secure SSH to enable a secure remote login when the connector connects to the ICE Chat SFTP site.
+ - IP address: The ICE Chat SFTP site is configured to accept a connection request only from this IP address, which is used by the ICE Chat connector that you create in Step 3.
-6. Click **Cancel** to close the wizard. You come back to this wizard in Step 3 to create the connector.
+7. Click **Cancel** to close the wizard. You come back to this wizard in Step 3 to create the connector.
-## Step 2: Configure the ICE Chat SFTP site
+### Step 2: Configure the ICE Chat SFTP site
-The next step is to use the SSH and PGP public keys and the IP address that you obtained in Step 1 to configure SSH authentication and PGP encryption for the ICE Chat SFTP site. This lets the ICE Chat connector that you create in Step 3 connect to the ICE Chat SFTP site and transfer ICE Chat data to Microsoft 365. You need to work with ICE Chat customer support to set up your ICE Chat SFTP site.
+The next step is to use the PGP and SSH public keys and the IP address that you obtained in Step 1 to configure PGP encryption and SSH authentication for the ICE Chat SFTP site. This lets the ICE Chat connector that you create in Step 3 connect to the ICE Chat SFTP site and transfer ICE Chat data to Microsoft 365. You need to work with ICE Chat customer support to set up your ICE Chat SFTP site.
-## Step 3: Create an ICE Chat connector
+### Step 3: Create an ICE Chat connector
The last step is to create an ICE Chat connector in the Microsoft 365 compliance center. The connector uses the information you provide to connect to the ICE Chat SFTP site and transfer chat messages to the corresponding user mailbox boxes in Microsoft 365.
The last step is to create an ICE Chat connector in the Microsoft 365 compliance
4. On the **Terms of service** page, click **Accept**.
-5. On the **Add credentials for ICE Chat SFTP site** page, under Step 3, enter the required information in the following boxes and then click **Validate connection**.
+5. On the **Add credentials for content source** page, click **I want to use PGP and SSH public keys**.
+
+6. Under Step 3, enter the required information in the following boxes and then click **Validate connection**.
- **Firm code:** The ID for your organization, which is used as the username for the ICE Chat SFTP site. - **Password:** The password for your ICE Chat SFTP site.
- - **SFTP URL:** The URL for the ICE Chat SFTP site (for example, sftp.theice.com).
+ - **SFTP URL:** The URL for the ICE Chat SFTP site (for example, `sftp.theice.com`). You can also use an IP address for this value.
- **SFTP port:** The port number for the ICE Chat SFTP site. The connector uses this port to connect to the SFTP site.
-6. After the connection is validated, click **Next**.
+7. After the connection is successfully validated, click **Next**.
+
+8. On the **Map external users to Microsoft 365 users** page, enable automatic user mapping and provide custom user mapping as required. You can download a copy of the user-mapping CSV file on this page. You can add the user mappings to the file and then upload it.
+
+ > [!NOTE]
+ > As previously explained, custom mapping file CSV file contains the ICE Chat imid and corresponding Microsoft 365 mailbox address for each user. If you enable automatic user mapping and provide a custom mapping, for every chat item, the connector will first look at custom mapping file. If it doesn't find a valid Microsoft 365 user that corresponds to a user's ICE Chat imid, the connector will import the item to the mailboxes for the users specified in the *SenderEmail* and *RecipientEmail* properties of the chat item. If the connector doesn't find a valid Microsoft 365 user by either automatic or custom user mapping, the item won't be imported.
+
+9. Click **Next**, review your settings, and then click **Finish** to create the connector.
+
+10. Go to the **Data connectors** page to see the progress of the import process for the new connector.
+
+## Set up a connector using private keys
+
+The steps in this section show you how to set up an ICE Chat connector using PGP and SSH private keys. This connector setup option is intended for organizations that have already configured an ICE Chat SFTP site using private keys.
+
+### Step 1: Obtain an IP address to configure the ICE Chat SFTP site
+
+If your organization has used PGP and SSH private keys to set up an ICE Chat SFTP site, then you have to obtain an IP address and provide it to ICE Chat customer support. The ICE Chat SFTP site must be configured to accept connection requests from this IP address. The same IP address is used by the ICE Chat connector to connect to the SFTP site and transfer ICE Chat data to Microsoft 365.
+
+To obtain the IP address:
+
+1. Go to <https://compliance.microsoft.com> and click **Data connectors** in the left nav.
+
+2. On the **Data connectors** page under **ICE Chat**, click **View**.
+
+3. On the **ICE Chat** product description page, click **Add connector**
+
+4. On the **Terms of service** page, click **Accept**.
+
+5. On the **Add credentials for content source** page, click **I want to use PGP and SSH private keys**.
+
+ ![Select the option to use private keys](../media/ICEChatPrivateKeysOption.png)
+
+6. Under step 1, click **Download IP address** to save a copy of the IP address file to your local computer.
+
+ ![Download the IP address](../media/ICEChatConnectorIPAddress.png)
+
+7. Click **Cancel** to close the wizard. You come back to this wizard in Step 2 to create the connector.
+
+You need to work with ICE Chat customer support to configure your ICE Chat SFTP site to accept connection requests from this IP address.
+
+### Step 2: Create an ICE Chat connector
+
+After your ICE Chat SFTP site is configured, the next step is to create an ICE Chat connector in the Microsoft 365 compliance center. The connector uses the information you provide to connect to the ICE Chat SFTP site and transfer email messages to the corresponding user mailbox boxes in Microsoft 365. To complete this step, be sure to have copies of the same private keys and key passphrases that you used to set up your ICE Chat SFTP site.
+
+1. Go to <https://compliance.microsoft.com> and click **Data connectors** in the left nav.
+
+2. On the **Data connectors** page under **ICE Chat**, click **View**.
+
+3. On the **ICE Chat** product description page, click **Add connector**
+
+4. On the **Terms of service** page, click **Accept**.
+
+5. On the **Add credentials for content source** page, click **I want to use PGP and SSH private keys**.
+
+6. Under Step 3, enter the required information in the following boxes and then click **Validate connection**.
+
+ - **Name:** The name for the connector. It must be unique in your organization.
+
+ - **Firm code:** The ID for your organization that is used as the username for the ICE Chat SFTP site.
+
+ - **Password:** The password for your organization's ICE Chat SFTP site.
+
+ - **SFTP URL:** The URL for the ICE Chat SFTP site (for example, `sftp.theice.com`). You can also use an IP address for this value.
+
+ - **SFTP port:** The port number for the ICE Chat SFTP site. The connector uses this port to connect to the SFTP site.
+
+ - **PGP private key:** The PGP private key for the ICE Chat SFTP site. Be sure to include the entire private key value, including the beginning and ending lines of the key block.
+
+ - **PGP key passphrase:** The passphrase for the PGP private key.
+
+ - **SSH private key:** The SSH private key for the ICE Chat SFTP site. Be sure to include the entire private key value, including the beginning and ending lines of the key block.
+
+ - **SSH key passphrase:** The passphrase for the SSH private key.
+
+7. After the connection is successfully validated, click **Next**.
-7. On the **Map external users to Microsoft 365 users** page, enable automatic user mapping and provide custom user mapping as required. You can download a copy of the user-mapping CSV file on this page. You can add the user mappings to the file and then upload it.
+8. On the **Map ICE Chat users to Microsoft 365 users** page, enable automatic user mapping and provide custom user mapping as required.
> [!NOTE] > As previously explained, custom mapping file CSV file contains the ICE Chat imid and corresponding Microsoft 365 mailbox address for each user. If you enable automatic user mapping and provide a custom mapping, for every chat item, the connector will first look at custom mapping file. If it doesn't find a valid Microsoft 365 user that corresponds to a user's ICE Chat imid, the connector will import the item to the mailboxes for the users specified in the *SenderEmail* and *RecipientEmail* properties of the chat item. If the connector doesn't find a valid Microsoft 365 user by either automatic or custom user mapping, the item won't be imported.
-8. Click **Next**, review your settings, and then click **Finish** to create the connector.
+9. Click **Next**, review your settings, and then click **Finish** to create the connector.
-9. Go to the **Data connectors** page to see the progress of the import process for the new connector.
+10. Go to the **Data connectors** page to see the progress of the import process for the new connector. Click the connector to display the flyout page, which contains information about the connector.
compliance Archive Instant Bloomberg Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-instant-bloomberg-data.md
The following overview explains the process of using a connector to archive Inst
4. The connector imports the chat message items to the mailbox of a specific user. A new folder named InstantBloomberg is created in the specific user's mailbox and the items will be imported to it. The connector does this by using the value of the *CorporateEmailAddress* property. Every chat message contains this property, which is populated with the email address of every participant of the chat message. In addition to automatic user mapping using the value of the *CorporateEmailAddress* property, you can also define a custom mapping by uploading a CSV mapping file. This mapping file should contain a Bloomberg UUID and the corresponding Microsoft 365 mailbox address for each user. If you enable automatic user mapping and provide a custom mapping, for every chat item the connector will first look at custom-mapping file. If it doesn't find a valid Microsoft 365 user that corresponds to a user's Bloomberg UUID, the connector will use the *CorporateEmailAddress* property of the chat item. If the connector doesn't find a valid Microsoft 365 user in either the custom-mapping file or the *CorporateEmailAddress* property of the chat item, the item won't be imported.
-## Before you begin
+## Before you set up a connector
Some of the implementation steps required to archive Instant Bloomberg data are external to Microsoft 365 and must be completed before you can create the connector in the compliance center.
+- To set up an Instant Bloomberg connector, you have to use keys and key passphrases for Pretty Good Privacy (PGP) and Secure Shell (SSH). These keys are used to configure the Bloomberg SFTP site and used by the connector to connect to the Bloomberg SFTP site to import data to Microsoft 365. The PGP key is used to configure the encryption of data that's transferred from the Bloomberg SFTP site to Microsoft 365. The SSH key is used to configure secure shell to enable a secure remote login when the connector connects to the Bloomberg SFTP site.
+
+ When setting up a connector, you have the option to use public keys and key passphrases provided by Microsoft or you can use your own private keys and passphrases. We recommend that you use the public keys provided by Microsoft. However, if your organization has already configured a Bloomberg SFTP site using private keys, then you can create a connector using these same private keys.
+ - Subscribe to [Bloomberg Anywhere](https://www.bloomberg.com/professional/product/remote-access/?bbgsum-page=DG-WS-PROF-PROD-BBA). This is required so that you can log in to Bloomberg Anywhere to access the Bloomberg SFTP site that you have to set up and configure. - Set up a Bloomberg SFTP (Secure file transfer protocol) site. After working with Bloomberg to set up the SFTP site, data from Instant Bloomberg is uploaded to the SFTP site every day. The connector you create in Step 2 connects to this SFTP site and transfers the chat data to Microsoft 365 mailboxes. SFTP also encrypts the Instant Bloomberg chat data that is sent to mailboxes during the transfer process.
Some of the implementation steps required to archive Instant Bloomberg data are
- The user who creates an Instant Bloomberg connector in Step 3 (and who downloads the public keys and IP address in Step 1) must be assigned the Mailbox Import Export role in Exchange Online. This is required to add connectors in the **Data connectors** page in the Microsoft 365 compliance center. By default, this role isn't assigned to any role group in Exchange Online. You can add the Mailbox Import Export role to the Organization Management role group in Exchange Online. Or you can create a role group, assign the Mailbox Import Export role, and then add the appropriate users as members. For more information, see the [Create role groups](/Exchange/permissions-exo/role-groups#create-role-groups) or [Modify role groups](/Exchange/permissions-exo/role-groups#modify-role-groups) sections in the article "Manage role groups in Exchange Online".
-## Step 1: Obtain SSH and PGP public keys
+## Set up a connector using public keys
-The first step is to obtain a copy of the public keys for Secure Shell (SSH) and Pretty Good Privacy (PGP). You use these keys in Step 2 to configure the Bloomberg SFTP site to allow the connector (that you create in Step 3) to connect to the SFTP site and transfer the Instant Bloomberg chat data to Microsoft 365 mailboxes. You also obtain an IP address in this step, which you use when configuring the Bloomberg SFTP site.
+The steps in this section show you how to set up an Instant Bloomberg connector using the public keys for Pretty Good Privacy (PGP) and Secure Shell (SSH).
-1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **Instant Bloomberg**.
+### Step 1: Obtain PGP and SSH and public keys
-2. On the **Instant Bloomberg** product description page, click **Add connector**
+The first step is to obtain a copy of the public keys for Pretty Good Privacy (PGP) and Secure Shell (SSH). You use these keys in Step 2 to configure the Bloomberg SFTP site to allow the connector (that you create in Step 3) to connect to the SFTP site and transfer the Instant Bloomberg chat data to Microsoft 365 mailboxes. You also obtain an IP address in this step, which you use when configuring the Bloomberg SFTP site.
-3. On the **Terms of service** page, click **Accept**.
+1. Go to <https://compliance.microsoft.com> and click **Data connectors** in the left nav.
+
+2. On the **Data connectors** page under **Instant Bloomberg**, click **View**.
+
+3. On the **Instant Bloomberg** product description page, click **Add connector**
-4. On the **Add credentials for Bloomberg SFTP site** under step 1, click the **Download SSH key**, **Download PGP key**, and **Download IP address** links to save a copy of each file to your local computer. These files contain the following items that are used to configure the Bloomberg SFTP site in Step 2:
+4. On the **Terms of service** page, click **Accept**.
- - SSH public key: This key is used to configure Secure Shell (SSH) to enable a secure remote login when the connector connects to the Bloomberg SFTP site.
+5. On the **Add credentials for content source** page, click **I want to use PGP and SSH public keys provided by Microsoft**.
+
+ ![Select the option to use public keys](../media/InstantBloombergPublicKeysOption.png)
+
+6. Under step 1, click the **Download SSH key**, **Download PGP key**, and **Download IP address** links to save a copy of each file to your local computer.
+
+ ![Links to download public keys and IP address](../media/InstantBloombergPublicKeyDownloadLinks.png)
+
+ These files contain the following items that are used to configure the Bloomberg SFTP site in Step 2:
- PGP public key: This key is used to configure the encryption of data that's transferred from the Bloomberg SFTP site to Microsoft 365.
- - IP address: The Bloomberg SFTP site is configured to accept a connection request only from this IP address, which is used by the Instant Bloomberg connector that you create in Step 3.
+ - SSH public key: This key is used to configure secure shell to enable a secure remote login when the connector connects to the Bloomberg SFTP site.
+
+ - IP address: The Bloomberg SFTP site is configured to accept connection requests from this IP address. The same IP address is used by the Instant Bloomberg connector to connect to the SFTP site and transfer Instant Bloomberg data to Microsoft 365.
-5. Click **Cancel** to close the wizard. You come back to this wizard in Step 3 to create the connector.
+7. Click **Cancel** to close the wizard. You come back to this wizard in Step 3 to create the connector.
-## Step 2: Configure the Bloomberg SFTP site
+### Step 2: Configure the Bloomberg SFTP site
-The next step is to use the SSH and PGP public keys and the IP address that you obtained in Step 1 to configure SSH authentication and PGP encryption for the Bloomberg SFTP site. This lets the Instant Bloomberg connector that you create in Step 3 connect to the Bloomberg SFTP site and transfer Instant Bloomberg data to Microsoft 365. You need to work with Bloomberg customer support to set up your Bloomberg SFTP site. Contact [Bloomberg customer support](https://service.bloomberg.com/portal/sessions/new?utm_source=bloomberg-menu&utm_medium=csc) for assistance.
+The next step is to use the PGP and SSH public keys and the IP address that you obtained in Step 1 to configure PGP encryption and SSH authentication for the Bloomberg SFTP site. This lets the Instant Bloomberg connector that you create in Step 3 connect to the Bloomberg SFTP site and transfer Instant Bloomberg data to Microsoft 365. You need to work with Bloomberg customer support to set up your Bloomberg SFTP site. Contact [Bloomberg customer support](https://service.bloomberg.com/portal/sessions/new?utm_source=bloomberg-menu&utm_medium=csc) for assistance.
> [!IMPORTANT] > Bloomberg recommends that you attach the three files that you downloaded in Step 1 to an email message and send it to their customer support team when working with them to set up your Bloomberg SFTP site.
-## Step 3: Create an Instant Bloomberg connector
+### Step 3: Create an Instant Bloomberg connector
The last step is to create an Instant Bloomberg connector in the Microsoft 365 compliance center. The connector uses the information you provide to connect to the Bloomberg SFTP site and transfer chat messages to the corresponding user mailbox boxes in Microsoft 365.
The last step is to create an Instant Bloomberg connector in the Microsoft 365 c
- **Password:** Password for Bloomberg SFTP site.
- - **SFTP URL:** The URL for Bloomberg SFTP site (for example, sftp.bloomberg.com).
+ - **SFTP URL:** The URL for Bloomberg SFTP site (for example, `sftp.bloomberg.com`). You can also use an IP address for this value.
- **SFTP port:** The port number for Bloomberg SFTP site. The connector uses this port to connect to the SFTP site. 5. On the **Select data types to import** page, select the required data types to be imported apart from **Messages**
-6. On the **User-mapping** page, enable automatic user mapping and provide custom user mapping as required
+6. On the **Map Instant Bloomberg users to Microsoft 365 users** page, enable automatic user mapping and provide custom user mapping as required
+
+ > [!NOTE]
+ > The connector imports the chat message items to the mailbox of a specific user. A new folder named **InstantBloomberg** is created in the specific user's mailbox and the items will be imported to it. The connector does by using the value of the *CorporateEmailAddress* property. Every chat message contains this property, and the property is populated with the email address of every participant of the chat message. In addition to automatic user mapping using the value of the *CorporateEmailAddress* property, you can also define custom mapping by uploading a CSV mapping file. The mapping file should contain the Bloomberg UUID and corresponding Microsoft 365 mailbox address for each user. If you enable automatic user mapping and provide a custom mapping, for every chat item the connector will first look at custom mapping file. If it doesn't find a valid Microsoft 365 user that corresponds to a user's Bloomberg UUID, the connector will use the *CorporateEmailAddress* property of the chat item. If the connector doesn't find a valid Microsoft 365 user in either the custom mapping file or the *CorporateEmailAddress* property of the chat item, the item won't be imported.
+
+7. Click **Next**, review your settings, and then click **Finish** to create the connector.
+
+8. Go to the **Data connectors** page to see the progress of the import process for the new connector. Click the connector to display the flyout page, which contains information about the connector.
+
+## Set up a connector using private keys
+
+The steps in this section show you how to set up an Instant Bloomberg connector using PGP and SSH private keys. This connector setup option is intended for organizations that have already configured a Bloomberg SFTP site using private keys.
+
+### Step 1: Obtain an IP address to configure the Bloomberg SFTP site
+
+> [!NOTE]
+> If your organization has previously configured a Bloomberg SFTP site to archive Bloomberg Message data using PGP and SSH private keys, you don't have to configure another one. You can specify the same SFTP site when you create the connector in Step 2.
+
+If your organization has used PGP and SSH private keys to set up a Bloomberg SFTP site, then you have to obtain an IP address and provide it to Bloomberg customer support. The Bloomberg SFTP site must be configured to accept connection requests from this IP address. The same IP address is used by the Instant Bloomberg connector to connect to the SFTP site and transfer Instant Bloomberg data to Microsoft 365.
+
+To obtain the IP address:
+
+1. Go to <https://compliance.microsoft.com> and click **Data connectors** in the left nav.
+
+2. On the **Data connectors** page under **Instant Bloomberg**, click **View**.
+
+3. On the **Instant Bloomberg** product description page, click **Add connector**
+
+4. On the **Terms of service** page, click **Accept**.
+
+5. On the **Add credentials for content source** page, click **I want to use PGP and SSH private keys**.
+
+6. Under step 1, click **Download IP address** to save a copy of the IP address file to your local computer.
+
+ ![Download the IP address](../media/InstantBloombergConnectorIPAddress.png)
+
+7. Click **Cancel** to close the wizard. You come back to this wizard in Step 2 to create the connector.
+
+You need to work with Bloomberg customer support to configure your Bloomberg SFTP site to accept connection requests from this IP address. Contact [Bloomberg customer support](https://service.bloomberg.com/portal/sessions/new?utm_source=bloomberg-menu&utm_medium=csc) for assistance.
+
+### Step 2: Create an Instant Bloomberg connector
+
+After your Bloomberg SFTP site is configured, the next step is to create an Instant Bloomberg connector in the Microsoft 365 compliance center. The connector uses the information you provide to connect to the Bloomberg SFTP site and transfer email messages to the corresponding user mailbox boxes in Microsoft 365. To complete this step, be sure to have copies of the same private keys and key passphrases that you used to set up your Bloomberg SFTP site.
+
+1. Go to <https://compliance.microsoft.com> and click **Data connectors** in the left nav.
+
+2. On the **Data connectors** page under **Instant Bloomberg**, click **View**.
+
+3. On the **Instant Bloomberg** product description page, click **Add connector**
+
+4. On the **Terms of service** page, click **Accept**.
+
+5. On the **Add credentials for content source** page, click **I want to use PGP and SSH private keys**.
+
+ ![Select the option to use private keys](../media/InstantBloombergPrivateKeysOption.png)
+
+6. Under Step 3, enter the required information in the following boxes and then click **Validate connection**.
+
+ - **Name:** The name for the connector. It must be unique in your organization.
+
+ - **Firm code:** The ID for your organization that is used as the username for the Bloomberg SFTP site.
+
+ - **Password:** The password for your organization's Bloomberg SFTP site.
+
+ - **SFTP URL:** The URL for the Bloomberg SFTP site (for example, `sftp.bloomberg.com`). You can also use an IP address for this value.
+
+ - **SFTP port:** The port number for the Bloomberg SFTP site. The connector uses this port to connect to the SFTP site.
+
+ - **PGP private key:** The PGP private key for the Bloomberg SFTP site. Be sure to include the entire private key value, including the beginning and ending lines of the key block.
+
+ - **PGP key passphrase:** The passphrase for the PGP private key.
+
+ - **SSH private key:** The SSH private key for the Bloomberg SFTP site. Be sure to include the entire private key value, including the beginning and ending lines of the key block.
+
+ - **SSH key passphrase:** The passphrase for the SSH private key.
+
+7. After the connection is successfully validated, click **Next**.
+
+8. On the **Map Instant Bloomberg users to Microsoft 365 users** page, enable automatic user mapping and provide custom user mapping as required.
> [!NOTE] > The connector imports the chat message items to the mailbox of a specific user. A new folder named **InstantBloomberg** is created in the specific user's mailbox and the items will be imported to it. The connector does by using the value of the *CorporateEmailAddress* property. Every chat message contains this property, and the property is populated with the email address of every participant of the chat message. In addition to automatic user mapping using the value of the *CorporateEmailAddress* property, you can also define custom mapping by uploading a CSV mapping file. The mapping file should contain the Bloomberg UUID and corresponding Microsoft 365 mailbox address for each user. If you enable automatic user mapping and provide a custom mapping, for every chat item the connector will first look at custom mapping file. If it doesn't find a valid Microsoft 365 user that corresponds to a user's Bloomberg UUID, the connector will use the *CorporateEmailAddress* property of the chat item. If the connector doesn't find a valid Microsoft 365 user in either the custom mapping file or the *CorporateEmailAddress* property of the chat item, the item won't be imported.
-7. Click **Next**, review your settings, and then click **prepare** to create the connector.
+9. Click **Next**, review your settings, and then click **Finish** to create the connector.
-8. Go to the **Data connectors** page to see the progress of the import process for the new connector.
+10. Go to the **Data connectors** page to see the progress of the import process for the new connector. Click the connector to display the flyout page, which contains information about the connector.
compliance Encryption Sensitivity Labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/encryption-sensitivity-labels.md
For more information, prerequisites, and configuration instructions, see [Double
You can use the following options to let users assign permissions when they manually apply a sensitivity label to content: -- In Outlook, a user can select restrictions equivalent to the [Do Not Forward](/azure/information-protection/configure-usage-rights#do-not-forward-option-for-emails) option or [Encrypt-only](/azure/information-protection/configure-usage-rights#encrypt-only-option-for-emails) (currently rolling out) for their chosen recipients.
+- In Outlook, a user can select restrictions equivalent to the [Do Not Forward](/azure/information-protection/configure-usage-rights#do-not-forward-option-for-emails) option or [Encrypt-only](/azure/information-protection/configure-usage-rights#encrypt-only-option-for-emails) for their chosen recipients.
The Do Not Forward option is supported by all email clients that support sensitivity labels. However, applying the **Encrypt-Only** option with a sensitivity label is a recent release that's supported only by built-in labeling and not the Azure Information Protection unified labeling client. For email clients that don't support this capability, the label won't be visible.
compliance Migrate Aad Classification Sensitivity Labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/migrate-aad-classification-sensitivity-labels.md
description: "This article discusses classic Azure Active Directory classificati
This article discusses classic Azure Active Directory classification and sensitivity labels.
-Sensitivity labels are supported by [these services](./sensitivity-labels-teams-groups-sites.md#support-for-the-sensitivity-labels).
+Sensitivity labels are supported by [these services](./sensitivity-labels-teams-groups-sites.md).
For complete info about sensitivity labels, see [Learn about sensitivity labels](sensitivity-labels.md).
compliance Office 365 Encryption In The Microsoft Cloud Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/office-365-encryption-in-the-microsoft-cloud-overview.md
For customer data in transit, all Office 365 servers negotiate secure sessions u
- [Encryption in Azure](office-365-azure-encryption.md) - [BitLocker and Distributed Key Manager (DKM) for Encryption](office-365-bitlocker-and-distributed-key-manager-for-encryption.md) - [Office 365 Service Encryption](office-365-service-encryption.md)-- [Office 365 Encryption for Skype for Business, OneDrive for Business, SharePoint Online, and Exchange Online](./n/compliance/assurance/assurance-encryption-for-microsoft-365-services)
+- [Office 365 Encryption for Skype for Business, OneDrive for Business, SharePoint Online, and Exchange Online](https://docs.microsoft.com/compliance/assurance/assurance-encryption-for-microsoft-365-services)
- [Encryption for Data in Transit](/compliance/assurance/assurance-encryption-in-transit) - [Customer-Managed Encryption Features](office-365-customer-managed-encryption-features.md) - [Encryption Risks and Protections](office-365-encryption-risks-and-protections.md)
contentunderstanding Create An Extractor https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/create-an-extractor.md
To help identify the *Service Start Date* you can create a pattern explanation.
### Use the Explanation library
-For creating explanations for items such as dates, it is easier to [use the explanation library](./explanation-types-overview.md#use-the-explanation-library) than to manually enter all variations. The explanation library is a set of pre-built phrase and pattern explanations. The library tries to provides all formats for common phrase or pattern lists, such as dates, phone numbers, zip codes, and many others.
+For creating explanations for items such as dates, it is easier to [use the explanation library](./explanation-types-overview.md) than to manually enter all variations. The explanation library is a set of pre-built phrase and pattern explanations. The library tries to provides all formats for common phrase or pattern lists, such as dates, phone numbers, zip codes, and many others.
For the *Service Start Date* sample, it is more efficient to use the pre-built explanation for *Date* in the explanation library:
contentunderstanding Difference Between Document Understanding And Form Processing Model https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/difference-between-document-understanding-and-form-processing-model.md
There are two model types that you can use:
While both models are generally used for the same purpose, the key differences listed below affect which ones you can use. > [!NOTE]
-> See the [SharePoint Syntex adoption: Get started guide](./adoption-getstarted.md#form-processing-scenario-example) for more information about form processing and document understanding scenario examples.
+> See the [SharePoint Syntex adoption: Get started guide](./adoption-getstarted.md) for more information about form processing and document understanding scenario examples.
## Structured versus unstructured and semi-structured content
contentunderstanding Document Understanding Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/document-understanding-overview.md
description: "Get an overview of the document understanding in Microsoft SharePo
Document understanding uses artificial intelligence (AI) models to automate classification of files and extraction of information. It works best with unstructured documents, such as letters or contracts. These documents must have text that can be identified based on phrases or patterns. The identified text designates both the type of file it is (its classification) and what you'd like to extract (its extractors). > [!NOTE]
-> See the [SharePoint Syntex adoption: Get started guide](./adoption-getstarted.md#document-understanding-scenario-example) for more information about document understanding scenario examples.
+> See the [SharePoint Syntex adoption: Get started guide](./adoption-getstarted.md) for more information about document understanding scenario examples.
Document understanding models are created and managed in a type of SharePoint site called a *content center*. When applied to a SharePoint document library, the model is associated with a content type has columns to store the information being extracted. The content type you create is stored in the SharePoint content type gallery. You can also choose to use existing content types to use their schema.
contentunderstanding Form Processing Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/form-processing-overview.md
You can use AI Builder form processing to create AI models that use machine lear
Organizations often receive invoices in large quantities from a variety of sources, such as mail, fax, email, etc. Processing these documents and manually entering them into a database can take a considerable amount of time. By using AI to extract the text, key/value pairs, and tables from your documents, form processing automates this process. > [!NOTE]
-> See the [SharePoint Syntex adoption: Get started guide](./adoption-getstarted.md#form-processing-scenario-example) for more information about form processing scenario examples.
+> See the [SharePoint Syntex adoption: Get started guide](./adoption-getstarted.md) for more information about form processing scenario examples.
For example, you can create a form processing model that identifies all purchase order documents that are uploaded to the document library. From each purchase order you can then extract and display specific data that is important to you, such as *PO Number*, *Date*, or *Total Cost*.
You use example files to train your model and define the information to be extra
After you train and publish your model, your model creates a [Power Automate Flow](/power-automate/getting-started). The flow runs when a file is uploaded to the SharePoint document library and will extract data that has been identified in the model. The extracted data will display in columns in your model's document library view.
-An Office 365 admin needs to [enable Form processing](./set-up-content-understanding.md#to-set-up-content-understanding) for the SharePoint document library for users to be able to [create a form processing model](create-a-form-processing-model.md) in it. You can select the sites during setup, or after setup in your management settings.
+An Office 365 admin needs to [enable Form processing](./set-up-content-understanding.md) for the SharePoint document library for users to be able to [create a form processing model](create-a-form-processing-model.md) in it. You can select the sites during setup, or after setup in your management settings.
### File limitations
enterprise Routing With Expressroute https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/routing-with-expressroute.md
Some of the key items in the above articles that you'll need to understand inclu
- There's a 1:1 mapping between an ExpressRoute circuit and a customer s-key. -- Each circuit can support 2 independent peering relationships (Azure Private peering, and Microsoft peering); Office 365 requires Microsoft peering.
+- Each circuit can support two independent peering relationships (Azure Private peering, and Microsoft peering); Office 365 requires Microsoft peering.
- Each circuit has a fixed bandwidth that is shared across all peering relationships.
See the [FAQ page](/azure/expressroute/expressroute-faqs) for more information o
## Ensuring route symmetry
-The Office 365 front end servers are accessible on both the Internet and ExpressRoute. These servers will prefer to route back to on-premises over ExpressRoute circuits when both are available. Because of this there is a possibility of route asymmetry if traffic from your network prefers to route over your Internet circuits. Asymmetrical routes are a problem because devices that perform stateful packet inspection can block return traffic that follows a different path than the outbound packets followed.
+The Office 365 front-end servers are accessible on both the Internet and ExpressRoute. These servers will prefer to route back to on-premises over ExpressRoute circuits when both are available. Because of this, there is a possibility of route asymmetry if traffic from your network prefers to route over your Internet circuits. Asymmetrical routes are a problem because devices that perform stateful packet inspection can block return traffic that follows a different path than the outbound packets followed.
Regardless of whether you initiate a connection to Office 365 over the Internet or ExpressRoute, the source must be a publicly routable address. With many customers peering directly with Microsoft, having private addresses where duplication is possible between customers isn't feasible.
The following are scenarios where communications from Office 365 to your on-prem
- SMTP services such as mail from an Exchange Online tenant to an on-premises host or SharePoint Online Mail sent from SharePoint Online to an on-premises host. SMTP protocol is used more broadly within Microsoft's network than the route prefixes shared over ExpressRoute circuits and advertising on-premises SMTP servers over ExpressRoute will cause failures with these other services. -- ADFS during password validation for sign-in.
+- ADFS during password validation for signing in.
- [Exchange Server Hybrid deployments](/exchange/exchange-hybrid).
The following are scenarios where communications from Office 365 to your on-prem
For Microsoft to route back to your network for these bi-directional traffic flows, the BGP routes to your on-premises devices must be shared with Microsoft. When you advertise route prefixes to Microsoft over ExpressRoute, you should follow these best practices:
-1) Do not advertise the same public IP Address route prefix to the public Internet and over ExpressRoute. It is strongly recommended that the IP BGP Route Prefix advertisements to Microsoft over ExpressRoute are from a range which is not advertised to the internet at all. If this is not possible to achieve due to the available IP Address space, then it is essential to ensure you advertise a more specific range over ExpressRoute than any internet circuits.
+1) Do not advertise the same public IP Address route prefix to the public Internet and over ExpressRoute. It is recommended that the IP BGP Route Prefix advertisements to Microsoft over ExpressRoute are from a range that is not advertised to the internet at all. If this is not possible to achieve due to the available IP Address space, then it is essential to ensure you advertise a more specific range over ExpressRoute than any internet circuits.
2) Use separate NAT IP pools per ExpressRoute circuit and separate to that of your internet circuits.
Other applications such as Office 365 Video, is an Office 365 application; howev
Each of the Office 365 features that are available using Microsoft peering are listed in the [Office 365 endpoints article](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2) by application type and FQDN. The reason for using the FQDN in the tables is to allow customers to manage traffic using PAC files or other proxy configurations, see our guide to [managing Office 365 endpoints](./managing-office-365-endpoints.md) for example PAC files.
-In some situations we've used a wildcard domain where one or more sub-FQDNs are advertised differently than the higher level wildcard domain. This usually happens when the wildcard represents a long list of servers that are all advertised to ExpressRoute and the Internet, while a small sub-set of destinations are only advertised to the Internet, or the reverse. Refer to the tables below to understand where the differences are.
+In some situations we've used a wildcard domain where one or more sub-FQDNs are advertised differently than the higher-level wildcard domain. This usually happens when the wildcard represents a long list of servers that are all advertised to ExpressRoute and the Internet, while a small subset of destinations is only advertised to the Internet, or the reverse. Refer to the tables below to understand where the differences are.
This table displays the wildcard FQDNs that are advertised to both the internet and Azure ExpressRoute alongside the sub-FQDNs that are advertised only to the internet.
Usually PAC files are intended to send network requests to ExpressRoute advertis
3. Include any other network endpoints or rules below these two entries, sending the traffic towards your proxy.
-This table displays the wildcard domains that are advertised to Internet circuits only alongside the sub-FQDNs that are advertised to Azure ExpressRoute and Internet circuits. For your PAC file above, the FQDNs in column two in the below table are listed as being advertised to ExpressRoute in the link referenced, which means they would be included in the second group of entries in the file.
+This table displays the wildcard domains that are advertised to Internet circuits only alongside the sub-FQDNs that are advertised to Azure ExpressRoute and Internet circuits. For your PAC file above, the FQDNs in column 2 in the below table are listed as being advertised to ExpressRoute in the link referenced, which means they would be included in the second group of entries in the file.
|**Wildcard domain advertised to Internet circuits only**|**Sub-FQDN advertised to ExpressRoute and Internet circuits**| |:--|:--|
This table displays the wildcard domains that are advertised to Internet circuit
## Routing Office 365 traffic over the Internet and ExpressRoute
-To route to the Office 365 application of your choosing you'll need to determine a number of key factors.
+To route to the Office 365 application of your choosing, you'll need to determine a number of key factors.
1. How much bandwidth the application will require. Sampling existing usage is the only reliable method for determining this in your organization.
-2. What egress location(s) you want the network traffic to leave your network from. You should plan to minimize the network latency for connectivity to Office 365 as this will impact performance. Because Skype for Business uses real-time voice and video it is particularly susceptible to poor network latency.
+2. What egress location(s) you want the network traffic to leave your network from. You should plan to minimize the network latency for connectivity to Office 365 as this will impact performance. Because Skype for Business uses real-time voice and video, it is particularly susceptible to poor network latency.
-3. If you want all or a subset of your network locations to leverage ExpressRoute.
+3. If you want all or a subset of your network locations to use ExpressRoute.
4. What locations your chosen network provider offers ExpressRoute from.
This example is a scenario for a fictitious company called Trey Research who has
Employees at Trey Research are only allowed to connect to the services and websites on the internet that the security department explicitly allows on the pair of outbound proxies that sit between the corporate network and their ISP.
-Trey Research plans to use Azure ExpressRoute for Office 365 and recognizes that some traffic such as traffic destined for content delivery networks won't be able to route over the ExpressRoute for Office 365 connection. Since all traffic already routes to the proxy devices by default, these requests will continue to work as before. After Trey Research determines they can meet the Azure ExpressRoute routing requirements, they proceed to create a circuit, configure routing, and linking the new ExpressRoute circuit to a virtual network. Once the fundamental Azure ExpressRoute configuration is in place, Trey Research uses the [#2 PAC file we publish](./managing-office-365-endpoints.md#ID0EACAAA=2._Proxies) to route traffic with customer specific data over the direct ExpressRoute for Office 365 connections.
+Trey Research plans to use Azure ExpressRoute for Office 365 and recognizes that some traffic such as traffic destined for content delivery networks won't be able to route over the ExpressRoute for Office 365 connection. Since all traffic already routes to the proxy devices by default, these requests will continue to work as before. After Trey Research determines they can meet the Azure ExpressRoute routing requirements, they proceed to create a circuit, configure routing, and linking the new ExpressRoute circuit to a virtual network. Once the fundamental Azure ExpressRoute configuration is in place, Trey Research uses the [#2 PAC file we publish](./managing-office-365-endpoints.md) to route traffic with customer-specific data over the direct ExpressRoute for Office 365 connections.
As shown in the following diagram, Trey Research is able to satisfy the requirement to route Office 365 traffic over the internet and a subset of traffic over ExpressRoute using a combination of routing and outbound proxy configuration changes.
-1. Using the [#2 PAC file we publish](./managing-office-365-endpoints.md#ID0EACAAA=2._Proxies) to route traffic through a separate internet egress point for Azure ExpressRoute for Office 365.
+1. Using the [#2 PAC file we publish](./managing-office-365-endpoints.md) to route traffic through a separate internet egress point for Azure ExpressRoute for Office 365.
2. Clients are configured with a default route towards Trey Research's proxies.
The highest volume FQDNs for Exchange Online, SharePoint Online, and Skype for B
Learn more about [deploying and managing proxy settings in Windows 8](/archive/blogs/deploymentguys/windows-8-supporting-proxy-services-with-static-configurations-web-hosted-pac-files-and-domain-policy-configured-proxy) and [ensuring Office 365 isn't throttled by your proxy](https://blogs.technet.com/b/onthewire/archive/2014/03/28/ensuring-your-office-365-network-connection-isn-t-throttled-by-your-proxy.aspx).
-With a single ExpressRoute circuit, there is no high availability for Trey Research. In the event Trey's redundant pair of edge devices that are servicing the ExpressRoute connectivity fail, there is not an additional ExpressRoute circuit to failover to. This leaves Trey Research in a predicament as failing over to the internet will require manual re-configuration and in some cases new IP addresses. If Trey wants to add high availability, the simplest solution is to add additional ExpressRoute circuits for each location and configure the circuits in an active/active manner.
+With a single ExpressRoute circuit, there is no high availability for Trey Research. In the event Trey's redundant pair of edge devices that are servicing the ExpressRoute connectivity fail, there is not an additional ExpressRoute circuit to failover to. This leaves Trey Research in a predicament as failing over to the internet will require manual reconfiguration and in some cases new IP addresses. If Trey wants to add high availability, the simplest solution is to add additional ExpressRoute circuits for each location and configure the circuits in an active/active manner.
## Routing ExpressRoute for Office 365 with multiple locations
The last scenario, routing Office 365 traffic over ExpressRoute is the foundatio
The additional questions that must be answered for customers with multiple locations in multiple geographies include:
-1. Do you require an ExpressRoute circuit in every location? If you're using Skype for Business Online or are concerned with latency sensitivity for SharePoint Online or Exchange Online, a redundant pair of active/active ExpressRoute circuits are recommended in each location. See the Skype for Business media quality and network connectivity guide for more details.
+1. Do you require an ExpressRoute circuit in every location? If you're using Skype for Business Online or are concerned with latency sensitivity for SharePoint Online or Exchange Online, a redundant pair of active/active ExpressRoute circuits is recommended in each location. See the Skype for Business media quality and network connectivity guide for more details.
2. If an ExpressRoute circuit isn't available in a particular region, how should Office 365 destined traffic be routed? 3. What is the preferred method for consolidating traffic in the case of networks with many small locations?
-Each of these presents a unique challenge that requires you to evaluate your own network as well as the options available from Microsoft.
+Each of these presents a unique challenge that requires you to evaluate your own network and the options available from Microsoft.
|**Consideration**|**Network components to evaluate**| |:--|:--|
Each of these considerations must be taken into account for each unique network.
This example is a scenario for a fictitious company called Humongous Insurance who has multiple geographic locations.
-Humongous Insurance is geographically dispersed with offices all over the world. They want to implement Azure ExpressRoute for Office 365 to keep the majority of their Office 365 traffic on direct network connections. Humongous Insurance also has offices on two additional continents. The employees in the remote office where ExpressRoute is not feasible will need to route back to one or both of the primary facilities to use an ExpressRoute connection.
+Humongous Insurance is geographically dispersed with offices all over the world. They want to implement Azure ExpressRoute for Office 365 to keep most their Office 365 traffic on direct network connections. Humongous Insurance also has offices on two additional continents. The employees in the remote office where ExpressRoute is not feasible will need to route back to one or both of the primary facilities to use an ExpressRoute connection.
The guiding principle is to get Office 365 destined traffic to a Microsoft datacenter as quickly as possible. In this example, Humongous Insurance must decide if their remote offices should route over the Internet to get to a Microsoft datacenter over any connection as quickly as possible or if their remote offices should route over an internal network to get to a Microsoft datacenter over an ExpressRoute connection as quickly as possible. Microsoft's datacenters, networks, and application architecture are designed to take globally disparate communications and service them in the most efficient way possible. This is one of the largest networks in the world. Requests destined for Office 365 that remain on customer networks longer than necessary won't be able to take advantage of this architecture.
-In Humongous Insurance's situation, they should proceed depending on the applications they intend to use over ExpressRoute. For example, if they're a Skype for Business Online customer, or plan to leverage ExpressRoute connectivity when connecting to external Skype for Business Online meetings, the design recommended in the Skype for Business Online media quality and network connectivity guide is to provision an additional ExpressRoute circuit for the third location. This may be more expensive from a networking perspective; however, routing requests from one continent to another before delivering to a Microsoft datacenter may cause a poor or unusable experience during Skype for Business Online meetings and communications.
+In Humongous Insurance's situation, they should proceed depending on the applications they intend to use over ExpressRoute. For example, if they're a Skype for Business Online customer, or plan to use ExpressRoute connectivity when connecting to external Skype for Business Online meetings, the design recommended in the Skype for Business Online media quality and network connectivity guide is to provision an additional ExpressRoute circuit for the third location. This may be more expensive from a networking perspective; however, routing requests from one continent to another before delivering to a Microsoft datacenter may cause a poor or unusable experience during Skype for Business Online meetings and communications.
-If Humongous Insurance isn't using or doesn't plan to leverage Skype for Business Online in any way, routing Office 365 destined network traffic back to a continent with an ExpressRoute connection may be feasible though may cause unnecessary latency or TCP congestion. In both cases, routing Internet destined traffic to the Internet at the local site is recommended to take advantage of the content delivery networks that Office 365 relies on.
+If Humongous Insurance isn't using or doesn't plan to use Skype for Business Online in any way, routing Office 365 destined network traffic back to a continent with an ExpressRoute connection may be feasible though may cause unnecessary latency or TCP congestion. In both cases, routing Internet destined traffic to the Internet at the local site is recommended to take advantage of the content delivery networks that Office 365 relies on.
![ExpressRoute multi-geography](../media/98fdd883-2c5a-4df7-844b-bd28cd0b9f50.png) When Humongous Insurance is planning their multi-geography strategy, there are a number of things to consider around size of circuit, number of circuits, failover, and so on.
-With ExpressRoute in a single location with multiple regions attempting to use the circuit, Humongous Insurance wants to ensure that connections to Office 365 from the remote office are sent to the Office 365 datacenter nearest headquarters and received by the headquarters location. To do this, Humongous Insurance implements DNS forwarding to reduce the number of round trips and DNS lookups required to establish the appropriate connection with the Office 365 environment closest to the headquarters internet egress point. This prevents the client from resolving a local front end server and ensures the Front End server the person connects to is near the headquarters where Humongous Insurance is peering with Microsoft. You can also learn to [Assign a Conditional Forwarder for a Domain Name](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc794735(v=ws.10)).
+With ExpressRoute in a single location with multiple regions attempting to use the circuit, Humongous Insurance wants to ensure that connections to Office 365 from the remote office are sent to the Office 365 datacenter nearest headquarters and received by the headquarters location. To do this, Humongous Insurance implements DNS forwarding to reduce the number of round trips and DNS lookups required to establish the appropriate connection with the Office 365 environment closest to the headquarters internet egress point. This prevents the client from resolving a local front-end server and ensures the Front-End server the person connects to be near the headquarters where Humongous Insurance is peering with Microsoft. You can also learn to [Assign a Conditional Forwarder for a Domain Name](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc794735(v=ws.10)).
-In this scenario, traffic from the remote office would resolve the Office 365 front end infrastructure in North America and leverage Office 365 to connect to the backend servers according to the architecture of the Office 365 application. For example, Exchange Online would terminate the connection in North America and those front end servers would connect to the backend mailbox server wherever the tenant resided. All services have a widely distributed front door service comprised of unicast and anycast destinations.
+In this scenario, traffic from the remote office would resolve the Office 365 front-end infrastructure in North America and use Office 365 to connect to the backend servers according to the architecture of the Office 365 application. For example, Exchange Online would terminate the connection in North America and those front-end servers would connect to the backend mailbox server wherever the tenant resided. All services have a widely distributed front door service comprised of unicast and anycast destinations.
-If Humongous has major offices in multiple continents, a minimum of two active/active circuits per region are recommended in order to reduce latency for sensitive applications such as Skype for Business Online. If all offices are in a single continent, or is not using real time collaboration, having a consolidated or distributed egress point is a customer specific decision. When multiple circuits are available, BGP routing will ensure failover should any single circuit become unavailable.
+If Humongous has major offices in multiple continents, a minimum of two active/active circuits per region are recommended in order to reduce latency for sensitive applications such as Skype for Business Online. If all offices are in a single continent, or is not using real-time collaboration, having a consolidated or distributed egress point is a customer-specific decision. When multiple circuits are available, BGP routing will ensure failover should any single circuit become unavailable.
Learn more about sample [routing configurations](/azure/expressroute/expressroute-config-samples-routing) and [https://azure.microsoft.com/documentation/articles/expressroute-config-samples-nat/](/azure/expressroute/expressroute-config-samples-nat).
Selective routing with ExpressRoute may be needed for a variety of reasons, such
1. **Route filtering/segregation** - allowing the BGP routes to Office 365 over ExpressRoute to a subset of your subnets or routers. This selectively routes by customer network segment or physical office location. This is common for staggering rollout of ExpressRoute for Office 365 and is configured on your BGP devices.
-2. **PAC files/URLs** - directing Office 365 destined network traffic for specific FQDNs to route on a specific path. This selectively routes by client computer as identified by [PAC file deployment](./managing-office-365-endpoints.md#ID0EACAAA=2._Proxies).
+2. **PAC files/URLs** - directing Office 365 destined network traffic for specific FQDNs to route on a specific path. This selectively routes by client computer as identified by [PAC file deployment](./managing-office-365-endpoints.md).
3. **Route filtering** - [Route filters](/azure/expressroute/how-to-routefilter-portal) are a way to consume a subset of supported services through Microsoft peering.
enterprise Use Microsoft 365 Cdn With Spo https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/use-microsoft-365-cdn-with-spo.md
If you want to use the full URL to the asset instead of a relative path, constru
`https://<TenantHostName>.sharepoint.com/sites/site/CDN_origins/public/image.png` > [!NOTE]
-> In general, you should not hardcode URLs directly to assets in the CDN. However, you can manually construct URLs for assets in public origins if needed. For more information, see [Hardcoding CDN URLs for public assets](use-microsoft-365-cdn-with-spo.md#hardcoding-cdn-urls-for-public-assets).
+> In general, you should not hardcode URLs directly to assets in the CDN. However, you can manually construct URLs for assets in public origins if needed. For more information, see [Hardcoding CDN URLs for public assets](use-microsoft-365-cdn-with-spo.md).
To learn about how to verify that assets are being served from the CDN, see [How do I confirm that assets are being served by the CDN?](use-microsoft-365-cdn-with-spo.md#CDNConfirm) in the [Troubleshooting the Office 365 CDN](use-microsoft-365-cdn-with-spo.md#CDNTroubleshooting) section.
enterprise Use Windows Powershell To Create Reports In Microsoft 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/use-windows-powershell-to-create-reports-in-microsoft-365.md
These articles describe how to use PowerShell for Microsoft 365 to get informati
- Get started with reporting using PowerShell for Microsoft 365:
- - [Why you need to use PowerShell for Microsoft 365](./why-you-need-to-use-microsoft-365-powershell.md#reveal)
+ - [Why you need to use PowerShell for Microsoft 365](./why-you-need-to-use-microsoft-365-powershell.md)
- Reports for user accounts and licenses:
enterprise View Service Health https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/view-service-health.md
If you are unable to sign in to the admin center, you can use the [service statu
1. Go to the Microsoft 365 admin center at [https://admin.microsoft.com](https://go.microsoft.com/fwlink/p/?linkid=2024339), and sign in with an admin account. > [!NOTE]
- > People who are assigned the global admin or service administrator role can view service health. To allow Exchange, SharePoint, and Skype for Business admins to view service health, they must also be assigned the Service admin role. For more information about roles that can view service health, see [About admin roles](../admin/add-users/about-admin-roles.md?preserve-view=true&view=o365-worldwide#roles-available-in-the-microsoft-365-admin-center).
+ > People who are assigned the global admin or service administrator role can view service health. To allow Exchange, SharePoint, and Skype for Business admins to view service health, they must also be assigned the Service admin role. For more information about roles that can view service health, see [About admin roles](../admin/add-users/about-admin-roles.md?preserve-view=true&view=o365-worldwide#commonly-used-microsoft-365-admin-center-roles).
2. If you are not using the new admin center, on the **Home** page, select the **Try the new admin center** toggle in the upper-right corner.
For more information about our commitment to uptime, see [Transparent operations
## Related topics [Activity Reports in the Microsoft 365 admin center](https://support.office.com/article/0d6dfb17-8582-4172-a9a9-aed798150263)
-[Message center Preferences](../admin/manage/message-center.md?preserve-view=true&view=o365-worldwide#preferences11)
+[Message center Preferences](../admin/manage/message-center.md?preserve-view=true&view=o365-worldwide#preferences)<br/>
+[How to check Windows release health on admin center](https://docs.microsoft.com/windows/deployment/update/check-release-health)
knowledge Topic Experiences Roles https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/knowledge/topic-experiences-roles.md
A topic contributor can also create and publish a new topic through their topic
To create and edit a topic, the user must: - [Be assigned a Viva Topics license](./set-up-topic-experiences.md#assign-licenses) by their Microsoft 365 admin.-- [Be assigned permissions to create and edit topics](./topic-experiences-user-permissions.md#change-who-has-permissions-to-do-tasks-on-the-topic-center). This task is done by the knowledge admin in the Viva Topics settings page in the Microsoft 365 admin center.
+- [Be assigned permissions to create and edit topics](./topic-experiences-user-permissions.md). This task is done by the knowledge admin in the Viva Topics settings page in the Microsoft 365 admin center.
## Knowledge managers
Additionally, a knowledge manager can edit existing topics or create new ones.
To manage topics, the user must: - [Be assigned a Viva Topics license](./set-up-topic-experiences.md#assign-licenses) by their Microsoft 365 admin.-- [Be assigned permissions to manage topics](./topic-experiences-user-permissions.md#change-who-has-permissions-to-do-tasks-on-the-topic-center)). This task is done by the knowledge admin in the Viva Topics settings page in the Microsoft 365 admin center.
+- [Be assigned permissions to manage topics](./topic-experiences-user-permissions.md)). This task is done by the knowledge admin in the Viva Topics settings page in the Microsoft 365 admin center.
Users who have a good overall knowledge of your business can be good candidates for the knowledge manager role. Such people might not only have the knowledge to know if topics are valid or not, but might also know people within the company who are related to those topics.
managed-desktop Archived Device List https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/service-description/archived-device-list.md
To be enrolled in Microsoft Managed Desktop, a device must be one of the followi
||||| |Dell Precision 3530| 256 GB / Intel i5 / 8 GB RAM | IR camera required | **May 22, 2023** | |Dell Latitude 5300 / 5300 2-in-1 / 5400 / 5500 | 256 GB / Intel i5 / 8 GB RAM | IR camera required | **June 1, 2024** |
+|Dell Latitude 5310 / 5310 2-in-1 / 256 GB / Intel i5 / 8 GB RAM | IR camera required | **Apr 28, 2025** |
+|Dell Latitude 5410 / 5410 2-in-1 / 256 GB / Intel i5 / 8 GB RAM | IR camera required | **Apr 28, 2025** |
|Dell Latitude 5490 | 256 GB / Intel i5 / 8 GB RAM | IR camera required | **Jan 9, 2023** | |Dell Latitude 7200 2-in-1 | 256 GB / Intel i5 / 8 GB RAM | IR camera required | **May 1, 2024** | |Dell Latitude 7300 / 7400 / 7400 2-in-1 | 256 GB / Intel i5 / 8 GB RAM | IR camera required | **May 1, 2024** | |Dell Latitude 7390 / 7390 2-in-1 / 7490 | 256 GB / Intel i5 / 8 GB RAM | IR camera required | **Jan 9, 2023** | |Dell Latitude 7410 / 7410 2-in-1 | 256 GB / Intel i5 / 8 GB RAM | IR camera required | **May 19, 2025** |
+|Dell Latitude 9410 / 9410 2-in-1 | 256 GB / Intel i5 / 8 GB RAM | IR camera required | **May 05, 2025** |
|Dell Optiplex 3070 | 128 GB / Intel i3 / 8 GB RAM | None | **May 1, 2025** | |HP EliteBook 830 / 840 / 850 G5| 128 GB / Intel i5 / 8 GB RAM | SKU with 5VS01AV, IR camera or fingerprint sensor required | **Feb 15, 2023** | |HP EliteBook 830 / 840 / 850 G6| 128 GB / Intel i5 / 8 GB RAM | SKU with 5VS01AV, IR camera or fingerprint sensor required | **Nov 30, 2023** |
These resources can help answer questions that you might have about specific dev
- For more questions on Dell devices contact [MMD_at_dell@dell.com](mailto:MMD_at_dell@dell.com). -- For more questions on HP devices contact: Americas ([mmd-americas@hp.com](mailto:mmd-americas@hp.com)); Europe/Middle East/Africa ([mmd-emea@hp.com](mailto:mmd-emea@hp.com)); Asia Pacific/Japan ([mmd-apj@hp.com](mailto:mmd-apj@hp.com)); Global ([mmd@hp.com](mailto:mmd@hp.com))
+- For more questions on HP devices contact: Americas ([mmd-americas@hp.com](mailto:mmd-americas@hp.com)); Europe/Middle East/Africa ([mmd-emea@hp.com](mailto:mmd-emea@hp.com)); Asia Pacific/Japan ([mmd-apj@hp.com](mailto:mmd-apj@hp.com)); Global ([mmd@hp.com](mailto:mmd@hp.com))
managed-desktop Device List https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/service-description/device-list.md
The links to devices here are for your reference only. If you want to order devi
| Model | Minimum specifications | Additional requirements | Archive date | Retirement date | |-|-||-|--|
-| [Dell Latitude 5310 / 5310 2-in-1](https://www.dell.com/en-us/work/shop/2-in-1-laptops-tablets/new-latitude-5310-2-in-1-business-laptop/spd/latitude-13-5310-2-in-1-laptop) | 256 GB / Intel i5 / 8 GB RAM | IR camera required | April 28, 2022 | April 28, 2025 |
+| **\*[Dell Latitude 5320 / 5320 2-in-1](https://www.dell.com/en-us/work/shop/dell-laptops-and-notebooks/new-latitude-5320-laptop-or-2-in-1/spd/latitude-13-5320-2-in-1-laptop?)** | 256 GB / Intel i5 / 8 GB RAM | IR camera required | Jan 22, 2023 | Jan 22, 2026 |
| [Dell Latitude 3510](https://www.dell.com/en-us/work/shop/dell-laptops-and-notebooks/latitude-3510-business-laptop/spd/latitude-15-3510-laptop) | 256 GB / Intel i5 / 8 GB RAM | IR camera required | April 28, 2022 | April 28, 2025 |
-| [Dell Latitude 5410](https://www.dell.com/en-us/work/shop/dell-laptops-and-notebooks/new-latitude-5410-business-laptop/spd/latitude-14-5410-laptop) | 256 GB / Intel i5 / 8 GB RAM | IR camera required | April 28, 2022 | April 28, 2025 |
+| **\*[Dell Latitude 5420](https://www.dell.com/en-us/work/shop/dell-laptops-and-notebooks/new-latitude-5420-laptop/spd/latitude-5420-laptop?)** | 256 GB / Intel i5 / 8 GB RAM | IR camera required | Jan 02, 2023 | Jan 02, 2026 |
| [Dell Latitude 5510](https://www.dell.com/en-us/work/shop/laptops/15-5510/spd/latitude-15-5510-laptop)** | 256 GB / Intel i5 / 8 GB RAM | IR camera required | April 28, 2022 | April 28, 2025 | | [Dell Latitude 7310 / 7310 2-in-1](https://www.dell.com/en-us/work/shop/2-in-1-laptops-tablets/latitude-7310-business-laptop-or-2-in-1/spd/latitude-13-7310-2-in-1-laptop) | 256 GB / Intel i5 / 8 GB RAM | IR camera required | May 4, 2022 | May 4, 2025 | | **\*[Dell Latitude 7420 / 7420 2-in-1](https://www.dell.com/en-us/work/shop/dell-laptops-and-notebooks/new-latitude-7420-business-laptop-or-2-in-1/spd/latitude-14-7420-2-in-1-laptop)** | 256 GB / Intel i5 / 8 GB RAM | IR camera required | March 22, 2023 | March 22, 2026 |
-| [Dell Latitude 9410 2-in-1](https://www.dell.com/en-us/work/shop/laptops/new-14-9410-2-in-1/spd/latitude-14-9410-2-in-1-laptop) | 256 GB / Intel i5 / 8 GB RAM | IR camera required | May 5, 2022 | May 5, 2025 |
+| **\*[Dell Latitude 9420 2-in-1](https://www.dell.com/en-us/work/shop/scc/sr/laptops/latitude-laptops?~ck=mn)** | 256 GB / Intel i5 / 8 GB RAM | IR camera required | Apr 2023 | Apr 2026 |
| [Dell Latitude 9510](https://www.dell.com/en-us/work/shop/2-in-1-laptops-tablets/new-latitude-9510-laptop-or-2-in-1/spd/latitude-15-9510-2-in-1-laptop) | 256 GB / Intel i5 / 8 GB RAM | IR camera required | May 5, 2022 | May 5, 2025 | | [Dell Optiplex 3080](https://www.dell.com/en-us/work/shop/desktops-all-in-one-pcs/optiplex-3080-tower-and-small-form-factor/spd/optiplex-3080-desktop) | 128 GB / Intel i3 / 8 GB RAM | None | May 27, 2022 | May 27, 2025 | | [Dell Optiplex 7480](https://www.dell.com/en-us/work/shop/desktops-all-in-one-pcs/optiplex-7480-all-in-one-desktop/spd/optiplex-7480-aio) | 128 GB / Intel i3 / 8 GB RAM | None | May 15, 2022 | May 15, 2025 |
These resources can help answer questions that you might have about specific dev
- For more questions on Dell devices contact <a href="mailto:MMD_at_dell@dell.com">MMD_at_dell@dell.com</a>. -- For more questions on HP devices and device ordering instructions, contact: Americas (<a href="mailto:mmd-americas@hp.com">mmd-americas@hp.com</a>); Europe/Middle East/Africa (<a href="mailto:mmd-emea@hp.com">mmd-emea@hp.com</a>); Asia Pacific/Japan (<a href="mailto:mmd-apj@hp.com">mmd-apj@hp.com</a>); Global (<a href="mailto:mmd@hp.com">mmd@hp.com</a>)
+- For more questions on HP devices and device ordering instructions, contact: Americas (<a href="mailto:mmd-americas@hp.com">mmd-americas@hp.com</a>); Europe/Middle East/Africa (<a href="mailto:mmd-emea@hp.com">mmd-emea@hp.com</a>); Asia Pacific/Japan (<a href="mailto:mmd-apj@hp.com">mmd-apj@hp.com</a>); Global (<a href="mailto:mmd@hp.com">mmd@hp.com</a>)
security Onboard Windows 10 Multi Session Device https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/Onboard-Windows-10-multi-session-device.md
Applies to: - Windows 10 multi-session running on Windows Virtual Desktop (WVD)
-> [!IMPORTANT]
-> Welcome to Microsoft Defender for Endpoint, the new name for Microsoft Defender for Endpoint. Read more about this and other updates here. We'll be updating names in products and in the docs in the near future.
> [!WARNING] > Microsoft Defender for Endpoint support for Windows Virtual Desktop multi-session scenarios is currently in Preview and limited up to 25 concurrent sessions per host/VM. However, single session scenarios on Windows Virtual Desktop are fully supported.
-Microsoft Defender for Endpoint supports monitoring both VDI as well as Windows Virtual Desktop sessions. Depending on your organization's needs, you might need to implement VDI or Windows Virtual Desktop sessions to help your employees access corporate data and apps from an unmanaged device, remote location, or similar scenario. With Microsoft Defender for Endpoint, you can monitor these virtual machines for anomalous activity.
+Microsoft Defender for Endpoint supports monitoring both VDI and Windows Virtual Desktop sessions. Depending on your organization's needs, you might need to implement VDI or Windows Virtual Desktop sessions to help your employees access corporate data and apps from an unmanaged device, remote location, or similar scenario. With Microsoft Defender for Endpoint, you can monitor these virtual machines for anomalous activity.
## Before you begin
-Familiarize yourself with the [considerations for non-persistent VDI](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1). While [Windows Virtual Desktop](https://docs.microsoft.com/azure/virtual-desktop/overview) does not provide non-persistence options, it does provide ways to use a golden Windows image that can be used to provision new hosts and redeploy machines. This increases volatility in the environment and thus impacts what entries are created and maintained in the Microsoft Defender for Endpoint portal, potentially reducing visibility for your security analysts.
+Familiarize yourself with the [considerations for non-persistent VDI](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1). While [Windows Virtual Desktop](https://docs.microsoft.com/azure/virtual-desktop/overview) doesn't provide non-persistence options, it does provide ways to use a golden Windows image that can be used to provision new hosts and redeploy machines. This increases volatility in the environment and thus impacts what entries are created and maintained in the Microsoft Defender for Endpoint portal, potentially reducing visibility for your security analysts.
> [!NOTE] > Depending on your choice of onboarding method, devices can appear in Microsoft Defender for Endpoint portal as either: > - Single entry for each virtual desktop > - Multiple entries for each virtual desktop
-Microsoft recommends onboarding Windows Virtual Desktop as a single entry per virtual desktop. This ensures that the investigation experience in the Microsoft Defender Endpoint portal is in the context of one device based on the machine name. Organizations that frequently delete and re-deploy WVD hosts should strongly consider using this method as it prevents multiple objects for the same machine from being created in the Microsoft Defender for Endpoint portal. This can lead to confusion when investigating incidents. For test or non-volatile environments, you may opt to choose differently.
+Microsoft recommends onboarding Windows Virtual Desktop as a single entry per virtual desktop. This ensures that the investigation experience in the Microsoft Defender Endpoint portal is in the context of one device based on the machine name. Organizations that frequently delete and redeploy WVD hosts should strongly consider using this method as it prevents multiple objects for the same machine from being created in the Microsoft Defender for Endpoint portal. This can lead to confusion when investigating incidents. For test or non-volatile environments, you may opt to choose differently.
-Microsoft recommends adding the Microsoft Defender for Endpoint onboarding script to the WVD golden image. This way, you can be sure that this onboarding script runs immediately at first boot. It is executed as a startup script at first boot on all the WVD machines that are provisioned from the WVD golden image. However, if you are using one of the gallery images without modification, place the script in a shared location and call it from either local or domain group policy.
+Microsoft recommends adding the Microsoft Defender for Endpoint onboarding script to the WVD golden image. This way, you can be sure that this onboarding script runs immediately at first boot. It's executed as a startup script at first boot on all the WVD machines that are provisioned from the WVD golden image. However, if you're using one of the gallery images without modification, place the script in a shared location and call it from either local or domain group policy.
> [!NOTE]
-> The placement and configuration of the VDI onboarding startup script on the WVD golden image configures it as a startup script that runs when the WVD starts. It is NOT recommended to onboard the actual WVD golden image. Another consideration is the method used to run the script. It should run as early in the startup/provisioning process as possible to reduce the time between the machine being available to receive sessions and the device onboarding to the service. Below scenarios 1 & 2 take this into account.
+> The placement and configuration of the VDI onboarding startup script on the WVD golden image configures it as a startup script that runs when the WVD starts. It's NOT recommended to onboard the actual WVD golden image. Another consideration is the method used to run the script. It should run as early in the startup/provisioning process as possible to reduce the time between the machine being available to receive sessions and the device onboarding to the service. Below scenarios 1 & 2 take this into account.
### Scenarios There are several ways to onboard a WVD host machine:
For more information, see: [Onboard Windows 10 devices using Configuration Manag
#### Tagging your machines when building your golden image
-As part of your onboarding, you may want to consider setting a machine tag to be able to differentiate WVD machines more easily in the Microsoft Security Center. For more information, see
+As part of your onboarding, you may want to consider setting a machine tag to can differentiate WVD machines more easily in the Microsoft Security Center. For more information, see
[Add device tags by setting a registry key value](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/machine-tags#add-device-tags-by-setting-a-registry-key-value). #### Other recommended configuration settings When building your golden image, you may want to configure initial protection settings as well. For more information, see [Other recommended configuration settings](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/configure-endpoints-gp#other-recommended-configuration-settings).
-In addition, if you are using FSlogix user profiles, we recommend you exclude the following files from always-on protection:
+Also, if you're using FSlogix user profiles, we recommend you exclude the following files from always-on protection:
**Exclude Files:**
security TOC https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/TOC.md
#### [Phase 2: Setup](mcafee-to-microsoft-defender-setup.md) #### [Phase 3: Onboard](mcafee-to-microsoft-defender-onboard.md) ### [Switch from Symantec to Microsoft Defender for Endpoint]()
-#### [Overview of migration](symantec-to-microsoft-defender-atp-migration.md)
+#### [Overview of migration](symantec-to-microsoft-defender-endpoint-migration.md)
#### [Phase 1: Prepare](symantec-to-microsoft-defender-atp-prepare.md) #### [Phase 2: Setup](symantec-to-microsoft-defender-atp-setup.md) #### [Phase 3: Onboard](symantec-to-microsoft-defender-atp-onboard.md)
##### [Enable controlled folder access](enable-controlled-folders.md) ##### [Customize controlled folder access](customize-controlled-folders.md)
-### [Microsoft Defender Advanced Threat Protection for Mac]()
+### [Microsoft Defender for Endpoint for Mac]()
#### [Overview of Microsoft Defender for Endpoint for Mac](microsoft-defender-endpoint-mac.md) #### [What's New](mac-whatsnew.md)
#### [Configure Microsoft Defender Security Center time zone settings](time-settings.md)
+### [Address false positives/negatives in Microsoft Defender for Endpoint](defender-endpoint-false-positives-negatives.md)
+ ### [Configure integration with other Microsoft solutions]() #### [Configure conditional access](configure-conditional-access.md) #### [Configure Microsoft Cloud App Security integration](microsoft-cloud-app-security-config.md)
# [Microsoft 365 Security](../index.yml) # [Microsoft 365 Defender](../defender/index.yml)
-# [Defender for Office 365](../office-365-security/overview.md)
+# [Defender for Office 365](../office-365-security/overview.md)
security Advanced Features https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/advanced-features.md
You'll have access to upcoming features, which you can provide feedback on to he
Forwards endpoint security alerts and their triage status to Microsoft Compliance Center, allowing you to enhance insider risk management policies with alerts and remediate internal risks before they cause harm. Forwarded data is processed and stored in the same location as your Office 365 data.
-After configuring the [Security policy violation indicators](https://docs.microsoft.com/microsoft-365/compliance/insider-risk-management-settings.md#indicators) in the insider risk management settings, Defender for Endpoint alerts will be shared with insider risk management for applicable users.
+After configuring the [Security policy violation indicators](/microsoft-365/compliance/insider-risk-management-settings#indicators) in the insider risk management settings, Defender for Endpoint alerts will be shared with insider risk management for applicable users.
## Related topics
security Configure Siem https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-siem.md
To use either of these supported SIEM tools, you'll need to:
- [Enable SIEM integration in Defender for Endpoint](enable-siem-integration.md) - Configure the supported SIEM tool:
- - [Configure HP ArcSight to pull Defender for Endpoint detections](configure-arcsight.md)
+ - [Configure Micro Focus ArcSight to pull Defender for Endpoint detections](configure-arcsight.md)
- Configure IBM QRadar to pull Defender for Endpoint detections For more information, see [IBM Knowledge Center](https://www.ibm.com/support/knowledgecenter/SS42VS_DSM/com.ibm.dsm.doc/c_dsm_guide_MS_Win_Defender_ATP_overview.html?cp=SS42VS_7.3.1).
-For more information on the list of fields exposed in the Detection API see, [Defender for Endpoint Detection fields](api-portal-mapping.md).
+For more information on the list of fields exposed in the Detection API, see [Defender for Endpoint Detection fields](api-portal-mapping.md).
security Enable Controlled Folders https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/enable-controlled-folders.md
Use `Disabled` to turn off the feature.
* [Protect important folders with controlled folder access](controlled-folders.md) * [Customize controlled folder access](customize-controlled-folders.md)
-* [Evaluate Microsoft Defender for Endpoint](evaluate-atp.md)
+* [Evaluate Microsoft Defender for Endpoint](evaluate-mde.md)
security Evaluate Controlled Folder Access https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/evaluate-controlled-folder-access.md
See [Protect important folders with controlled folder access](controlled-folders
## See also * [Protect important folders with controlled folder access](controlled-folders.md)
-* [Evaluate Microsoft Defender for Endpoint](evaluate-atp.md)
+* [Evaluate Microsoft Defender for Endpoint](evaluate-mde.md)
* [Use audit mode](audit-windows-defender.md)
security Evaluate Mde https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/evaluate-mde.md
+
+ Title: Evaluate Microsoft Defender for Endpoint
+
+description: Evaluate the different security capabilities in Microsoft Defender for Endpoint.
+keywords: attack surface reduction, evaluate, next, generation, protection
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
++
+localization_priority: Normal
+
+audience: ITPro
++
+ms.technology: mde
++
+# Evaluate Microsoft Defender for Endpoint
++
+**Applies to:**
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+
+>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-enablesiem-abovefoldlink)
+
+[Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) is a unified platform for preventative protection, post-breach detection, automated investigation, and response.
+
+You can evaluate Microsoft Defender for Endpoint in your organization by [starting your free trial](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp).
+
+You can also evaluate the different security capabilities in Microsoft Defender for Endpoint by using the following instructions.
+
+## Evaluate attack surface reduction
+
+These capabilities help prevent attacks and exploitations from infecting your organization.
+
+- [Evaluate attack surface reduction](./evaluate-attack-surface-reduction.md)
+- [Evaluate exploit protection](./evaluate-exploit-protection.md)
+- [Evaluate network protection](./evaluate-exploit-protection.md)
+- [Evaluate controlled folder access](./evaluate-controlled-folder-access.md)
+- [Evaluate application guard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard)
+- [Evaluate network firewall](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples)
+
+## Evaluate next-generation protection
+
+Next gen protections help detect and block the latest threats.
+
+- [Evaluate antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus)
+
+## See Also
+
+[Microsoft Defender for Endpoint overview](microsoft-defender-endpoint.md)
security Event Error Codes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/event-error-codes.md
Title: Review events and errors using Event Viewer
-description: Get descriptions and further troubleshooting steps (if required) for all events reported by the Microsoft Defender for Endpoint service.
-keywords: troubleshoot, event viewer, log summary, failure code, failed, Microsoft Defender for Endpoint service, cannot start, broken, can't start
+description: Get descriptions and further troubleshooting steps (if necessary) for all events reported by the Microsoft Defender for Endpoint service.
+keywords: troubleshoot, event viewer, log summary, failure code, failed, Microsoft Defender for Endpoint service, can't start, broken, can't start
search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: m365-security
ms.technology: mde
You can review event IDs in the [Event Viewer](https://msdn.microsoft.com/library/aa745633(v=bts.10).aspx) on individual devices.
-For example, if devices are not appearing in the **Devices list**, you might need to look for event IDs on the devices. You can then use this table to determine further troubleshooting steps.
+For example, if devices aren't appearing in the **Devices list**, you might need to look for event IDs on the devices. You can then use this table to determine further troubleshooting steps.
**Open Event Viewer and find the Microsoft Defender for Endpoint service event log:**
For example, if devices are not appearing in the **Devices list**, you might nee
<tr> <td>1</td> <td>Microsoft Defender for Endpoint service started (Version <code>variable</code>).</td>
-<td>Occurs during system start up, shut down, and during onbboarding.</td>
+<td>Occurs during system startup, shut down, and during onboarding.</td>
<td>Normal operating notification; no action required.</td> </tr> <tr>
For example, if devices are not appearing in the **Devices list**, you might nee
<tr> <td>3</td> <td>Microsoft Defender for Endpoint service failed to start. Failure code: <code>variable</code>.</td>
-<td>Service did not start.</td>
+<td>Service didn't start.</td>
<td>Review other messages to determine possible cause and troubleshooting steps.</td> </tr> <tr>
This URL will match that seen in the Firewall or network activity.</td>
<td>5</td> <td>Microsoft Defender for Endpoint service failed to connect to the server at <code>variable</code>.</td> <td>Variable = URL of the Defender for Endpoint processing servers.<br>
-The service could not contact the external processing servers at that URL.</td>
+The service couldn't contact the external processing servers at that URL.</td>
<td>Check the connection to the URL. See <a href="configure-proxy-internet.md" data-raw-source="[Configure proxy and Internet connectivity](configure-proxy-internet.md)">Configure proxy and Internet connectivity</a>.</td> </tr> <tr> <td>6</td> <td>Microsoft Defender for Endpoint service is not onboarded and no onboarding parameters were found.</td>
-<td>The device did not onboard correctly and will not be reporting to the portal.</td>
+<td>The device didn't onboard correctly and won't be reporting to the portal.</td>
<td>Onboarding must be run before starting the service.<br> Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br> See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 devices](configure-endpoints.md)">Onboard Windows 10 devices</a>.</td>
See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 device
<tr> <td>7</td> <td>Microsoft Defender for Endpoint service failed to read the onboarding parameters. Failure: <code>variable</code>.</td>
-<td>Variable = detailed error description. The device did not onboard correctly and will not be reporting to the portal.</td>
+<td>Variable = detailed error description. The device didn't onboard correctly and won't be reporting to the portal.</td>
<td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br> See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 devices](configure-endpoints.md)">Onboard Windows 10 devices</a>.</td> </tr>
See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 device
<tr> <td>9</td> <td>Microsoft Defender for Endpoint service failed to change its start type. Failure code: <code>variable</code>.</td>
-<td><b>During onboarding:</b> The device did not onboard correctly and will not be reporting to the portal. <br><br><b>During offboarding:</b> Failed to change the service start type. The offboarding process continues. </td>
+<td><b>During onboarding:</b> The device didn't onboard correctly and won't be reporting to the portal. <br><br><b>During offboarding:</b> Failed to change the service start type. The offboarding process continues. </td>
<td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br> See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 devices](configure-endpoints.md)">Onboard Windows 10 devices</a>.</td> </tr> <tr> <td>10</td> <td>Microsoft Defender for Endpoint service failed to persist the onboarding information. Failure code: <code>variable</code>.</td>
-<td>The device did not onboard correctly and will not be reporting to the portal.</td>
+<td>The device didn't onboard correctly and won't be reporting to the portal.</td>
<td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br> See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 devices](configure-endpoints.md)">Onboard Windows 10 devices</a>.</td> </tr>
It may take several hours for the device to appear in the portal.</td>
<td>15</td> <td>Microsoft Defender for Endpoint cannot start command channel with URL: <code>variable</code>.</td> <td>Variable = URL of the Defender for Endpoint processing servers.<br>
-The service could not contact the external processing servers at that URL.</td>
+The service couldn't contact the external processing servers at that URL.</td>
<td>Check the connection to the URL. See <a href="configure-proxy-internet.md" data-raw-source="[Configure proxy and Internet connectivity](configure-proxy-internet.md)">Configure proxy and Internet connectivity</a>.</td> </tr> <tr>
If this error persists after a system restart, ensure all Windows updates have f
<tr> <td>25</td> <td>Microsoft Defender for Endpoint service failed to reset health status in the registry. Failure code: <code>variable</code>.</td>
-<td>The device did not onboard correctly.
+<td>The device didn't onboard correctly.
It will report to the portal, however the service may not appear as registered in SCCM or the registry.</td> <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br> See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 devices](configure-endpoints.md)">Onboard Windows 10 devices</a>.</td>
See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 device
<tr> <td>26</td> <td>Microsoft Defender for Endpoint service failed to set the onboarding status in the registry. Failure code: <code>variable</code>.</td>
-<td>The device did not onboard correctly.<br>
+<td>The device didn't onboard correctly.<br>
It will report to the portal, however the service may not appear as registered in SCCM or the registry.</td> <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br> See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 devices](configure-endpoints.md)">Onboard Windows 10 devices</a>.</td>
See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 device
<td>29</td> <td>Failed to read the offboarding parameters. Error type: %1, Error code: %2, Description: %3 </td> <td>This event occurs when the system can&#39;t read the offboarding parameters.</td>
-<td>Ensure the device has Internet access, then run the entire offboarding process again. Ensure the offboarding package has not expired.</td>
+<td>Ensure the device has Internet access, then run the entire offboarding process again. Ensure the offboarding package hasn't expired.</td>
</tr> <tr> <td>30</td>
Ensure real-time antimalware protection is running properly.</td>
<td>33</td> <td>Microsoft Defender for Endpoint service failed to persist SENSE GUID. Failure code: <code>variable</code>.</td> <td>A unique identifier is used to represent each device that is reporting to the portal.<br>
-If the identifier does not persist, the same device might appear twice in the portal.</td>
+If the identifier doesn't persist, the same device might appear twice in the portal.</td>
<td>Check registry permissions on the device to ensure the service can update the registry.</td> </tr> <tr>
See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 device
<tr> <td>39</td> <td>Network connection is identified as normal. Microsoft Defender for Endpoint will contact the server every %1 minutes. Metered connection: %2, internet available: %3, free network available: %4.</td>
-<td>The device is not using a metered/paid connection and will contact the server as usual.</td>
+<td>The device isn't using a metered/paid connection and will contact the server as usual.</td>
<td>Normal operating notification; no action required.</td> </tr> <tr>
See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 device
<tr> <td>46</td> <td>Failed to register and start the event trace session [%1] due to lack of resources. Error code: %2. This is most likely because there are too many active event trace sessions. The service will retry in 1 minute.</td>
-<td>An error occurred on service startup while creating ETW session due to lack of resources. The service started and is running, but will not report any sensor event until the ETW session is started.</td>
+<td>An error occurred on service startup while creating ETW session due to lack of resources. The service started and is running, but won't report any sensor event until the ETW session is started.</td>
<td>Normal operating notification; no action required. The service will try to start the session every minute.</td> </tr> <tr>
See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 device
<td>Check the error code. If the error persists contact Support.</td> </tr> </tr>
+<tr>
+ <td>49</td>
+ <td>Invalid cloud configuration command received and ignored. Version: %1, status: %2, error code: %3, message: %4</td>
+ <td>Received an invalid configuration file from the cloud service that was ignored.</td>
+ <td>If this error persists, contact Support.</td>
+</tr>
+<tr>
+ <td>50</td>
+ <td>New cloud configuration applied successfully. Version: %1.</td>
+ <td>Successfully applied a new configuration from the cloud service.</td>
+ <td>Normal operating notification; no action required.</td>
+</tr>
+<tr>
+ <td>51</td>
+ <td>New cloud configuration failed to apply, version: %1. Successfully applied the last known good configuration, version %2.</td>
+ <td>Received a bad configuration file from the cloud service. Last known good configuration was applied successfully.</td>
+ <td>If this error persists, contact Support.</td>
+</tr>
+<tr>
+ <td>52</td>
+ <td>New cloud configuration failed to apply, version: %1. Also failed to apply last known good configuration, version %2. Successfully applied the default configuration.</td>
+ <td>Received a bad configuration file from the cloud service. Failed to apply the last known good configuration - and the default configuration was applied.</td>
+ <td>The service will attempt to download a new configuration file within 5 minutes. If you don't see event #50 - contact Support.</td>
+</tr>
+<tr>
+ <td>53</td>
+ <td>Cloud configuration loaded from persistent storage, version: %1.</td>
+ <td>The configuration was loaded from persistent storage on service startup.</td>
+ <td>Normal operating notification; no action required.</td>
+</tr>
+<tr>
+ <td>55</td>
+ <td>Failed to create the Secure ETW autologger. Failure code: %1</td>
+ <td>Failed to create the secure ETW logger.</td>
+ <td>Reboot the device. If this error persists, contact Support.</td>
+</tr>
+<tr>
+ <td>56</td>
+ <td>Failed to remove the Secure ETW autologger. Failure code: %1</td>
+ <td>Failed to remove the secure ETW session on offboarding.</td>
+ <td>Contact Support.</td>
+</tr>
+<tr>
+ <td>57</td>
+ <td>Capturing a snapshot of the machine for troubleshooting purposes.</td>
+ <td>An investigation package, also known as forensics package, is being collected.</td>
+ <td>Normal operating notification; no action required.</td>
+</tr>
+<tr>
+ <td>59</td>
+ <td>Starting command: %1</td>
+ <td>Starting response command execution.</td>
+ <td>Normal operating notification; no action required.</td>
+</tr>
+<tr>
+ <td>60</td>
+ <td>Failed to run command %1, error: %2.</td>
+ <td>Failed to execute response command.</td>
+ <td>If this error persists, contact Support.</td>
+</tr>
+<tr>
+ <td>61</td>
+ <td>Data collection command parameters are invalid: SasUri: %1, compressionLevel: %2.</td>
+ <td>Failed to read or parse the data collection command arguments (invalid arguments).</td>
+ <td>If this error persists, contact Support.</td>
+</tr>
+<tr>
+ <td>62</td>
+ <td>Failed to start Connected User Experiences and Telemetry service. Failure code: %1</td>
+ <td>Connected User Experiences and Telemetry (diagtrack) service failed to start. Non-Microsoft Defender for Endpoint telemetry won't be sent from this machine.</td>
+ <td>Look for more troubleshooting hints in the event log: Microsoft-Windows-UniversalTelemetryClient/Operational.</td>
+</tr>
+<tr>
+ <td>63</td>
+ <td>Updating the start type of external service. Name: %1, actual start type: %2, expected start type: %3, exit code: %4</td>
+ <td>Updated start type of the external service.</td>
+ <td>Normal operating notification; no action required.</td>
+</tr>
+<tr>
+ <td>64</td>
+ <td>Starting stopped external service. Name: %1, exit code: %2</td>
+ <td>Starting an external service.</td>
+ <td>Normal operating notification; no action required.</td>
+</tr>
+<tr>
+ <td>65</td>
+ <td>Failed to load Microsoft Security Events Component Minifilter driver. Failure code: %1</td>
+ <td>Failed to load MsSecFlt.sys filesystem minifilter.</td>
+ <td>Reboot the device. If this error persists, contact Support.</td>
+</tr>
+<tr>
+ <td>66</td>
+ <td>Policy update: Latency mode - %1</td>
+ <td>The C&C connection frequency policy was updated.</td>
+ <td>Normal operating notification; no action required.</td>
+</tr>
+<tr>
+ <td>68</td>
+ <td>The start type of the service is unexpected. Service name: %1, actual start type: %2, expected start type: %3</td>
+ <td>Unexpected external service start type.</td>
+ <td>Fix the external service start type.</td>
+</tr>
+<tr>
+ <td>69</td>
+ <td>The service is stopped. Service name: %1</td>
+ <td>The external service is stopped.</td>
+ <td>Start the external service.</td>
+</tr>
+<tr>
+ <td>70</td>
+ <td>Policy update: Allow sample collection - %1</td>
+ <td>The sample collection policy was updated.</td>
+ <td>Normal operating notification; no action required.</td>
+</tr>
+<tr>
+ <td>71</td>
+ <td>Succeeded to run command: %1</td>
+ <td>The command was executed successfully.</td>
+ <td>Normal operating notification; no action required.</td>
+</tr>
+<tr>
+ <td>72</td>
+ <td>Tried to send first full machine profile report. Result code: %1</td>
+ <td>Informational only.</td>
+ <td>Normal operating notification; no action required.</td>
+</tr>
+<tr>
+ <td>73</td>
+ <td>Sense starting for platform: %1</td>
+ <td>Informational only.</td>
+ <td>Normal operating notification; no action required.</td>
+</tr>
+<tr>
+ <td>74</td>
+ <td>Device tag in registry exceeds length limit. Tag name: %2. Length limit: %1.</td>
+ <td>The device tag exceeds the length limit.</td>
+ <td>Use a shorter device tag.</td>
+</tr>
+<tr>
+ <td>81</td>
+ <td>Failed to create Windows Defender Advanced Threat Protection ETW autologger. Failure code: %1</td>
+ <td>Failed to create the ETW session.</td>
+ <td>Reboot the device. If this error persists, contact Support.</td>
+</tr>
+<tr>
+ <td>82</td>
+ <td>Failed to remove Windows Defender Advanced Threat Protection ETW autologger. Failure code: %1</td>
+ <td>Failed to delete the ETW session.</td>
+ <td>Contact Support.</td>
+</tr>
+<tr>
+ <td>84</td>
+ <td>Set Windows Defender Antivirus running mode. Force passive mode: %1, result code: %2.</td>
+ <td>Set defender running mode (active or passive).</td>
+ <td>Normal operating notification; no action required.</td>
+</tr>
+<tr>
+ <td>85</td>
+ <td>Failed to trigger Windows Defender Advanced Threat Protection executable. Failure code: %1</td>
+ <td>Starring SenseIR executable failed.</td>
+ <td>Reboot the device. If this error persists, contact Support.</td>
+</tr>
+<tr>
+ <td>86</td>
+ <td>Starting again stopped external service that should be up. Name: %1, exit code: %2</td>
+ <td>Starting the external service again.</td>
+ <td>Normal operating notification; no action required.</td>
+</tr>
+<tr>
+ <td>87</td>
+ <td>Cannot start the external service. Name: %1</td>
+ <td>Failed to start the external service.</td>
+ <td>Contact Support.</td>
+</tr>
+<tr>
+ <td>88</td>
+ <td>Updating the start type of external service again. Name: %1, actual start type: %2, expected start type: %3, exit code: %4</td>
+ <td>Updated the start type of the external service.</td>
+ <td>Normal operating notification; no action required.</td>
+</tr>
+<tr>
+ <td>89</td>
+ <td>Cannot update the start type of external service. Name: %1, actual start type: %2, expected start type: %3</td>
+ <td>Can't update the start type of the external service.</td>
+ <td>Contact Support.</td>
+</tr>
+<tr>
+ <td>90</td>
+ <td>Failed to configure System Guard Runtime Monitor to connect to cloud service in geo-region %1. Failure code: %2</td>
+ <td>System Guard Runtime Monitor won't send attestation data to the cloud service.</td>
+ <td>Check the permissions on register path: "HKLM\Software\Microsoft\Windows\CurrentVersion\Sgrm". If no issues spotted, contact Support.</td>
+</tr>
+<tr>
+ <td>91</td>
+ <td>Failed to remove System Guard Runtime Monitor geo-region information. Failure code: %1</td>
+ <td>System Guard Runtime Monitor won't send attestation data to the cloud service.</td>
+ <td>Check the permissions on register path: "HKLM\Software\Microsoft\Windows\CurrentVersion\Sgrm". If no issues spotted, contact Support.</td>
+</tr>
+<tr>
+ <td>92</td>
+ <td>Stopping sending sensor cyber data quota because data quota is exceeded. Will resume sending once quota period passes. State Mask: %1</td>
+ <td>Exceed throttling limit.</td>
+ <td>Normal operating notification; no action required.</td>
+</tr>
+<tr>
+ <td>93</td>
+ <td>Resuming sending sensor cyber data. State Mask: %1</td>
+ <td>Resume cyber data submission.</td>
+ <td>Normal operating notification; no action required.</td>
+</tr>
+<tr>
+ <td>94</td>
+ <td>Windows Defender Advanced Threat Protection executable has started</td>
+ <td>The SenseCE executable has started.</td>
+ <td>Normal operating notification; no action required.</td>
+</tr>
+<tr>
+ <td>95</td>
+ <td>Windows Defender Advanced Threat Protection executable has ended</td>
+ <td>The SenseCE executable has ended.</td>
+ <td>Normal operating notification; no action required.</td>
+</tr>
+<tr>
+ <td>96</td>
+ <td>Windows Defender Advanced Threat Protection Init has called. Result code: %2</td>
+ <td>The SenseCE executable has called MCE initialization.</td>
+ <td>Normal operating notification; no action required.</td>
+</tr>
+<tr>
+ <td>97</td>
+ <td>There are connectivity issues to the Cloud for the DLP scenario</td>
+ <td>There are network connectivity issues that affect the DLP classification flow.</td>
+ <td>Check the network connectivity.</td>
+</tr>
+<tr>
+ <td>98</td>
+ <td>The connectivity to the Cloud for the DLP scenario has been restored</td>
+ <td>The connectivity to the network was restored and the DLP classification flow can continue.</td>
+ <td>Normal operating notification; no action required.</td>
+</tr>
+<tr>
+ <td>99</td>
+ <td>Sense has encountered the following error while communicating with server: (%1). Result: (%2)</td>
+ <td>A communication error occurred.</td>
+ <td>Check the following events in the event log for further details.</td>
+</tr>
+<tr>
+ <td>100</td>
+ <td>Windows Defender Advanced Threat Protection executable failed to start. Failure code: %1</td>
+ <td>The SenseCE executable has failed to start.</td>
+ <td>Reboot the device. If this error persists, contact Support.</td>
+</tr>
+<tr>
+ <td>102</td>
+ <td>Windows Defender Advanced Threat Protection Network Detection and Response executable has started</td>
+ <td>The SenseNdr executable has started.</td>
+ <td>Normal operating notification; no action required.</td>
+</tr>
+<tr>
+ <td>103</td>
+ <td>Windows Defender Advanced Threat Protection Network Detection and Response executable has ended</td>
+ <td>The SenseNdr executable has ended.</td>
+ <td>Normal operating notification; no action required.</td>
+</tr>
</tbody> </table>
security Gov https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/gov.md
ms.technology: mde
**Applies to:** - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
-Microsoft Defender for Endpoint for US Government customers, built in the US Azure Government environment, uses the same underlying technologies as Defender for Endpoint in Azure Commercial.
+Microsoft Defender for Endpoint for US Government customers, built in the Azure US Government environment, uses the same underlying technologies as Defender for Endpoint in Azure Commercial.
This offering is available to GCC, GCC High, and DoD customers and is based on the same prevention, detection, investigation, and remediation as the commercial version. However, there are some differences in the availability of capabilities for this offering.
Microsoft Defender for Endpoint for US Government customers requires one of the
GCC | GCC High | DoD :|:|: Windows 10 Enterprise E5 GCC | Windows 10 Enterprise E5 for GCC High | Windows 10 Enterprise E5 for DOD
-| | Microsoft 365 E5 for GCC High |
-| | Microsoft 365 G5 Security for GCC High |
+| | Microsoft 365 E5 for GCC High | Microsoft 365 G5 for DOD
+| | Microsoft 365 G5 Security for GCC High | Microsoft 365 G5 Security for DOD
Microsoft Defender for Endpoint - GCC | Microsoft Defender for Endpoint for GCC High | Microsoft Defender for Endpoint for DOD ### Server licensing
GCC | GCC High | DoD
Microsoft Defender for Endpoint Server GCC | Microsoft Defender for Endpoint Server for GCC High | Microsoft Defender for Endpoint Server for DOD Azure Defender for Servers | Azure Defender for Servers - Government | Azure Defender for Servers - Government
-> [!NOTE]
-> DoD licensing will only be available at DoD general availability.
- <br> ## Portal URLs
Customer type | Portal URL
:|: GCC | https://gcc.securitycenter.microsoft.us GCC High | https://securitycenter.microsoft.us
-DoD (PREVIEW) | https://securitycenter.microsoft.us
+DoD | https://securitycenter.microsoft.us
<br>
DoD (PREVIEW) | https://securitycenter.microsoft.us
### Standalone OS versions The following OS versions are supported:
-OS version | GCC | GCC High | DoD (PREVIEW)
+OS version | GCC | GCC High | DoD
:|:|:|: Windows 10, version 20H2 (with [KB4586853](https://support.microsoft.com/help/4586853)) | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) Windows 10, version 2004 (with [KB4586853](https://support.microsoft.com/help/4586853)) | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg)
Windows 8.1 Enterprise | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/ch
Windows 8 Pro | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) Windows 7 SP1 Enterprise | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) Windows 7 SP1 Pro | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg)
-Linux | ![No](images/svg/check-no.svg) In development | ![No](images/svg/check-no.svg) In development | ![No](images/svg/check-no.svg) In development
-macOS | ![No](images/svg/check-no.svg) In development | ![No](images/svg/check-no.svg) In development | ![No](images/svg/check-no.svg) In development
+Linux | ![No](images/svg/check-no.svg) Rolling out | ![No](images/svg/check-no.svg) Rolling out | ![No](images/svg/check-no.svg) Rolling out
+macOS | ![No](images/svg/check-no.svg) Rolling out | ![No](images/svg/check-no.svg) Rolling out | ![No](images/svg/check-no.svg) Rolling out
Android | ![No](images/svg/check-no.svg) On engineering backlog | ![No](images/svg/check-no.svg) On engineering backlog | ![No](images/svg/check-no.svg) On engineering backlog iOS | ![No](images/svg/check-no.svg) On engineering backlog | ![No](images/svg/check-no.svg) On engineering backlog | ![No](images/svg/check-no.svg) On engineering backlog
iOS | ![No](images/svg/check-no.svg) On engineering backlog | ![No](images/svg/c
### OS versions when using Azure Defender for Servers The following OS versions are supported when using [Azure Defender for Servers](https://docs.microsoft.com/azure/security-center/security-center-wdatp):
-OS version | GCC | GCC High | DoD (PREVIEW)
+OS version | GCC | GCC High | DoD
:|:|:|: Windows Server 2016 | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) Windows Server 2012 R2 | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg)
Spreadsheet of domains list | Description
For more information, see [Configure device proxy and Internet connectivity settings](configure-proxy-internet.md). > [!NOTE]
-> The spreadsheet contains commercial URLs as well, make sure you check the "US Gov" tabs. <br> When filtering, look for the records labeled as "US Gov" and your specific cloud under the geography column.
+> The spreadsheet contains commercial URLs as well, make sure you check the "US Gov" tabs.
+>
+> When filtering, look for the records labeled as "US Gov" and your specific cloud under the geography column.
+
+### Service backend IP ranges
+
+If your network devices don't support DNS-based rules, use IP ranges instead.
+
+Defender for Endpoint for US Government customers is built in the Azure US Government environment, deployed in the following regions:
+
+- AzureCloud.usgovtexas
+- AzureCloud.usgovvirginia
+
+You can find the Azure IP ranges in [Azure IP Ranges and Service Tags ΓÇô US Government Cloud](https://www.microsoft.com/download/details.aspx?id=57063).
+
+> [!NOTE]
+> As a cloud-based solution, the IP address ranges can change. It's recommended you move to DNS-based rules.
<br> ## API Instead of the public URIs listed in our [API documentation](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/apis-intro), you'll need to use the following URIs:
-Endpoint type | GCC | GCC High & DoD (PREVIEW)
+Endpoint type | GCC | GCC High & DoD
:|:|: Login | `https://login.microsoftonline.com` | `https://login.microsoftonline.us` Defender for Endpoint API | `https://api-gcc.securitycenter.microsoft.us` | `https://api-gov.securitycenter.microsoft.us`
SIEM | `https://wdatp-alertexporter-us.gcc.securitycenter.windows.us` | `https:/
<br> ## Feature parity with commercial
-Defender for Endpoint doesn't have complete parity with the commercial offering. While our goal is to deliver all commercial features and functionality to our US Government customers, there are some capabilities not yet available we want to highlight.
+Defender for Endpoint for US Government customers doesn't have complete parity with the commercial offering. While our goal is to deliver all commercial features and functionality to our US Government customers, there are some capabilities not yet available we want to highlight.
-These are the known gaps as of February 2021:
+These are the known gaps as of March 2021:
-Feature name | GCC | GCC High | DoD (PREVIEW)
+Feature name | GCC | GCC High | DoD
:|:|:|: Automated investigation and remediation: Live response | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) Automated investigation and remediation: Response to Office 365 alerts | ![No](images/svg/check-no.svg) On engineering backlog | ![No](images/svg/check-no.svg) On engineering backlog | ![No](images/svg/check-no.svg) On engineering backlog
-Email notifications | ![No](images/svg/check-no.svg) Rolling out | ![No](images/svg/check-no.svg) Rolling out | ![No](images/svg/check-no.svg) Rolling out
+Email notifications | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg)
Evaluation lab | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) Management and APIs: Device health and compliance report | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg)
-Management and APIs: Integration with third-party products | ![No](images/svg/check-no.svg) In development | ![No](images/svg/check-no.svg) In development | ![No](images/svg/check-no.svg) In development
+Management and APIs: Integration with third-party products | ![No](images/svg/check-no.svg) Rolling out | ![No](images/svg/check-no.svg) Rolling out | ![No](images/svg/check-no.svg) Rolling out
Management and APIs: Streaming API | ![Yes](images/svg/check-yes.svg) | ![No](images/svg/check-no.svg) In development | ![No](images/svg/check-no.svg) In development Management and APIs: Threat protection report | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) Threat & vulnerability management | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg) | ![Yes](images/svg/check-yes.svg)
security Mac Install With Intune https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-install-with-intune.md
You do not need any special provisioning for a Mac device beyond a standard [Com
1. Confirm device management.
- ![Confirm device management screenshot](./images/mdatp-3-confirmdevicemgmt.png)
- Select **Open System Preferences**, locate **Management Profile** on the list, and select **Approve...**. Your Management Profile would be displayed as **Verified**: ![Management profile screenshot](/windows/security/threat-protection/microsoft-defender-antivirus/images/mdatp-4-managementprofile)
security Manage Indicators https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-indicators.md
You can create an indicator for:
> [!NOTE]
-> There is a limit of 15,000 indicators per tenant. File and certificate indicators do not block [exclusions defined for Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus). Indicators are not supported in Microsoft Defender Antivirus is in passive mode.
+> There is a limit of 15,000 indicators per tenant. File and certificate indicators do not block [exclusions defined for Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus). Indicators are not supported in Microsoft Defender Antivirus when it is in passive mode.
## Related topics
security Migration Guides https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/migration-guides.md
If you're considering switching from a non-Microsoft threat protection solution
|You do not have an endpoint protection solution yet, and you want to know more about how Microsoft Defender for Endpoint & Microsoft Defender Antivirus work. |[Microsoft Defender for Endpoint evaluation lab](evaluation-lab.md) | |You have Microsoft Defender for Endpoint & Microsoft Defender Antivirus and need some help getting everything set up and configured. |[Microsoft Defender for Endpoint deployment guide](deployment-phases.md) | |You're planning to migrate from McAfee Endpoint Security (McAfee) to Microsoft Defender for Endpoint & Microsoft Defender Antivirus. |[Switch from McAfee to Microsoft Defender for Endpoint](mcafee-to-microsoft-defender-migration.md) |
-|You're planning to migrate from Symantec Endpoint Protection (Symantec) to Microsoft Defender for Endpoint & Microsoft Defender Antivirus. |[Switch from Symantec to Microsoft Defender for Endpoint](symantec-to-microsoft-defender-atp-migration.md) |
+|You're planning to migrate from Symantec Endpoint Protection (Symantec) to Microsoft Defender for Endpoint & Microsoft Defender Antivirus. |[Switch from Symantec to Microsoft Defender for Endpoint](symantec-to-microsoft-defender-endpoint-migration.md) |
|You're planning to migrate from a non-Microsoft endpoint protection solution (other than McAfee or Symantec) to Microsoft Defender for Endpoint & Microsoft Defender Antivirus. |[Make the switch to Microsoft Defender for Endpoint](switch-to-microsoft-defender-migration.md) | |You've migrated to Microsoft Defender for Endpoint & Microsoft Defender Antivirus, and you need help with next steps, such as configuring additional features or fine-tuning your security settings. | [Manage Microsoft Defender for Endpoint, post-migration](manage-atp-post-migration.md) |
security Preview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/preview.md
ms.technology: mde
The Defender for Endpoint service is constantly being updated to include new feature enhancements and capabilities.
-> [!TIP]
-> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-preview-abovefoldlink)
- Learn about new features in the Defender for Endpoint preview release and be among the first to try upcoming features by turning on the preview experience. >[!TIP]
The following features are included in the preview release:
- [Device health and compliance report](machine-reports.md) <br/> The device health and compliance report provides high-level information about the devices in your organization. -- [Information protection](information-protection-in-windows-overview.md)<BR>
-Information protection is an integral part of Microsoft 365 Enterprise suite, providing intelligent protection to keep sensitive data secure while enabling productivity in the workplace. Microsoft Defender for Endpoint is seamlessly integrated in Microsoft Threat Protection to provide a complete and comprehensive data loss prevention (DLP) solution for Windows devices.
-
- >[!NOTE]
- >Partially available from Windows 10, version 1809.
--- [Onboard Windows Server 2019](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/configure-server-endpoints#windows-server-version-1803-and-windows-server-2019) <BR> Microsoft Defender for Endpoint now adds support for Windows Server 2019. You'll be able to onboard Windows Server 2019 in the same method available for Windows 10 client devices.-- > [!TIP] > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-preview-belowfoldlink)
security Production Deployment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/production-deployment.md
Title: Set up Microsoft Defender ATP deployment
-description: Learn how to setup the deployment for Microsoft Defender ATP
+ Title: Set up Microsoft Defender for Endpoint deployment
+description: Learn how to set up the deployment for Microsoft Defender for Endpoint
keywords: deploy, setup, licensing validation, tenant configuration, network configuration search.product: eADQiWindows 10XVcnh search.appverid: met150
In this deployment scenario, you'll be guided through the steps on:
>[!NOTE]
->For the purpose of guiding you through a typical deployment, this scenario will only cover the use of Microsoft Endpoint Configuration Manager. Defender for Endpoint supports the use of other onboarding tools but will not cover those scenarios in the deployment guide. For more information, see [Onboard devices to Microsoft Defender for Endpoint](onboard-configure.md).
+>For the purpose of guiding you through a typical deployment, this scenario will only cover the use of Microsoft Endpoint Configuration Manager. Defender for Endpoint supports the use of other onboarding tools but won't cover those scenarios in the deployment guide. For more information, see [Onboard devices to Microsoft Defender for Endpoint](onboard-configure.md).
## Check license state
Checking for the license state and whether it got properly provisioned, can be d
1. Alternately, in the admin center, navigate to **Billing** > **Subscriptions**.
- On the screen, you will see all the provisioned licenses and their current **Status**.
+ On the screen, you'll see all the provisioned licenses and their current **Status**.
![Image of billing licenses](images/atp-billing-subscriptions.png)
When accessing Microsoft Defender Security Center for the first time, a wizard t
4. Set up preferences.
- **Data storage location** - It's important to set this up correctly. Determine where the customer wants to be primarily hosted: US, EU, or UK. You cannot change the location after this set up and Microsoft will not transfer the data from the specified geolocation.
+ **Data storage location** - It's important to set this up correctly. Determine where the customer wants to be primarily hosted: US, EU, or UK. You can't change the location after this set up and Microsoft won't transfer the data from the specified geolocation.
**Data retention** - The default is six months.
When accessing Microsoft Defender Security Center for the first time, a wizard t
## Network configuration
-If the organization does not require the endpoints to use a Proxy to access the
+If the organization doesn't require the endpoints to use a Proxy to access the
Internet, skip this section. The Microsoft Defender for Endpoint sensor requires Microsoft Windows HTTP (WinHTTP) to
the following discovery methods:
If a Transparent proxy or WPAD has been implemented in the network topology, there is no need for special configuration settings. For more information on Microsoft Defender for Endpoint URL exclusions in the proxy, see the
-Appendix section in this document for the URLs allow list or on
-[Microsoft
-Docs](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection#enable-access-to-windows-defender-atp-service-urls-in-the-proxy-server).
-
-> [!NOTE]
-> For a detailed list of URLs that need to be allowed, please see [this article](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus).
+[Proxy Service URLs](production-deployment.md#proxy-service-urls) section in this document for the URLs allowlist or on
+[Configure device proxy and Internet connectivity settings](configure-proxy-internet.md#enable-access-to-microsoft-defender-for-endpoint-service-urls-in-the-proxy-server).
**Manual static proxy configuration:**
Docs](https://docs.microsoft.com/windows/security/threat-protection/windows-defe
Configure a registry-based static proxy to allow only Microsoft Defender for Endpoint sensor to report diagnostic data and communicate with Microsoft Defender for Endpoint
-services if a computer is not permitted to connect to the Internet. The static
+services if a computer isn't permitted to connect to the Internet. The static
proxy is configurable through Group Policy (GP). The group policy can be found under:
needed if the device is on Windows 10, version 1803 or later.
If a proxy or firewall is blocking anonymous traffic, as Microsoft Defender for Endpoint sensor is connecting from system context, make sure anonymous traffic is permitted in the listed URLs.
-The following downloadable spreadsheet lists the services and their associated URLs that your network must be able to connect to. Ensure that there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an *allow* rule specifically for them.
+The following downloadable spreadsheet lists the services and their associated URLs that your network must be able to connect to. Ensure there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an *allow* rule specifically for them.
|**Spreadsheet of domains list**|**Description**| |:--|:--| |![Thumb image for Microsoft Defender for Endpoint URLs spreadsheet](images/mdatp-urls.png)<br/> | Spreadsheet of specific DNS records for service locations, geographic locations, and OS. <br><br>[Download the spreadsheet here.](https://download.microsoft.com/download/8/e-urls.xlsx)
-### Microsoft Defender for Endpoint service backend IP range
+### Microsoft Defender for Endpoint service backend IP ranges
-If you network devices don't support the URLs listed in the prior section, you can use the following information.
+If your network devices don't support DNS-based rules, use IP ranges instead.
-Defender for Endpoint is built on Azure cloud, deployed in the following regions:
+Defender for Endpoint is built in Azure cloud, deployed in the following regions:
-- \+\<Region Name="uswestcentral">-- \+\<Region Name="useast2">-- \+\<Region Name="useast">-- \+\<Region Name="europenorth">-- \+\<Region Name="europewest">-- \+\<Region Name="uksouth">-- \+\<Region Name="ukwest">
+- AzureCloud.eastus
+- AzureCloud.eastus2
+- AzureCloud.westcentralus
+- AzureCloud.northeurope
+- AzureCloud.westeurope
+- AzureCloud.uksouth
+- AzureCloud.ukwest
-You can find the Azure IP range on [Microsoft Azure Datacenter IP Ranges](https://www.microsoft.com/en-us/download/details.aspx?id=41653).
+You can find the Azure IP ranges in [Azure IP Ranges and Service Tags ΓÇô Public Cloud](https://www.microsoft.com/download/details.aspx?id=56519).
+
+> [!NOTE]
+> As a cloud-based solution, the IP address ranges can change. It's recommended you move to DNS-based rules.
> [!NOTE]
-> As a cloud-based solution, the IP address range can change. It's recommended you move to DNS resolving setting.
+> If you are a US Government customer, please see the corresponding section in the [Defender for Endpoint for US Government](gov.md#service-backend-ip-ranges) page.
## Next step
security Switch To Microsoft Defender Migration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-migration.md
When you make the switch to Defender for Endpoint, you begin with your non-Micro
> [!TIP] > - If you're currently using McAfee Endpoint Security (McAfee), see [Migrate from McAfee to Microsoft Defender for Endpoint](mcafee-to-microsoft-defender-migration.md).
-> - If you're currently using Symantec Endpoint Protection (Symantec), see [Migrate from Symantec to Microsoft Defender for Endpoint](symantec-to-microsoft-defender-atp-migration.md).
+> - If you're currently using Symantec Endpoint Protection (Symantec), see [Migrate from Symantec to Microsoft Defender for Endpoint](symantec-to-microsoft-defender-endpoint-migration.md).
## The migration process
security Symantec To Microsoft Defender Atp Onboard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/symantec-to-microsoft-defender-atp-onboard.md
|| |*You are here!* |
-**Welcome to Phase 3 of [migrating from Symantec to Microsoft Defender for Endpoint](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)**. This migration phase includes the following steps:
+**Welcome to Phase 3 of [migrating from Symantec to Microsoft Defender for Endpoint](symantec-to-microsoft-defender-endpoint-migration.md#the-migration-process)**. This migration phase includes the following steps:
1. [Onboard devices to Microsoft Defender for Endpoint](#onboard-devices-to-microsoft-defender-for-endpoint). 2. [Run a detection test](#run-a-detection-test).
To do this, visit the Microsoft Defender for Endpoint demo scenarios site ([http
## Next steps
-**Congratulations**! You have completed your [migration from Symantec to Microsoft Defender for Endpoint](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)!
+**Congratulations**! You have completed your [migration from Symantec to Microsoft Defender for Endpoint](symantec-to-microsoft-defender-endpoint-migration.md#the-migration-process)!
- [Visit your security operations dashboard](security-operations-dashboard.md) in the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)). - [Manage Microsoft Defender for Endpoint, post migration](manage-atp-post-migration.md).
security Symantec To Microsoft Defender Atp Prepare https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/symantec-to-microsoft-defender-atp-prepare.md
|*You are here!*| | |
-**Welcome to the Prepare phase of [migrating from Symantec to Microsoft Defender for Endpoint](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)**.
+**Welcome to the Prepare phase of [migrating from Symantec to Microsoft Defender for Endpoint](symantec-to-microsoft-defender-endpoint-migration.md#the-migration-process)**.
This migration phase includes the following steps: 1. [Get Microsoft Defender for Endpoint](#get-microsoft-defender-for-endpoint).
To enable communication between your devices and Microsoft Defender for Endpoint
## Next step
-**Congratulations**! You have completed the **Prepare** phase of [migrating from Symantec to Microsoft Defender for Endpoint](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)!
+**Congratulations**! You have completed the **Prepare** phase of [migrating from Symantec to Microsoft Defender for Endpoint](symantec-to-microsoft-defender-endpoint-migration.md#the-migration-process)!
- [Proceed to set up Microsoft Defender for Endpoint](symantec-to-microsoft-defender-atp-setup.md).
security Symantec To Microsoft Defender Atp Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/symantec-to-microsoft-defender-atp-setup.md
||*You are here!* | |
-**Welcome to the Setup phase of [migrating from Symantec to Microsoft Defender for Endpoint](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)**. This phase includes the following steps:
+**Welcome to the Setup phase of [migrating from Symantec to Microsoft Defender for Endpoint](symantec-to-microsoft-defender-endpoint-migration.md#the-migration-process)**. This phase includes the following steps:
1. [Enable or reinstall Microsoft Defender Antivirus (for certain versions of Windows)](#enable-or-reinstall-microsoft-defender-antivirus-for-certain-versions-of-windows). 2. [Enable Microsoft Defender Antivirus](#enable-microsoft-defender-antivirus). 3. [Get updates for Microsoft Defender Antivirus](#get-updates-for-microsoft-defender-antivirus).
Using Configuration Manager and your device collection(s), configure your antima
## Next step
-**Congratulations**! You have completed the Setup phase of [migrating from Symantec to Microsoft Defender for Endpoint](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)!
+**Congratulations**! You have completed the Setup phase of [migrating from Symantec to Microsoft Defender for Endpoint](symantec-to-microsoft-defender-endpoint-migration.md#the-migration-process)!
- [Proceed to Phase 3: Onboard to Microsoft Defender for Endpoint](symantec-to-microsoft-defender-atp-onboard.md)
security Symantec To Microsoft Defender Endpoint Migration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/symantec-to-microsoft-defender-endpoint-migration.md
+
+ Title: Migrate from Symantec to Microsoft Defender for Endpoint
+description: Get an overview of how to make the switch from Symantec to Microsoft Defender for Endpoint
+keywords: migration, windows defender advanced threat protection, atp, edr
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.technology: mde
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
++
+localization_priority: Normal
+
+audience: ITPro
+
+ - M365-security-compliance
+ - m365solution-symantecmigrate
+ - m365solution-overview
+ Last updated : 03/03/2021++++
+# Migrate from Symantec to Microsoft Defender for Endpoint
+If you are planning to switch from Symantec Endpoint Protection (Symantec) to [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender for Endpoint), you're in the right place. Use this article as a guide.
+
+**Applies to:**
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
++
+When you make the switch from Symantec to Defender for Endpoint, you begin with your Symantec solution in active mode, configure Defender for Endpoint in passive mode, onboard to Defender for Endpoint, and then set Defender for Endpoint to active mode and remove Symantec.
+
+## The migration process
+
+When you switch from Symantec to Microsoft Defender for Endpoint, you follow a process that can be divided into three phases, as described in the following table:
+
+![Migration phases - prepare, setup, onboard](images/phase-diagrams/migration-phases.png)
+
+|Phase |Description |
+|--|--|
+|[Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md) |During the **Prepare** phase, you get Microsoft Defender for Endpoint, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. You also configure your device proxy and internet settings to enable communication between your organization's devices and Microsoft Defender for Endpoint. |
+|[Set up Microsoft Defender for Endpoint](symantec-to-microsoft-defender-atp-setup.md) |During the **Setup** phase, you configure settings and exclusions for Microsoft Defender Antivirus, Microsoft Defender for Endpoint, and Symantec Endpoint Protection. You also create device groups, collections, and organizational units. Finally, you configure your antimalware policies and real-time protection settings.|
+|[Onboard to Microsoft Defender for Endpoint](symantec-to-microsoft-defender-atp-onboard.md) |During the **Onboard** phase, you onboard your devices to Microsoft Defender for Endpoint and verify that those devices are communicating with Microsoft Defender for Endpoint. Last, you uninstall Symantec and make sure protection through Microsoft Defender for Endpoint is in active mode. |
+
+## What's included in Microsoft Defender for Endpoint?
+
+In this migration guide, we focus on [next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) and [endpoint detection and response](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/overview-endpoint-detection-response) capabilities as a starting point for moving to Microsoft Defender for Endpoint. However, Microsoft Defender for Endpoint includes much more than antivirus and endpoint protection. Microsoft Defender for Endpoint is a unified platform for preventative protection, post-breach detection, automated investigation, and response. The following table summarizes features and capabilities in Microsoft Defender for Endpoint.
+
+| Feature/Capability | Description |
+|||
+| [Threat & vulnerability management](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt) | Threat & vulnerability management capabilities help identify, assess, and remediate weaknesses across your endpoints (such as devices). |
+| [Attack surface reduction](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction) | Attack surface reduction rules help protect your organization's devices and applications from cyberthreats and attacks. |
+| [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) | Next-generation protection includes Microsoft Defender Antivirus to help block threats and malware. |
+| [Endpoint detection and response](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/overview-endpoint-detection-response) | Endpoint detection and response capabilities detect, investigate, and respond to intrusion attempts and active breaches. |
+| [Advanced hunting](advanced-hunting-overview.md) | Advanced hunting capabilities enable your security operations team to locate indicators and entities of known or potential threats. |
+| [Behavioral blocking and containment](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/behavioral-blocking-containment) | Behavioral blocking and containment capabilities help identify and stop threats, based on their behaviors and process trees even when the threat has started execution. |
+| [Automated investigation and remediation](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/automated-investigations) | Automated investigation and response capabilities examine alerts and take immediate remediation action to resolve breaches. |
+| [Threat hunting service](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-threat-experts) (Microsoft Threat Experts) | Threat hunting services provide security operations teams with expert level monitoring and analysis, and to help ensure that critical threats aren't missed. |
+
+**Want to learn more? See [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection).**
+
+## Next step
+
+- Proceed to [Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md).
security Manage Incidents https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/manage-incidents.md
Whenever a change or comment is made to an alert, it is recorded in the Comments
Added comments instantly appear on the pane. ## Add incident tags
-You can add custom tags to an incident, for example to flag a group of incidents with a common characteristics. You can later filter the incidents queue for all incidents that contain a specific tag.
+You can add custom tags to an incident, for example to flag a group of incidents with a common characteristic. You can later filter the incidents queue for all incidents that contain a specific tag.
security Mtp Permissions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/mtp-permissions.md
+
+ Title: Manage access to Microsoft 365 Defender data in the Microsoft 365 security center
+description: Learn how to manage permissions to data in Microsoft 365 Defender
+keywords: access, permissions, MTP, Microsoft Threat Protection, M365, security, MCAS, MDATP, Cloud App Security, Microsoft Defender Advanced Threat Protection, scope, scoping, RBAC
+search.product: eADQiWindows 10XVcnh
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+f1.keywords:
+ - NOCSH
++
+ms.localizationpriority: medium
+
+audience: ITPro
++
+search.appverid:
+ - MOE150
+ - MET150
+ms.technology: m365d
++
+# Manage access to Microsoft 365 Defender with Azure Active Directory global roles
+++
+**Applies to:**
+- Microsoft 365 Defender
+
+There are two ways to manage access to Microsoft 365 Defender
+- **Global Azure Active Directory (Azure AD) roles**
+- **Custom role access**
+
+Accounts assigned the following **Global Azure AD roles** can access Microsoft 365 Defender functionality and data:
+- Global administrator
+- Security administrator
+- Security Operator
+- Global Reader
+- Security Reader
+
+To review accounts with these roles, [view Permissions in the Microsoft 365 security center](https://security.microsoft.com/permissions).
+
+**Custom role** access is a new capability in Microsoft 365 Defender and allows you to manage access to specific data, tasks, and capabilities in Microsoft Defender 365. Custom roles offer more control than global Azure AD roles, providing users only the access they need with the least-permissive roles necessary. Custom roles can be created in addition to global Azure AD roles. [Learn more about custom roles](custom-roles.md).
+
+>![NOTE]
+>This article applies only to managing global Azure AD roles. For more information about using custom role-based access control, see [Custom roles for role-based access control](custom-roles.md)
+
+## Access to functionality
+Access to specific functionality is determined by your [Azure AD role](/azure/active-directory/users-groups-roles/directory-assign-admin-roles). Contact a global administrator if you need access to specific functionality that requires you or your user group be assigned a new role.
+
+### Approve pending automated tasks
+[Automated investigation and remediation](mtp-autoir-actions.md) can take action on emails, forwarding rules, files, persistence mechanisms, and other artifacts found during investigations. To approve or reject pending actions that require explicit approval, you must have certain roles assigned in Microsoft 365. To learn more, see [Action center permissions](mtp-action-center.md#required-permissions-for-action-center-tasks).
+
+## Access to data
+Access to Microsoft 365 Defender data can be controlled using the scope assigned to user groups in Microsoft Defender for Endpoint role-based access control (RBAC). If your access has not been scoped to a specific set of devices in the Defender for Endpoint, you will have full access to data in Microsoft 365 Defender. However, once your account is scoped, you will only see data about the devices in your scope.
+
+For example, if you belong to only one user group with a Microsoft Defender for Endpoint role and that user group has been given access to sales devices only, you will see only data about sales devices in Microsoft 365 Defender. [Learn more about RBAC settings in Microsoft Defender for Endpoint](/windows/security/threat-protection/microsoft-defender-atp/rbac)
+
+### Microsoft Cloud App Security access controls
+During the preview, Microsoft 365 Defender does not enforce access controls based on Cloud App Security settings. Access to Microsoft 365 Defender data is not affected by these settings.
+
+## Related topics
+- [Custom roles in role-based access control for Microsoft 365 Defender](custom-roles.md)
+- [Azure AD roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles)
+- [Microsoft Defender for Endpoint RBAC](/windows/security/threat-protection/microsoft-defender-atp/rbac)
+- [Cloud App Security roles](/cloud-app-security/manage-admins)
security Configure Mdo Anti Phishing Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-mdo-anti-phishing-policies.md
+
+ Title: Configure anti-phishing policies in Microsoft Defender for Office 365
+f1.keywords:
+ - NOCSH
+++
+audience: ITPro
+ Last updated : +
+localization_priority: Normal
+ms.assetid:
+
+ - M365-security-compliance
+description: Admins can learn how to create, modify, and delete the advanced anti-phishing policies that are available in organizations with Microsoft Defender for Office 365.
+ms.technology: mdo
++
+# Configure anti-phishing policies in Microsoft Defender for Office 365
++
+**Applies to**
+- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
+- [Microsoft 365 Defender](../defender/microsoft-365-defender.md)
+
+Anti-phishing policies in [Microsoft Defender for Office 365](defender-for-office-365.md) can help protect your organization from malicious impersonation-based phishing attacks and other types of phishing attacks. For more information about the differences between anti-phishing policies in Exchange Online Protection (EOP) and anti-phishing policies in Microsoft Defender for Office 365, see [Anti-phishing protection](anti-phishing-protection.md).
+
+Admins can view, edit, and configure (but not delete) the default anti-phishing policy. For greater granularity, you can also create custom anti-phishing policies that apply to specific users, groups, or domains in your organization. Custom policies always take precedence over the default policy, but you can change the priority (running order) of your custom policies.
+
+You can configure anti-phishing policies in the Security & Compliance Center or in Exchange Online PowerShell.
+
+For information about configuring the more limited in anti-phishing policies that are available in Exchange Online Protection organizations (that is, organizations without Microsoft Defender for Office 365), see [Configure anti-phishing policies in EOP](configure-anti-phishing-policies-eop.md).
+
+The basic elements of an anti-phishing policy are:
+
+- **The anti-phish policy**: Specifies the phishing protections to enable or disable, and the actions to apply options.
+- **The anti-phish rule**: Specifies the priority and recipient filters (who the policy applies to) for an anti-phish policy.
+
+The difference between these two elements isn't obvious when you manage anti-phishing policies in the Security & Compliance Center:
+
+- When you create a policy, you're actually creating an anti-phish rule and the associated anti-phish policy at the same time using the same name for both.
+- When you modify a policy, settings related to the name, priority, enabled or disabled, and recipient filters modify the anti-phish rule. All other settings modify the associated anti-phish policy.
+- When you remove a policy, the anti-phish rule and the associated anti-phish policy are removed.
+
+In Exchange Online PowerShell, you manage the policy and the rule separately. For more information, see the [Use Exchange Online PowerShell to configure anti-phishing policies in Microsoft Defender for Office 365](#use-exchange-online-powershell-to-configure-anti-phishing-policies-in-microsoft-defender-for-office-365) section later in this article.
+
+Every Microsoft Defender for Office 365 organization has a built-in anti-phishing policy named Office365 AntiPhish Default that has these properties:
+
+- The policy is applied to all recipients in the organization, even though there's no anti-phish rule (recipient filters) associated with the policy.
+- The policy has the custom priority value **Lowest** that you can't modify (the policy is always applied last). Any custom policies that you create always have a higher priority.
+- The policy is the default policy (the **IsDefault** property has the value `True`), and you can't delete the default policy.
+
+To increase the effectiveness of anti-phishing protection in Microsoft Defender for Office 365, you can create custom anti-phishing policies with stricter settings that are applied to specific users or groups of users.
+
+## What do you need to know before you begin?
+
+- You open the Security & Compliance Center at <https://protection.office.com/>. To go directly to the **ATP anti-phishing** page, use <https://protection.office.com/antiphishing>.
+
+- To connect to Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell).
+
+- You need to be assigned permissions in **Exchange Online** before you can do the procedures in this article:
+ - To add, modify, and delete anti-phishing policies, you need to be a member of the **Organization Management** or **Security Administrator** role groups.
+ - For read-only access to anti-phishing policies, you need to be a member of the **Global Reader** or **Security Reader** role groups<sup>\*</sup>.
+
+ For more information, see [Permissions in Exchange Online](/exchange/permissions-exo/permissions-exo).
+
+ **Notes**:
+
+ - Adding users to the corresponding Azure Active Directory role in the Microsoft 365 admin center gives users the required permissions _and_ permissions for other features in Microsoft 365. For more information, see [About admin roles](../../admin/add-users/about-admin-roles.md).
+ - The **View-Only Organization Management** role group in [Exchange Online](/Exchange/permissions-exo/permissions-exo#role-groups) also gives read-only access to the feature<sup>\*</sup>.
+ - <sup>\*</sup> In the Security & Compliance Center, read-only access allows users to view the settings of custom anti-phishing policies. Read-only users can't see the settings in the default anti-phishing policy.
+
+- For our recommended settings for anti-phishing policies in Microsoft Defender for Office 365, see [Anti-phishing policy in Defender for Office 365 settings](recommended-settings-for-eop-and-office365.md#anti-phishing-policy-settings-in-microsoft-defender-for-office-365).
+
+- Allow up to 30 minutes for a new or updated policy to be applied.
+
+- For information about where anti-phishing policies are applied in the filtering pipeline, see [Order and precedence of email protection](how-policies-and-protections-are-combined.md).
+
+## Use the Security & Compliance Center to create anti-phishing policies in Microsoft Defender for Office 365
+
+Creating a custom anti-phishing policy in the Security & Compliance Center creates the anti-phish rule and the associated anti-phish policy at the same time using the same name for both.
+
+When you create an anti-phishing policy, you can only specify the policy name, description, and the recipient filter that identifies who the policy applies to. After you create the policy, you can modify the policy to change or review the default anti-phishing settings.
+
+1. In the Security & Compliance Center, go to **Threat management** \> **Policy** \> **ATP anti-phishing**.
+
+2. On the **Anti-phishing** page, click **Create**.
+
+3. The **Create a new anti-phishing policy** wizard opens. On the **Name your policy** page, configure the following settings:
+
+ - **Name**: Enter a unique, descriptive name for the policy.
+
+ - **Description**: Enter an optional description for the policy.
+
+ When you're finished, click **Next**.
+
+4. On the **Applied to** page that appears, identify the internal recipients that the policy applies to.
+
+ You can only use a condition or exception once, but you can specify multiple values for the condition or exception. Multiple values of the same condition or exception use OR logic (for example, _\<recipient1\>_ or _\<recipient2\>_). Different conditions or exceptions use AND logic (for example, _\<recipient1\>_ and _\<member of group 1\>_).
+
+ Click **Add a condition**. In the dropdown that appears, select a condition under **Applied if**:
+
+ - **The recipient is**: Specifies one or more mailboxes, mail users, or mail contacts in your organization.
+ - **The recipient is a member of**: Specifies one or more groups in your organization.
+ - **The recipient domain is**: Specifies recipients in one or more of the configured accepted domains in the organization.
+
+ After you select the condition, a corresponding dropdown appears with an **Any of these** box.
+
+ - Click in the box and scroll through the list of values to select.
+ - Click in the box and start typing to filter the list and select a value.
+ - To add additional values, click in an empty area in the box.
+ - To remove individual entries, click **Remove** ![Remove icon](../../media/scc-remove-icon.png) on the value.
+ - To remove the whole condition, click **Remove** ![Remove icon](../../media/scc-remove-icon.png) on the condition.
+
+ To add an additional condition, click **Add a condition** and select a remaining value under **Applied if**.
+
+ To add exceptions, click **Add a condition** and select an exception under **Except if**. The settings and behavior are exactly like the conditions.
+
+ When you're finished, click **Next**.
+
+5. On the **Review your settings** page that appears, review your settings. You can click **Edit** on each setting to modify it.
+
+ When you're finished, click **Create this policy**.
+
+6. Click **OK** in the confirmation dialog that appears.
+
+After you create the anti-phishing policy with these general settings, use the instructions in the next section to configure the protection settings in the policy.
+
+## Use the Security & Compliance Center to modify anti-phishing policies in Microsoft Defender for Office 365
+
+Use the following procedures to modify anti-phishing policies: a new policy that you created, or existing policies that you've already customized.
+
+1. If you're not already there, open the Security & Compliance Center, and go to **Threat management** \> **Policy** \> **ATP anti-phishing**.
+
+2. Select the custom anti-phishing policy that you want to modify. If it's already selected, deselect it and select it again.
+
+3. The **Edit your policy \<name\>** flyout appears. Clicking **Edit** in any section gives you access to the settings in that section.
+
+ - The following steps are presented in the order that the sections appear, but they aren't sequential (you can select and modify the sections in any order).
+
+ - After you click **Edit** in a section, the available settings are presented in a wizard format, but you can jump within the pages in any order, and you can click **Save** on any page (or **Cancel** or **Close** ![Close icon](../../media/scc-remove-icon.png) to return to the **Edit your policy \<name\>** page (you aren't required to visit the last page of the wizard to save or leave).
+
+4. **Policy setting**: Click **Edit** to modify the same settings that were available when you [created the policy](#use-the-security--compliance-center-to-create-anti-phishing-policies-in-microsoft-defender-for-office-365) in the previous section:
+
+ - **Name**
+ - **Description**
+ - **Applied to**
+ - **Review your settings**
+
+ When you're finished, click **Save** on any page.
+
+5. **Impersonation**: Click **Edit** to modify the protected senders and protected domains in the policy. These settings are a condition for the policy that identifies spoofed senders to look for (individually or by domain) in the From address of inbound messages. For more information, see [Impersonation settings in anti-phishing policies in Microsoft Defender for Office 365](set-up-anti-phishing-policies.md#impersonation-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365).
+
+ - **Add users to protect**: The default value is **Off**. To turn it on, slide the toggle to **On**, and then click the **Add user** button that appears.
+
+ In the **Add user** flyout that appears, configure the following values:
+
+ - **Email address**:
+
+ - Click in the box and scroll through the list of users to select.
+ - Click in the box and start typing to filter the list and select a user.
+ - To remove an entry, click **Remove** ![Remove icon](../../media/scc-remove-icon.png) on the user.
+
+ - **Name**: This value is populated based on the email address you selected, but you can change it.
+
+ When you're finished, click **Save** on any page.
+
+ To edit an existing entry, select the protected user in the list.
+
+ > [!NOTE]
+ >
+ > - In each anti-phishing policy, you can specify a maximum of 60 protected users (sender email addresses). You can't specify the same protected user in multiple policies.
+ >
+ > - User impersonation protection does not work if the sender and recipient have previously communicated via email. If the sender and recipient have never communicated via email, the message will be identified as an impersonation attempt.
+
+ - **Add domains to protect**: Configure one or both of the following settings:
+
+ - **Automatically include the domains I own**: The default value is **Off**. To turn it on, slide the toggle to **On**.
+ - **Include custom domains**: The default value is **Off**. To turn it on, slide the toggle to **On**, and in the **Add domains** box, enter the domain name (for example, contoso.com), press ENTER, and repeat as necessary.
+
+ > [!NOTE]
+ > You can have a maximum of 50 domains in all anti-phishing policies.
+
+ - **Actions**: Click **Edit**
+
+ - **If email is sent by an impersonated user**: Configure one of the following actions for messages where the spoofed sender is one of the protected users you specified in **Add users to protect**:
+
+ - **Don't apply any action**
+ - **Redirect message to other email addresses**
+ - **Move message to Junk Email folder**
+ - **Quarantine the message**
+ - **Deliver the message and add other addresses to the Bcc line**
+ - **Delete the message before it's delivered**
+
+ - **If email is sent by an impersonated domain**: Configure one of the following actions for messages where the spoofed sender is in one of the protected domains you specified in **Add domains to protect**:
+
+ - **Don't apply any action**
+ - **Redirect message to other email addresses**
+ - **Move message to Junk Email folder**
+ - **Quarantine the message**
+ - **Deliver the message and add other addresses to the Bcc line**
+ - **Delete the message before it's delivered**
+
+ - Click **turn on impersonation safety tips** and configure any of the following settings:
+
+ - **Show tip for impersonated users**: The default value is **Off**. To turn it on, slide the toggle to **On**.
+ - **Show tip for impersonated domains**: The default value is **Off**. To turn it on, slide the toggle to **On**.
+ - **Show tip for unusual characters**: The default value is **Off**. To turn it on, slide the toggle to **On**.
+
+ When you're finished, click **Save**.
+
+ - **Mailbox intelligence**:
+
+ - **Enable mailbox intelligence?**: The default value is **On**. To turn it off, slide the toggle to **Off**.
+
+ - **Enable mailbox intelligence based impersonation protection?**: This setting is available only if **Enable mailbox intelligence?** is **On**. Turn on this setting to specify the action to take on messages for impersonation detections from mailbox intelligence results.
+
+ In **If email is sent by an impersonated user**, you can specify one of the following actions (the same actions that are available for protected users and protected domains):
+
+ - **Don't apply any action**: Note that this value has the same result as turning on **Enable mailbox intelligence?** but turning off **Enable mailbox intelligence based impersonation protection?**.
+ - **Redirect message to other email addresses**
+ - **Move message to Junk Email folder**
+ - **Quarantine the message**
+ - **Deliver the message and add other addresses to the Bcc line**
+ - **Delete the message before it's delivered**
+
+ - **Add trusted senders and domains**: Specify exceptions for the policy:
+
+ - **Trusted senders**:
+
+ - Click in the box and scroll through the list of users to select.
+ - Click in the box and start typing to filter the list and select a user.
+ - To remove an entry, click **Remove** ![Remove icon](../../media/scc-remove-icon.png) on the user.
+
+ - **Trusted domains**: Enter the domain name (for example, contoso.com), press ENTER, and repeat as necessary.
+
+ - **Review your settings**: Instead of clicking on each individual step, the settings are displayed in a summary.
+
+ - You can click **Edit** in each section to jump back to the relevant page.
+ - You can toggle the following settings **On** or **Off** directly on this page:
+
+ - **Protected users**
+ - **Protected domains** \> **Include domains I own**
+ - **Protected domains** \> **Protected domains** (custom domains)
+ - **Mailbox intelligence**
+
+ When you're finished, click **Save** on any page.
+
+6. **Spoof**: Click **Edit** to turn spoof intelligence on or off, turn unauthenticated sender identification in Outlook on or off, and configure the action to apply to messages from blocked spoofed senders. For more information, see [Spoof settings in anti-phishing policies](set-up-anti-phishing-policies.md#spoof-settings).
+
+ Note that these same settings are also available in anti-phishing policies in EOP.
+
+ - **Spoofing filter settings**: The default value is **On**, and we recommend that you leave it on. To turn it off, slide the toggle to **Off**. For more information, see [Configure spoof intelligence in EOP](learn-about-spoof-intelligence.md).
+
+ > [!NOTE]
+ > You don't need to disable anti-spoofing protection if your MX record doesn't point to Microsoft 365; you enable Enhanced Filtering for Connectors instead. For instructions, see [Enhanced Filtering for Connectors in Exchange Online](/Exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/enhanced-filtering-for-connectors).
+
+ - **Enable Unauthenticated Sender feature**: The default value is **On**. To turn it off, slide the toggle to **Off**.
+
+ - **Actions**: Specify the action to take on messages that fail spoof intelligence:
+
+ **If email is sent by someone who's not allowed to spoof your domain**:
+
+ - **Move message to the recipients' Junk Email folders**
+ - **Quarantine the message**
+
+ - **Review your settings**: Instead of clicking on each individual step, the settings are displayed in a summary.
+
+ - You can click **Edit** in each section to jump back to the relevant page.
+ - You can toggle the following settings **On** or **Off** directly on this page:
+ - **Enable antispoofing protection**
+ - **Enable Unauthenticated Sender feature**
+
+ When you're finished, click **Save** on any page.
+
+7. **Advanced settings**: Click **Edit** to configure the advanced phishing thresholds. For more information, see [Advanced phishing thresholds in anti-phishing policies in Microsoft Defender for Office 365](set-up-anti-phishing-policies.md#advanced-phishing-thresholds-in-anti-phishing-policies-in-microsoft-defender-for-office-365).
+
+ - **Advanced phishing thresholds**: Select one of the following values:
+
+ - **1 - Standard** (This is the default value.)
+ - **2 - Aggressive**
+ - **3 - More aggressive**
+ - **4 - Most aggressive**
+
+ - **Review your settings**: Click **Edit** to jump back to the **Advanced phishing thresholds** page.
+
+ When you're finished, click **Save** on either page.
+
+8. Back on the **Edit your policy \<Name\>** page, review your settings and then click **Close**.
+
+### Use the Security & Compliance Center to modify the default anti-phishing policy in Microsoft Defender for Office 365
+
+The default anti-phishing policy in Microsoft Defender for Office 365 is named Office365 AntiPhish Default, and it doesn't appear in the list of policies. To modify the default anti-phishing policy, do the following steps:
+
+1. In the Security & Compliance Center, go to **Threat management** \> **Policy** \> **ATP anti-phishing**.
+
+2. On the **Anti-phishing** page, click **Default policy**.
+
+3. The **Edit your policy Office365 AntiPhish Default** page appears. The following sections are available, which contain identical settings for when you [modify a custom policy](#use-the-security--compliance-center-to-modify-anti-phishing-policies-in-microsoft-defender-for-office-365):
+
+ - **Impersonation**
+ - **Spoof**
+ - **Advanced settings**
+
+ The following settings aren't available when you modify the default policy:
+
+ - You can see the **Policy setting** section and values, but there's no **Edit** link, so you can't modify the settings (policy name, description, and who the policy applies to (it applies to all recipients)).
+ - You can't delete the default policy.
+ - You can't change the priority of the default policy (it's always applied last).
+
+4. On the **Edit your policy Office365 AntiPhish Default** page, review your settings and then click **Close**.
+
+### Enable or disable custom anti-phishing policies in Microsoft Defender for Office 365
+
+1. In the Security & Compliance Center, go to **Threat management** \> **Policy** \> **ATP anti-phishing**.
+
+2. Notice the value in the **Status** column:
+
+ - Slide the toggle to **Off** to disable the policy.
+
+ - Slide the toggle to **On** to enable the policy.
+
+You can't disable the default anti-phishing policy.
+
+### Set the priority of custom anti-phishing policies in Microsoft Defender for Office 365
+
+By default, anti-phishing policies are given a priority that's based on the order they were created in (newer policies are lower priority than older policies). A lower priority number indicates a higher priority for the policy (0 is the highest), and policies are processed in priority order (higher priority policies are processed before lower priority policies). No two policies can have the same priority, and policy processing stops after the first policy is applied.
+
+For more information about the order of precedence and how multiple policies are evaluated and applied, see [Order and precedence of email protection](how-policies-and-protections-are-combined.md).
+
+Custom anti-phishing policies are displayed in the order they're processed (the first policy has the **Priority** value 0). The default anti-phishing policy named Office365 AntiPhish Default has the custom priority value **Lowest**, and you can't change it.
+
+ **Note**: In the Security & Compliance Center, you can only change the priority of the anti-phishing policy after you create it. In PowerShell, you can override the default priority when you create the anti-phish rule (which can affect the priority of existing rules).
+
+To change the priority of a policy, you click **Increase priority** or **Decrease priority** in the properties of the policy (you can't directly modify the **Priority** number in the Security & Compliance Center). Changing the priority of a policy only makes sense if you have multiple policies.
+
+1. In the Security & Compliance Center, go to **Threat management** \> **Policy** \> **ATP anti-phishing**.
+
+2. Select the policy that you want to modify. If it's already selected, deselect it and select it again.
+
+3. The **Edit your policy \<name\>** flyout appears.
+
+ - The custom anti-phishing policy with the **Priority** value **0** has only the **Decrease priority** button available.
+
+ - The custom anti-phishing policy with the lowest **Priority** value (for example, **3**) has only the **Increase priority** button available.
+
+ - If you have three or more custom anti-phishing policies, policies between the highest and lowest priority values have both the **Increase priority** and **Decrease priority** buttons available.
+
+4. Click **Increase priority** or **Decrease priority** to change the **Priority** value.
+
+5. When you're finished, click **Close**.
+
+## Use the Security & Compliance Center to view anti-phishing policies in Microsoft Defender for Office 365
+
+1. In the Security & Compliance Center, and go to **Threat management** \> **Policy** \> **ATP anti-phishing**.
+
+2. Do one of the following steps:
+
+ - Select a custom anti-phishing policy that you want to view. If it's already selected, deselect it and select it again.
+
+ - Click **Default policy** to view the default anti-phishing policy.
+
+3. The **Edit your policy \<name\>** flyout appears, where you can view the settings and values.
+
+## Use the Security & Compliance Center to remove anti-phishing policies in Microsoft Defender for Office 365
+
+1. In the Security & Compliance Center, go to **Threat management** \> **Policy** \> **ATP anti-phishing**.
+
+2. Select the policy that you want to remove. If it's already selected, deselect it and select it again.
+
+3. In the **Edit your policy \<name\>** flyout that appears, click **Delete policy**, and then click **Yes** in the warning dialog that appears.
+
+You can't remove the default policy.
+
+## Use Exchange Online PowerShell to configure anti-phishing policies in Microsoft Defender for Office 365
+
+As previously described, an anti-spam policy consists of an anti-phish policy and an anti-phish rule.
+
+In Exchange Online PowerShell, the difference between anti-phish policies and anti-phish rules is apparent. You manage anti-phish policies by using the **\*-AntiPhishPolicy** cmdlets, and you manage anti-phish rules by using the **\*-AntiPhishRule** cmdlets.
+
+- In PowerShell, you create the anti-phish policy first, then you create the anti-phish rule that identifies the policy that the rule applies to.
+- In PowerShell, you modify the settings in the anti-phish policy and the anti-phish rule separately.
+- When you remove an anti-phish policy from PowerShell, the corresponding anti-phish rule isn't automatically removed, and vice versa.
+
+### Use PowerShell to create anti-phishing policies
+
+Creating an anti-phishing policy in PowerShell is a two-step process:
+
+1. Create the anti-phish policy.
+2. Create the anti-phish rule that specifies the anti-phish policy that the rule applies to.
+
+ **Notes**:
+
+- You can create a new anti-phish rule and assign an existing, unassociated anti-phish policy to it. An anti-phish rule can't be associated with more than one anti-phish policy.
+
+- You can configure the following settings on new anti-phish policies in PowerShell that aren't available in the Security & Compliance Center until after you create the policy:
+
+ - Create the new policy as disabled (_Enabled_ `$false` on the **New-AntiPhishRule** cmdlet).
+ - Set the priority of the policy during creation (_Priority_ _\<Number\>_) on the **New-AntiPhishRule** cmdlet).
+
+- A new anti-phish policy that you create in PowerShell isn't visible in the Security & Compliance Center until you assign the policy to an anti-phish rule.
+
+#### Step 1: Use PowerShell to create an anti-phish policy
+
+To create an anti-phish policy, use this syntax:
+
+```PowerShell
+New-AntiPhishPolicy -Name "<PolicyName>" [-AdminDisplayName "<Comments>"] <Additional Settings>
+```
+
+This example creates anti-phish policy named Research Quarantine with the following settings:
+
+- The policy is enabled (we aren't using the _Enabled_ parameter, and the default value is `$true`).
+- The description is: Research department policy.
+- Enables organization domains protection for all accepted domains, and targeted domains protection for fabrikam.com.
+- Specifies Mai Fujito (mfujito@fabrikam.com) as the user to protect from impersonation.
+- Enables mailbox intelligence.
+- Enables mailbox intelligence protection, and specifies the quarantine action.
+- Enables safety tips.
+
+```powershell
+New-AntiPhishPolicy -Name "Monitor Policy" -AdminDisplayName "Research department policy" -EnableOrganizationDomainsProtection $true -EnableTargetedDomainsProtection $true -TargetedDomainsToProtect fabrikam.com -TargetedDomainProtectionAction Quarantine -EnableTargetedUserProtection $true -TargetedUsersToProtect "Mai Fujito;mfujito@fabrikam.com" -TargetedUserProtectionAction Quarantine -EnableMailboxIntelligence $true -EnableMailboxIntelligenceProtection $true -MailboxIntelligenceProtectionAction Quarantine -EnableSimilarUsersSafetyTips $true -EnableSimilarDomainsSafetyTips $true -EnableUnusualCharactersSafetyTips $true
+```
+
+For detailed syntax and parameter information, see [New-AntiPhishPolicy](/powershell/module/exchange/New-AntiPhishPolicy).
+
+#### Step 2: Use PowerShell to create an anti-phish rule
+
+To create an anti-phish rule, use this syntax:
+
+```PowerShell
+New-AntiPhishRule -Name "<RuleName>" -AntiPhishPolicy "<PolicyName>" <Recipient filters> [<Recipient filter exceptions>] [-Comments "<OptionalComments>"]
+```
+
+This example creates an anti-phish rule named Research Department with the following conditions:
+
+- The rule is associated with the anti-phish policy named Research Quarantine.
+- The rule applies to members of the group named Research Department.
+- Because we aren't using the _Priority_ parameter, the default priority is used.
+
+```powershell
+New-AntiPhishRule -Name "Research Department" -AntiPhishPolicy "Research Quarantine" -SentToMemberOf "Research Department"
+```
+
+For detailed syntax and parameter information, see [New-AntiPhishRule](/powershell/module/exchange/New-AntiPhishRule).
+
+### Use PowerShell to view anti-phish policies
+
+To view existing anti-phish policies, use the following syntax:
+
+```PowerShell
+Get-AntiPhishPolicy [-Identity "<PolicyIdentity>"] [| <Format-Table | Format-List> <Property1,Property2,...>]
+```
+
+This example returns a summary list of all anti-phish policies along with the specified properties.
+
+```PowerShell
+Get-AntiPhishPolicy | Format-Table Name,IsDefault
+```
+
+This example returns all the property values for the anti-phish policy named Executives.
+
+```PowerShell
+Get-AntiPhishPolicy -Identity "Executives"
+```
+
+For detailed syntax and parameter information, see [Get-AntiPhishPolicy](/powershell/module/exchange/Get-AntiPhishPolicy).
+
+### Use PowerShell to view anti-phish rules
+
+To view existing anti-phish rules, use the following syntax:
+
+```PowerShell
+Get-AntiPhishRule [-Identity "<RuleIdentity>"] [-State <Enabled | Disabled] [| <Format-Table | Format-List> <Property1,Property2,...>]
+```
+
+This example returns a summary list of all anti-phish rules along with the specified properties.
+
+```PowerShell
+Get-AntiPhishRule | Format-Table Name,Priority,State
+```
+
+To filter the list by enabled or disabled rules, run the following commands:
+
+```PowerShell
+Get-AntiPhishRule -State Disabled | Format-Table Name,Priority
+```
+
+```PowerShell
+Get-AntiPhishRule -State Enabled | Format-Table Name,Priority
+```
+
+This example returns all the property values for the anti-phish rule named Contoso Executives.
+
+```PowerShell
+Get-AntiPhishRule -Identity "Contoso Executives"
+```
+
+For detailed syntax and parameter information, see [Get-AntiPhishRule](/powershell/module/exchange/Get-AntiPhishrule).
+
+### Use PowerShell to modify anti-phish policies
+
+Other than the following items, the same settings are available when you modify an anti-phish policy in PowerShell as when you create the policy as described in the [Step 1: Use PowerShell to create an anti-phish policy](#step-1-use-powershell-to-create-an-anti-phish-policy) section earlier in this article.
+
+- The _MakeDefault_ switch that turns the specified policy into the default policy (applied to everyone, always **Lowest** priority, and you can't delete it) is only available when you modify an anti-phish policy in PowerShell.
+
+- You can't rename an anti-phish policy (the **Set-AntiPhishPolicy** cmdlet has no _Name_ parameter). When you rename an anti-phishing policy in the Security & Compliance Center, you're only renaming the anti-phish _rule_.
+
+To modify an anti-phish policy, use this syntax:
+
+```PowerShell
+Set-AntiPhishPolicy -Identity "<PolicyName>" <Settings>
+```
+
+For detailed syntax and parameter information, see [Set-AntiPhishPolicy](/powershell/module/exchange/Set-AntiPhishPolicy).
+
+### Use PowerShell to modify anti-phish rules
+
+The only setting that isn't available when you modify an anti-phish rule in PowerShell is the _Enabled_ parameter that allows you to create a disabled rule. To enable or disable existing anti-phish rules, see the next section.
+
+Otherwise, no additional settings are available when you modify an anti-phish rule in PowerShell. The same settings are available when you create a rule as described in the [Step 2: Use PowerShell to create an anti-phish rule](#step-2-use-powershell-to-create-an-anti-phish-rule) section earlier in this article.
+
+To modify an anti-phish rule, use this syntax:
+
+```PowerShell
+Set-AntiPhishRule -Identity "<RuleName>" <Settings>
+```
+
+For detailed syntax and parameter information, see [Set-AntiPhishRule](/powershell/module/exchange/set-antiphishrule).
+
+### Use PowerShell to enable or disable anti-phish rules
+
+Enabling or disabling an anti-phish rule in PowerShell enables or disables the whole anti-phishing policy (the anti-phish rule and the assigned anti-phish policy). You can't enable or disable the default anti-phishing policy (it's always applied to all recipients).
+
+To enable or disable an anti-phish rule in PowerShell, use this syntax:
+
+```PowerShell
+<Enable-AntiPhishRule | Disable-AntiPhishRule> -Identity "<RuleName>"
+```
+
+This example disables the anti-phish rule named Marketing Department.
+
+```PowerShell
+Disable-AntiPhishRule -Identity "Marketing Department"
+```
+
+This example enables same rule.
+
+```PowerShell
+Enable-AntiPhishRule -Identity "Marketing Department"
+```
+
+For detailed syntax and parameter information, see [Enable-AntiPhishRule](/powershell/module/exchange/enable-antiphishrule) and [Disable-AntiPhishRule](/powershell/module/exchange/disable-antiphishrule).
+
+### Use PowerShell to set the priority of anti-phish rules
+
+The highest priority value you can set on a rule is 0. The lowest value you can set depends on the number of rules. For example, if you have five rules, you can use the priority values 0 through 4. Changing the priority of an existing rule can have a cascading effect on other rules. For example, if you have five custom rules (priorities 0 through 4), and you change the priority of a rule to 2, the existing rule with priority 2 is changed to priority 3, and the rule with priority 3 is changed to priority 4.
+
+To set the priority of an anti-phish rule in PowerShell, use the following syntax:
+
+```PowerShell
+Set-AntiPhishRule -Identity "<RuleName>" -Priority <Number>
+```
+
+This example sets the priority of the rule named Marketing Department to 2. All existing rules that have a priority less than or equal to 2 are decreased by 1 (their priority numbers are increased by 1).
+
+```PowerShell
+Set-AntiPhishRule -Identity "Marketing Department" -Priority 2
+```
+
+**Notes**:
+
+- To set the priority of a new rule when you create it, use the _Priority_ parameter on the **New-AntiPhishRule** cmdlet instead.
+
+- The default anti-phish policy doesn't have a corresponding anti-phish rule, and it always has the unmodifiable priority value **Lowest**.
+
+### Use PowerShell to remove anti-phish policies
+
+When you use PowerShell to remove an anti-phish policy, the corresponding anti-phish rule isn't removed.
+
+To remove an anti-phish policy in PowerShell, use this syntax:
+
+```PowerShell
+Remove-AntiPhishPolicy -Identity "<PolicyName>"
+```
+
+This example removes the anti-phish policy named Marketing Department.
+
+```PowerShell
+Remove-AntiPhishPolicy -Identity "Marketing Department"
+```
+
+For detailed syntax and parameter information, see [Remove-AntiPhishPolicy](/powershell/module/exchange/Remove-AntiPhishPolicy).
+
+### Use PowerShell to remove anti-phish rules
+
+When you use PowerShell to remove an anti-phish rule, the corresponding anti-phish policy isn't removed.
+
+To remove an anti-phish rule in PowerShell, use this syntax:
+
+```PowerShell
+Remove-AntiPhishRule -Identity "<PolicyName>"
+```
+
+This example removes the anti-phish rule named Marketing Department.
+
+```PowerShell
+Remove-AntiPhishRule -Identity "Marketing Department"
+```
+
+For detailed syntax and parameter information, see [Remove-AntiPhishRule](/powershell/module/exchange/Remove-AntiPhishRule).
+
+## How do you know these procedures worked?
+
+To verify that you've successfully configured anti-phishing policies in Microsoft Defender for Office 365, do any of the following steps:
+
+- In the Security & Compliance Center, go to **Threat management** \> **Policy** \> **ATP anti-phishing**. Verify the list of policies, their **Status** values, and their **Priority** values. To view more details do either of the following steps:
+
+ - Select the policy from the list, and view the details in the flyout.
+ - Click **Default policy** and view the details in the flyout.
+
+- In Exchange Online PowerShell, replace \<Name\> with the name of the policy or rule, and run the following command and verify the settings:
+
+ ```PowerShell
+ Get-AntiPhishPolicy -Identity "<Name>"
+ ```
+
+ ```PowerShell
+ Get-AntiPhishRule -Identity "<Name>"
+ ```
security Find And Release Quarantined Messages As A User https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/find-and-release-quarantined-messages-as-a-user.md
After you select a message, you have options for what to do with the messages in
- **Remove from quarantine**: After you click **Yes** in the warning that appears, the message is immediately deleted.
+- **Block Sender**: This prevents the sender from sending messages to you.
+ When you're finished, click **Close**. If you don't release or remove the message, it will be deleted after the default quarantine retention period expires.
security Manage Quarantined Messages And Files https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/manage-quarantined-messages-and-files.md
After you select a message, you have several options for what to do with the mes
- **Download message**: In the flyout pane that appears, select **I understand the risks from downloading this message** to save a local copy of the message in .eml format.
+- **Block Sender**: This blocks the sender from sending emails to the admin recipient mailbox.
+ - **Submit message**: In the flyout pane that appears, choose the following options: - **Object type**: **Email** (default), **URL**, or **Attachment**.
The cmdlets you use to view and manages messages and files in quarantine are:
- [Get-QuarantineMessage](/powershell/module/exchange/get-quarantinemessage) -- [Preview-QuarantineMessage](/powershell/module/exchange/preview-quarantinemessage): Note that this cmdlet is only for messages, not malware files from Safe Attachments for SharePoint, OneDrive, and Microsoft Teams.
+- [Preview-QuarantineMessage](/powershell/module/exchange/preview-quarantinemessage): Note that this cmdlet is only for messages, not quarantined files from Safe Attachments for SharePoint, OneDrive, and Microsoft Teams.
-- [Release-QuarantineMessage](/powershell/module/exchange/release-quarantinemessage)
+- [Release-QuarantineMessage](/powershell/module/exchange/release-quarantinemessage)
security View And Release Quarantined Messages From Shared Mailboxes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/view-and-release-quarantined-messages-from-shared-mailboxes.md
Regardless of the method, users can avoid confusion by including the **Recipient
- Currently, the **Block sender** button is not available in the **Details** flyout for quarantined messages that were sent to the shared mailbox.
+- Regarding quarantine operations for shared mailboxes, if you use nested security groups to grant access to a shared mailbox, we recommend no more than two levels of nested groups. For example, Group A is a member of Group B, which is a member of Group C. To assign permissions to a shared mailbox, don't add the user to Group A and then assign Group C to the shared mailbox.
+ - To manage quarantined messages for the shared mailbox in [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell), the end-user will need to use the [Get-QuarantineMessage](/powershell/module/exchange/get-quarantinemessage) cmdlet with shared mailbox email address for the value of the _RecipientAddress_ parameter to identify the messages. For example: ```powershell
Regardless of the method, users can avoid confusion by including the **Recipient
- [Get-QuarantineMessage](/powershell/module/exchange/get-quarantinemessage) - [Get-QuarantineMessageHeader](/powershell/module/exchange/get-quarantinemessageheader) - [Preview-QuarantineMessage](/powershell/module/exchange/preview-quarantinemessage)
- - [Release-QuarantineMessage](/powershell/module/exchange/release-quarantinemessage)
+ - [Release-QuarantineMessage](/powershell/module/exchange/release-quarantinemessage)
solutions Configure Teams Baseline Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/configure-teams-baseline-protection.md
We also recommend turning on basic Defender for Office 365 features to guard aga
|:|:--| |Safe Attachments for SPO, OneDrive and Teams|[Safe Attachments](../security/office-365-security/safe-attachments.md)<br>[Defender for Office 365 - SharePoint, OneDrive, and Microsoft Teams](../security/office-365-security/mdo-for-spo-odb-and-teams.md)| |Safe Documents|[Safe Documents in Microsoft Defender for Office 365](../security/office-365-security/safe-docs.md)|
-|Safe Links for Teams|[Office 365 Safe Links in Teams](../security/office-365-security/safe-links.md#safe-links-settings-for-microsoft-teamssafe-links-settings-for-microsoft-teams)<br>[Safe Links](../security/office-365-security/safe-links.md)|
+|Safe Links for Teams|[Office 365 Safe Links in Teams](../security/office-365-security/safe-links.md)<br>[Safe Links](../security/office-365-security/safe-links.md)|
## Teams guest sharing
solutions Identity Design Principles https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/identity-design-principles.md
Sometimes scenarios call for adding an external user to a role (see the multi-te
In a sense, these are an evolution of the Exchange role groups model. However, Exchange Online has its own [role group management](/exchange/permissions-exo) interface. Some role groups in Exchange Online are locked and managed from Azure AD or the Security & Compliance Center, but others might have the same or similar names and are managed in Exchange Online (adding to the confusion). I recommend you avoid using the Exchange Online user interface unless you need scopes for Exchange management.
-You can't create custom roles. Roles are defined by services created by Microsoft and will grow as new services are introduced. This is similar in concept to [roles defined by applications](/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps) in Azure AD. When new services are enabled, often new role groups need to be created in order to grant or delegate access to these (for example, [insider risk management](../compliance/insider-risk-management-configure.md?view=o365-worldwide#step-1-required-enable-permissions-for-insider-risk-management)).
+You can't create custom roles. Roles are defined by services created by Microsoft and will grow as new services are introduced. This is similar in concept to [roles defined by applications](/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps) in Azure AD. When new services are enabled, often new role groups need to be created in order to grant or delegate access to these (for example, [insider risk management](../compliance/insider-risk-management-configure.md?view=o365-worldwide)).
These role groups also require direct membership and cannot contain Azure AD groups. Unfortunately, today these role groups are not supported by Azure AD PIM. Like Azure AD roles, I tend to recommend management of these through APIs or a partner governance product like Saviynt, or others.
solutions Microsoft 365 Guest Settings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/microsoft-365-guest-settings.md
Azure Active Directory is the directory service used by Microsoft 365. The Azure
![Screenshot of Azure Active Directory Organizational Relationships Settings page](../media/azure-ad-organizational-relationships-settings.png)
-|**Setting**|**Default**|**Description**|
+| Setting | Default | Description |
|:--|:--|:--| |Guest users permissions are limited|Yes|This setting affects the directory tasks that a guest can perform.| |Admins and users in the guest inviter role can invite|Yes|When set to **Yes**, admins can invite guests via Azure AD and via Microsoft 365 sharing experiences such as Teams and SharePoint; when set to **No**, they cannot.|
The Microsoft 365 admin center has organization-level settings for sharing and f
![Screenshot of the security and privacy guest sharing setting in the Microsoft 365 admin center](../media/sharepoint-security-privacy-sharing-setting.png)
-|**Setting**|**Default**|**Description**|
+| Setting | Default | Description |
|:--|:--|:--| |Let users add new guests to the organization|On|When set to **Yes**, Azure AD members can invite guests via Azure AD; when set to **No**, they cannot. When set to **Yes**, Microsoft 365 Group members can invite guests with owner approval; when set to **No**, Microsoft 365 Group members can invite guests with owner approval but owners must be global administrators to approve. <br><br>Note that **Members can invite** refers to members in Azure AD (as opposed to guests) and not to site or group members in Microsoft 365. <br><br>This is identical to the **Members can invite** setting in Azure Active Directory Organizational relationships settings.|
The Microsoft 365 admin center has organization-level settings for sharing and f
![Screenshot of Microsoft 365 Groups guest settings in Microsoft 365 admin center](../media/office-365-groups-guest-settings.png)
-|**Setting**|**Default**|**Description**|
+| Setting | Default | Description |
|:--|:--|:--| |Let group members outside your organization access group content|On|When set to **On**, guests can access groups content; when set to **Off**, they can't. This setting should be **On** for any scenario where guests are interacting with Microsoft 365 Groups or Teams.| |Let group owners add people outside your organization to groups|On|When **On**, Owners of Microsoft 365 Groups or Teams can invite new guests to the group. When **Off**, owners can only invite guests who are already in the directory.|
The Teams master guest access switch, **Allow guest access in Teams**, must be *
![Screenshot of Teams guest access toggle](../media/teams-guest-access-toggle.png)
-|**Setting**|**Default**|**Description**|
+| Setting | Default | Description |
|:--|:--|:--| |Allow guest access in Teams|Off|Turns guest access on or off for Teams overall. This setting can take 24 hours to take effect once changed.|
The Teams master guest access switch, **Allow guest access in Teams**, must be *
![Screenshot of Teams guest calling options](../media/teams-guest-calling-setting.png)
-|**Setting**|**Default**|**Description**|
+| Setting | Default | Description |
|:--|:--|:--| |Make private calls|On|When **On**, guests can make peer-to-peer calls in Teams; when **Off**, they can't.|
The Teams master guest access switch, **Allow guest access in Teams**, must be *
![Screenshot of Teams guest meeting settings](../media/teams-guest-meeting-settings.png)
-|**Setting**|**Default**|**Description**|
+| Setting | Default | Description |
|:--|:--|:--| |Allow IP video|On|When **On**, guests can use video in their calls and meetings; when **Off**, they can't.| |Screen sharing mode|Entire screen|When **Disabled**, guests can't share their screens in Teams. When set to **Single application**, guests can only share a single application on their screen. When set to **Entire screen**, guests can choose to share an application or their entire screen.|
The Teams master guest access switch, **Allow guest access in Teams**, must be *
![Screenshot of Teams guest messaging settings](../media/teams-guest-messaging-settings.png)
-|**Setting**|**Default**|**Description**|
+| Setting | Default | Description |
|:--|:--|:--| |Edit sent messages|On|When **On**, guests can edit messages they previously sent; when **Off**, they can't.| |Delete sent messages|On|When **On**, guests can delete messages they previously sent; when **Off**, they can't.|
Because OneDrive is a hierarchy of sites within SharePoint, the organization-lev
![Screenshot of SharePoint organization-level sharing settings](../media/sharepoint-organization-external-sharing-controls.png)
-|**Setting**|**Default**|**Description**|
+| Setting | Default | Description |
|:--|:--|:--| |SharePoint|Anyone|Specifies the most permissive sharing permissions allowed for SharePoint sites.| |OneDrive|Anyone|Specifies the most permissive sharing permissions allowed for OneDrive sites. This setting cannot be more permissive than the SharePoint setting.|
Because OneDrive is a hierarchy of sites within SharePoint, the organization-lev
![Screenshot of SharePoint organization-level additional sharing settings](../media/sharepoint-organization-advanced-sharing-settings.png)
-|**Setting**|**Default**|**Description**|
+| Setting | Default | Description |
|:--|:--|:--| |Limit external sharing by domain|Off|This setting allows you to specify a list of allowed or blocked domains for sharing. When allowed domains are specified, then sharing invitations can only be sent to those domains. When denied domains are specified, then sharing invitations cannot be sent to those domains.<br><br> This setting affects all SharePoint and OneDrive sites in the organization.| |Guests must sign in using the same account to which sharing invitations are sent|Off|Prevents guests from redeeming site sharing invitations using a different email address than the invitation was sent to.<br><br>[SharePoint and OneDrive integration with Azure AD B2B (Preview)](/sharepoint/sharepoint-azureb2b-integration-preview) does not use this setting because all guests are added to the directory based on the email address that the invitation was sent to. Alternate email addresses cannot be used to access the site.|
When files and folders are shared in SharePoint and OneDrive, sharing recipients
![Screenshot of SharePoint organization-level files and folders sharing settings](../media/sharepoint-organization-files-folders-sharing-settings.png)
-|**Setting**|**Default**|**Description**|
+| Setting | Default | Description |
|:--|:--|:--| |File and folder links|Anyone with the link|Specifies which sharing link is shown by default when a user shares a file or folder. Users can change the option before sharing if they want. If the default is set to **Anyone with the link** and *Anyone* sharing is not allowed for a given site, then **Only people in your organization** will be shown as the default for that site.| |These links must expire within this many days|Off (no expiration)|Specifies the number of days after an *Anyone* link is created that it expires. Expired links cannot be renewed. Create a new link if you need to continue sharing past the expiration.|
If you want to limit who can share with guests in SharePoint and OneDrive, you c
![Screenshot of SharePoint organization-level sharing security group settings](../media/sharepoint-organization-external-sharing-security-groups.png)
-|**Setting**|**Default**|**Description**|
+| Setting | Default | Description |
|:--|:--|:--| |Let only users in selected security groups share with authenticated external users|Off|When **On**, only the people in the specified security groups can share with people outside the organization. Only *Specific people* links are available. *Anyone* sharing is effectively disabled unless **Let only users in selected security groups share with authenticated external users and using anonymous links** is also **On**| |Let only users in selected security groups share with authenticated external users and using anonymous links|Off|When **On**, only the people in the specified security groups can share with guests. Both *Anyone* and *Specific people* links are available.|
If the site has a sensitivity label applied, that label may control the external
![Screenshot of SharePoint site external sharing settings](../media/sharepoint-site-external-sharing-settings.png)
-|**Setting**|**Default**|**Description**|
+| Setting | Default | Description |
|:--|:--|:--| |Site content can be shared with|Varies by site type (see the table below)|Indicates the type of external sharing allowed for this site. Options available here are subject to the organization-level sharing settings for SharePoint.|
You can set defaults for link type and permissions, and expiration settings for
![Screenshot of SharePoint site-level link sharing settings](../media/sharepoint-site-link-sharing-settings.png)
-|**Setting**|**Default**|**Description**|
+| Setting | Default | Description |
|:--|:--|:--| |Limit sharing by domain|Off|This setting allows you to specify a list of allowed or blocked domains for sharing. When allowed domains are specified, then sharing invitations can only be sent to those domains. When denied domains are specified, then sharing invitations cannot be sent to those domains.<br><br> This setting cannot be used to override domain restrictions set at the organization or Azure AD level.| |Default sharing link type|Same as organization-level setting|This setting allows you to specify the default sharing link presented to users in this site. The *Same as organization-level setting* option is defined by a combination of organization and site sharing settings.|
You can set defaults for link type and permissions, and expiration settings for
The table below shows the default sharing setting for each site type.
-|**Site type**|**Default sharing setting**|
+| Site type | Default sharing setting |
|:--|:--| |Classic|**Only people in your organization**| |OneDrive|**Anyone**|
solutions Productivity Illustrations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/productivity-illustrations.md
The logical architecture of productivity services in Microsoft 365, leading with
### Groups in Microsoft 365 for IT Architects
-What IT architects need to know about groups in Microsoft 365
+This illustration includes information for IT architects about Microsoft 365 Groups. To learn about configuring and administering Microsoft 365 Groups and teams for collaboration in your organization, see [Set up secure collaboration with Microsoft 365](/microsoft-365/solutions/setup-secure-collaboration-with-teams) and [What is collaboration governance?](/microsoft-365/solutions/collaboration-governance-overview).
| Item | Description | |:--|:--|
This set of illustrations uses one of the most regulated industries, financial s
### Security and Information Protection for Multi-Region Organizations
-Security and information protection for multi-region organizations with a single microsoft 365 tenant
+Security and information protection for multi-region organizations with a single Microsoft 365 tenant
| Item | Description | |:--|:--|
For more information, see the article for this poster: [Configure a team with se
[Architectural models for SharePoint, Exchange, Skype for Business, and Lync](../enterprise/architectural-models-for-sharepoint-exchange-skype-for-business-and-lync.md)
-[Cloud adoption Test Lab Guides (TLGs)](../enterprise/cloud-adoption-test-lab-guides-tlgs.md)
+[Cloud adoption Test Lab Guides (TLGs)](../enterprise/cloud-adoption-test-lab-guides-tlgs.md)