Docs update tracker

Updates from: 03/03/2022 02:16:21

Category	Microsoft Docs article	Related commit history on GitHub	Change details
admin	Remove Former Employee	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/remove-former-employee.md	To complete the steps in this series, you use these Microsoft 365 capabilities a \|Outlook\|Import pst files, add mailbox \| \|Active Directory\|Remove users in hybrid environments \| -## Watch: Delete a user - -> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE1FOfR?autoplay=false] - -When an employee leaves the company, you'll need to remove them from Microsoft 365 for business. Before doing so, you should block them from accessing company files, preserve the documents they created, and perform several other admin tasks associated with removing a user. - -1. From the admin center, select Users, and choose Active users. -1. Select the user you want to remove, and then select Delete user. -1. Check the box to remove their license, and check the box to remove their email aliases. -1. Check the box to give another user access to the former employeeΓÇÖs email, and choose Select a user and set email options. -1. To remove associated email aliases, select X next to their aliases. -1. Review the shared mailbox information, and select Finish. -1. Confirm your options are set correctly, and choose Assign and convert. -1. Review your results, and select Close. - -After you remove a user, you have up to 30 days to restore their account. ## Solution: Remove a former employee After you remove a user, you have up to 30 days to restore their account. \|[Step 6 - Remove and delete the Microsoft 365 license from a former employee](remove-former-employee-step-6.md)\|When you remove a license, you can assign it to someone else. Or, you can delete the license so you don't pay for it until you hire another person. <p> When you remove or delete a license, the user's old email, contacts, and calendar are retained for 30 days, then permanently deleted. If you remove or delete a license but don't delete the account, the content in the user's OneDrive will remain accessible to you even after 30 days.\| \|[Step 7 - Delete a former employee's user account](remove-former-employee-step-7.md)\|This removes the account from your admin center. Keeps things clean.\| + ## Watch: Delete a user + +> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE1FOfR?autoplay=false] + +When an employee leaves the company, you'll need to remove them from Microsoft 365 for business. Before doing so, you should block them from accessing company files, preserve the documents they created, and perform several other admin tasks associated with removing a user. + +1. From the admin center, select Users, and choose Active users. +1. Select the user you want to remove, and then select Delete user. +1. Check the box to remove their license, and check the box to remove their email aliases. +1. Check the box to give another user access to the former employeeΓÇÖs email, and choose Select a user and set email options. +1. To remove associated email aliases, select X next to their aliases. +1. Review the shared mailbox information, and select Finish. +1. Confirm your options are set correctly, and choose Assign and convert. +1. Review your results, and select Close. + +After you remove a user, you have up to 30 days to restore their account. ## Related content [Restore a user](restore-user.md) (article)\
admin	Capabilities	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/capabilities.md	Basic Mobility and Security can help you secure and manage mobile devices like i ## Supported operating systems -Follow the Microsoft Intune operating systems guide for supported operating systems for devices using Basic Mobility and Security. For more info, see [Intune supported operating systems](/mem/intune/fundamentals/supported-devices-browsers). +Follow the Microsoft Intune operating systems guide for the minimum supported operating systems for devices by Basic Mobility and Security. For more info, see [Intune supported operating systems](/mem/intune/fundamentals/supported-devices-browsers). + +You can use Basic Mobility and Security to secure and manage the following devices. + +- iOS +- Android (including Samsung Knox)<sup>1</sup> +- Windows<sup>2, 3</sup> + +<sup>1</sup>After June 2020, Android versions later than 9 can't manage password settings except on Samsung Knox devices. + +<sup>2</sup>Access control for Windows 8.1 RT devices is limited to Exchange ActiveSync. + +<sup>3</sup>Access control for Windows 10 requires a subscription that includes Azure AD Premium and the device needs to be joined to Azure Active Directory. > [!NOTE] > Devices already enrolled with earlier OS versions continue to function although the capabilities might change without notice. The following sections list the policy settings you can use to help secure and m ## Security settings -\|Setting name\|iOS 7.1 and later\|Android 5 and later\|Samsung Knox\| +\|Setting name\|iOS \|Android\|Samsung Knox\| \|:--\|:--\|:--\|:--\| \|Require a password\|Yes\|Yes\|Yes\| \|Prevent simple password\|Yes\|No\|No\| The following sections list the policy settings you can use to help secure and m ## Encryption settings -\|Setting name\|iOS 7.1 and later\|Android 5 and later\|Samsung Knox\| +\|Setting name\|iOS \|Android\|Samsung Knox\| \|:--\|:--\|:--\|:--\| \|Require data encryption on devices<sup>1</sup> \|No\|Yes\|Yes\| The following sections list the policy settings you can use to help secure and m ## Jail broken setting -\|Setting name\|iOS 7.1 and later\|Android 5 and later\|Samsung Knox\| +\|Setting name\|iOS \|Android\|Samsung Knox\| \|:--\|:--\|:--\|:--\| \|Device cannot be jail broken or rooted \|Yes\|Yes\|Yes\| The following sections list the policy settings you can use to help secure and m The following option can block users from accessing their Microsoft 365 email if theyΓÇÖre using a manually created email profile. Users on iOS devices must delete their manually created email profile before they can access their email. After they delete the profile, a new profile is automatically created on the device. For instructions on how end users can get compliant, see [An existing email account was found](/intune-user-help/existing-company-email-account-found). -\|Setting name\|iOS 7.1 and later\|Android 5 and later\|Samsung Knox\| +\|Setting name\|iOS \|Android\|Samsung Knox\| \|:--\|:--\|:--\|:--\| \|Email profile is managed \|Yes\|No\|No\| ## Cloud settings -\|Setting name\|iOS 7.1 and later\|Android 5 and later\|Samsung Knox\| +\|Setting name\|iOS \|Android\|Samsung Knox\| \|:--\|:--\|:--\|:--\| \|Require encrypted backup \|Yes\|No\|No\| \|Block cloud backup \|Yes\|No\|No\| The following option can block users from accessing their Microsoft 365 email if ## System settings -\|Setting name\|iOS 7.1 and later\|Android 5 and later\|Samsung Knox\| +\|Setting name\|iOS \|Android\|Samsung Knox\| \|:--\|:--\|:--\|:--\| \|Block screen capture \|Yes\|No\|Yes\| \|Block sending diagnostic data from device \|Yes\|No\|Yes\| ## Application settings -\|Setting name\|iOS 7.1 and later\|Android 5 and later\|Samsung Knox\| +\|Setting name\|iOS \|Android\|Samsung Knox\| \|:--\|:--\|:--\|:--\| \|Block video conferences on device \|Yes\|No\|No\| \|Block access to application store \|Yes\|No\|Yes\| The following option can block users from accessing their Microsoft 365 email if ## Device capabilities settings -\|Setting name\|iOS 7.1 and later\|Android 5 and later\|Samsung Knox\| +\|Setting name\|iOS \|Android\|Samsung Knox\| \|:--\|:--\|:--\|:--\| \|Block connection with removable storage \|Yes\|Yes\|No\| \|Block Bluetooth connection \|Yes\|Yes\|No\| The following option can block users from accessing their Microsoft 365 email if You can set the following additional policy settings by using Security & Compliance Center PowerShell cmdlets. For more information, seeΓÇ»[Security & Compliance Center PowerShell](/powershell/exchange/scc-powershell). -\|Setting name\|iOS 7.1 and later\|Android 5 and later\| +\|Setting name\|iOS \|Android**\| \|:--\|:--\|:--\| \|CameraEnabled\|Yes\|Yes\| \|RegionRatings\|Yes\|No\| For more information, seeΓÇ»[Wipe a mobile device in Basic Mobility and Security ## Related content [Overview of Basic Mobility and Security for Microsoft 365](overview.md) (article)\ -[Create device security policies in Basic Mobility and Security](create-device-security-policies.md) (article) +[Create device security policies in Basic Mobility and Security](create-device-security-policies.md) (article)
admin	Servicenow Overview	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/servicenow-overview.md	Permissions required: After the Microsoft 365 Support Integration app has been installed, two Application Cross-Scope accesses are created. If they're not created successfully, create them manually. -## What configuration is right for your organization? +## Setup the integration After you've downloaded the app, navigate to the Microsoft 365 setup wizard in your SNOW environment to complete the setup process. :::image type="content" source="../../media/154124985-76e13e7d-b32e-4741-830b-bbb110d3ecbf.png" alt-text="Snow setup wizard":::
business-premium	Index	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/index.md	This configuration includes the following guidance for productivity, collaborati \| Protection for \| Description \| Links \| \| -- \| -- \| -- \| -- \| -\|Email \| Use multi-factor authentication, advanced anti-phishing, Safe Links and Safe Attachments, and encrypted email for sensitive information.\| [Set up multi-factor authentication](m365-campaigns-multifactor-authentication.md) <br/><br/>[Protect against phishing attacks](m365-campaigns-phishing-and-attacks.md)<br/><br/>[Encrypt or label your sensitive email](send-encrypted-email.md) \| -\|iPhones and Android devices \|Use multi-factor authentication, set up Microsoft mobile apps, and require a PIN \| [Set up multi-factor authentication](m365-campaigns-multifactor-authentication.md)<br/><br/>[Set up mobile devices](../business/set-up-mobile-devices.md?toc=/microsoft-365/campaigns/toc.json)\| +\|Email \| Use multi-factor authentication, advanced anti-phishing, Safe Links and Safe Attachments, and encrypted email for sensitive information.\| [Set up multi-factor authentication](m365bp-multifactor-authentication.md) <br/><br/>[Protect against phishing attacks](m365-campaigns-phishing-and-attacks.md)<br/><br/>[Encrypt or label your sensitive email](send-encrypted-email.md) \| +\|iPhones and Android devices \|Use multi-factor authentication, set up Microsoft mobile apps, and require a PIN \| [Set up multi-factor authentication](m365bp-multifactor-authentication.md)<br/><br/>[Set up mobile devices](../business/set-up-mobile-devices.md)\| \|Bring-your-own-devices (BYOD) for Mac and Windows PCs \|Keep Office up to date, keep operating systems updated, and enable security features. \| [Protect unmanaged Windows and Mac devices](m365bp-protect-pcs-macs.md) \| \|Storing and sharing files securely \| Share files and videos from Microsoft Teams, OneDrive, SharePoint, and Microsoft Stream, and protect sensitive data.\| [Share files and videos](share-files-and-videos.md) \| -\|Managed Windows devices \|Use managed devices for key staff and secure these devices. \| [Set up managed devices](../business/set-up-windows-devices.md?toc=/microsoft-365/campaigns/toc.json) \| +\|Managed Windows devices \|Use managed devices for key staff and secure these devices. \| [Set up managed devices](../business/set-up-windows-devices.md) \| ## A recommended security configuration for Microsoft 365 Business Premium
business-premium	M365 Campaigns Conditional Access	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365-campaigns-conditional-access.md	- Title: "Turn on security defaults"-- NOCSH-------- Adm_O365-- M365-subscription-management -- M365-identity-device-management-- M365-Campaigns-- m365solution-smb--- Adm_O365-- MiniMaven-- MSB365-- BCS160-- MET150-- MOE150 -description: "Learn how security defaults can help protect your organization from identity-related attacks by providing preconfigured security settings." -- -# Turn on security defaults - -Security defaults help protect your organization from identity-related attacks by providing preconfigured security settings that Microsoft manages on behalf of your organization. These settings include enabling multi-factor authentication (MFA) for all admins and user accounts. For most organizations, security defaults offer a good level of additional sign-in security. - -For more information about security defaults and the policies they enforce, see┬á[What are security defaults?](/azure/active-directory/fundamentals/concept-fundamentals-security-defaults) - -If your subscription was created on or after October 22, 2019, security defaults might have been automatically enabled for you—you should check your settings to confirm. - -To enable security defaults in your Azure Active Directory (Azure AD) or to check to see if they're already enabled: - -1. Sign in to the┬á<a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>┬áwith security administrator, Conditional Access administrator, or Global admin credentials. - -2. In the left pane, select┬áShow All,┬áand then under┬áAdmin centers, select┬áAzure Active Directory. - -3. In the left pane of the┬áAzure Active Directory admin center,┬áselect┬áAzure Active Directory. - -4. From the left menu of the Dashboard, in the Manage section, select┬áProperties. - - :::image type="content" source="../media/m365-campaigns-conditional-access/azure-ad-properties.png" alt-text="Screenshot of the Azure Active Directory admin center showing the location of the Properties menu item."::: - -5. At the bottom of the Properties page, select┬áManage Security defaults. - -6. In the right pane, you'll see the Enable Security defaults setting. If┬áYes is selected, then security defaults are already enabled and no further action is required. If security defaults are not currently enabled, then select Yes to enable them, and then select┬áSave. - -> [!NOTE] -> If you've been using┬áConditional Access policies, you'll need to turn them off before using security defaults. -> -> You can use either security defaults or Conditional Access policies, but you can't use both at the same time. - -## Consider using Conditional Access - -If your organization has complex security requirements or you need more granular control over your security policies, then you should consider using Conditional Access instead of security defaults to achieve a similar or higher security posture. - -Conditional Access lets you create and define policies that react to sign-in events and request additional actions before a user is granted access to an application or service. Conditional Access policies can be granular and specific, empowering users to be productive wherever and whenever, but also protecting your organization. - -Security defaults are available to all customers, while Conditional Access requires a license for one of the following plans: --- Azure Active Directory Premium P1 or P2-- Microsoft 365 Business Premium-- Microsoft 365 E3 or E5-- Enterprise Mobility & Security E3 or E5- -If you want to use Conditional Access to configure policies equivalent to those enabled by security defaults, check out the following step-by-step guides: --- [Require MFA for administrators](/azure/active-directory/conditional-access/howto-conditional-access-policy-admin-mfa)-- [Require MFA for Azure management](/azure/active-directory/conditional-access/howto-conditional-access-policy-azure-management)-- [Block legacy authentication](/azure/active-directory/conditional-access/howto-conditional-access-policy-block-legacy)-- [Require MFA for all users](/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa)-- [Require Azure AD MFA registration](/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy)┬á- Requires Azure AD Identity Protection, which is part of Azure Active Directory Premium P2- -To learn more about Conditional Access, see [What is Conditional Access?](/azure/active-directory/conditional-access/overview) For more information about creating Conditional Access policies, see [Create a Conditional Access policy](/azure/active-directory/authentication/tutorial-enable-azure-mfa#create-a-conditional-access-policy). - -> [!NOTE] -> If you have a plan or license that provides Conditional Access but haven't yet created any Conditional Access policies, you're welcome to use security defaults. However, you'll need to turn off security defaults before you can use Conditional Access policies.
business-premium	M365 Campaigns Increase Protection	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365-campaigns-increase-protection.md	- Title: "Increase threat protection"-- NOCSH-------- Adm_O365-- M365-subscription-management-- M365-Campaigns-- m365solution-smb--- Adm_O365-- MiniMaven-- MSB365-- admindeeplinkMAC-- admindeeplinkEXCHANGE-- admindeeplinkSPO-- BCS160-- MET150 -description: "Get help with increasing the level of protection in Microsoft 365" -- -# Increase threat protection for Microsoft 365 Business Premium - -This article helps you increase the protection in your Microsoft 365 subscription to protect against phishing, malware, and other threats. These recommendations are appropriate for organizations with an increased need for security, like political campaigns, law offices, and health care clinics. - -Before you begin, check your Microsoft Secure Score. Microsoft Secure Score analyzes your organization's security based on your regular activities and security settings and assigns a score. Begin by taking note of your current score. Taking the actions recommended in this article increases your score. The goal isn't to achieve the max score, but to be aware of opportunities to protect your environment that don't negatively affect productivity for your users. - -For more information, see [Microsoft Secure Score](../security/defender/microsoft-secure-score.md). - -## Raise the level of protection against malware in mail - -Your Office 365 or Microsoft 365 environment includes protection against malware, but you can increase this protection by blocking attachments with file types that are commonly used for malware. To bump up malware protection in email: - -1. Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077143" target="_blank">Office 365 Security & Compliance Center</a> and sign in with your admin account credentials. - -2. In the left navigation pane, under Threat management, choose Policy \> Anti-Malware. - -3. Double-click the default policy to edit this company-wide policy. - -4. Click Settings. - -5. Under Common Attachment Types Filter, select On. The file types that are blocked are listed in the window directly below this control. Make sure you add these filetypes: - - `ade, adp, ani, bas, bat, chm, cmd, com, cpl, crt, hlp, ht, hta, inf, ins, isp, job, js, jse, lnk, mda, mdb, mde, mdz, msc, msi, msp, mst, pcd, reg, scr, sct, shs, url, vb, vbe, vbs, wsc, wsf, wsh, exe, pif` - - You can add or delete file types later, if needed. - -6. Click Save. - -For more information, see [Anti-malware protection in EOP](../security/office-365-security/anti-malware-protection.md). - -## Protect against ransomware - -Ransomware restricts access to data by encrypting files or locking computer screens. It then attempts to extort money from victims by asking for "ransom," usually in the form of cryptocurrencies like Bitcoin, in exchange for access to data. - -You can protect against ransomware by creating one or more mail flow rules to block file extensions that are commonly used for ransomware (these were added in the [raise the level of protection against malware in mail](#raise-the-level-of-protection-against-malware-in-mail) step), or to warn users who receive these attachments in email. - -In addition to the files that you blocked in the previous step, it's also good practice to create a rule to warn users before opening Office file attachments that include macros. Ransomware can be hidden inside macros, so warn users to not open these files from people they don't know. - -To create a mail transport rule: - -1. Go to the admin center at <https://admin.microsoft.com> and choose Admin centers \> Exchange. - -2. In the mail flow category, click rules. - -3. Click +, and then click Create a new rule. - -4. Click More options at the bottom of the dialog box to see the full set of options. - -5. Apply the settings in the following table for the rule. Leave the rest of the settings at the default, unless you want to change them. - -6. Click Save. - -\|Setting\|Warn users before opening attachments of Office files\| -\|\|\| -\|Name\|Anti-ransomware rule: warn users\| -\|Apply this rule if . . .\|Any attachment . . . file extension matches . . .\| -\|Specify words or phrases\|Add these file types: <br/> `dotm, docm, xlsm, sltm, xla, xlam, xll, pptm, potm, ppam, ppsm, sldm`\| -\|Do the following . . .\|Notify the recipient with a message\| -\|Provide message text\|Do not open these types of files from people you do not know because they might contain macros with malicious code.\| - -For more information, see: --- [Ransomware: how to reduce risk](https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare-critical-services-heres-how-to-reduce-risk/)--- [Restore your OneDrive](https://support.microsoft.com//office/fa231298-759d-41cf-bcd0-25ac53eb8a15)- -## Stop auto-forwarding for email - -Hackers who gain access to a user's mailbox can steal your mail by setting the mailbox to automatically forward email. This can happen even without the user's awareness. You can prevent this from happening by configuring a mail flow rule. - -To create a mail transport rule, either watch [this short video](https://support.office.com/article/f9d693ba-5c78-47c0-b156-8e461e062aa7) or follow these steps: - -1. In the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>, click Admin centers \> Exchange. - -2. In the mail flow category, click rules. - -3. Click +, and then click Create a new rule. - -4. Click More options at the bottom of the dialog box to see the full set of options. - -5. Apply the settings in the following table. Leave the rest of the settings at the default, unless you want to change them. - -6. Click Save. - -\|Setting\|Warn users before opening attachments of Office files\| -\|\|\| -\|Name\|Prevent auto forwarding of email to external domains\| -\|Apply this rule if ...\|The sender . . . is external/internal . . . Inside the organization\| -\|Add condition\|The message properties . . . include the message type . . . Auto-forward\| -\|Do the following ...\|Block the message . . . reject the message and include an explanation.\| -\|Provide message text\|Auto-forwarding email outside this organization is prevented for security reasons.\| - -## Protect your email from phishing attacks - -If you've configured one or more custom domains for your Office 365 or Microsoft 365 environment, you can configure targeted anti-phishing protection. Anti-phishing protection, part of Microsoft Defender for Office 365, can help protect your organization from malicious impersonation-based phishing attacks and other phishing attacks. If you haven't configured a custom domain, you don't need to do this. - -We recommend that you get started with this protection by creating a policy to protect your most important users and your custom domain. - -To create an anti-phishing policy in Defender for Office 365, watch [this short training video](https://support.office.com/article/86c425e1-1686-430a-9151-f7176cce4f2c), or complete the following steps: - -1. Go to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077143" target="_blank">Office 365 Security & Compliance Center</a>. - -2. In the left navigation pane, under Threat management, choose Policy. - -3. On the Policy page, choose Anti-phishing. - -4. On the Anti-phishing page, select + Create. A wizard launches that steps you through defining your anti-phishing policy. - -5. Specify the name, description, and settings for your policy as recommended in the chart below. For more information, see [Learn about anti-phishing policy in Microsoft Defender for Office 365 options](../security/office-365-security/set-up-anti-phishing-policies.md). - -6. After you've reviewed your settings, choose Create this policy or Save, as appropriate. - -\|Setting or option\|Recommended setting\| -\|\|\| -\|Name\|Domain and most valuable staff\| -\|Description\|Ensure most important staff and our domain are not being impersonated.\| -\|Add users to protect\|Select + Add a condition, The recipient is. Type user names or enter the email address of the business owners, partners, or candidate, managers, and other important staff members. You can add up to 20 internal and external addresses that you want to protect from impersonation.\| -\|Add domains to protect\|Select + Add a condition, The recipient domain is. Enter the custom domain associated with your Microsoft 365 subscription, if you defined one. You can enter more than one domain.\| -\|Choose actions\|If email is sent by an impersonated user: Choose Redirect message to another email address, and then type the email address of the security administrator; for example, Alice<span><span>@contoso.com. <br/> If email is sent by an impersonated domain: Choose Quarantine message.\| -\|Mailbox intelligence\|By default, mailbox intelligence is selected when you create a new anti-phishing policy. Leave this setting On for best results.\| -\|Add trusted senders and domains\|Here you can add your own domain, or any other trusted domains.\| -\|Applied to\|Select The recipient domain is. Under Any of these, select Choose. Select + Add. Select the check box next to the name of the domain, for example, contoso.<span><span>com, in the list, and then select Add. Select Done.\| - -For more information, see [Set up anti-phishing policies in Defender for Office 365](../security/office-365-security/set-up-anti-phishing-policies.md). - -## Protect against malicious attachments, files, and links with Defender for Office 365 - -![Banner that point to https://aka.ms/aboutM365preview.](../media/m365admincenterchanging.png) - -First, make sure, in the admin center at <https://admin.microsoft.com> that you have the new admin center preview turned on. Turn on the toggle next to the text The new admin center. - - ![The new admin center preview on.](../media/previewon.png) - -If you don't see the Setup page with cards in your tenant yet, see how to complete these steps in Security & Compliance Center. See [Set up Safe Attachments in the Security & Compliance Center](#set-up-safe-attachments-in-the-security--compliance-center) and [Set up Safe Links in the Security & Compliance Center](#set-up-safe-links-in-the-security--compliance-center). - -1. In the left nav, choose Setup. -2. On the Setup page, choose View on the Increase protection from advanced threats card. - - ![Choose View on the Increase protection from advanced threats.](../media/startatp.png) - -3. On the Increase protection from advanced threats page, choose Get started. -4. On the pane that opens, select the check boxes next to Links and attachments in email, Scan files in SharePoint, OneDrive, and Teams, and Scan links in Office desktop and Office Online apps under Scan items for malicious content. - - Under Links and attachments in email, Type in All Users, or the specific users whose email you want scanned. - - ![Select all check boxes in Increase protection from advanced threats.](../media/setatp.png) - -5. Choose Create policies to turn on Safe Attachments and Safe Links. - -### Set up Safe Attachments in the Security & Compliance Center - -People regularly send, receive, and share attachments, such as documents, presentations, spreadsheets, and more. It's not always easy to tell whether an attachment is safe or malicious just by looking at an email message. Microsoft Defender for Office 365 includes Safe Attachment protection, but this protection is not turned on by default. We recommend that you create a new rule to begin using this protection. This protection extends to files in SharePoint, OneDrive, and Microsoft Teams. - -To create an Safe Attachment policy, either watch [this short video](https://support.office.com/article/e7e68934-23dc-4b9c-b714-e82e27a8f8a5), or complete the following steps: - -1. Go to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077143" target="_blank">Office 365 Security & Compliance Center</a> and sign in with your admin account. - -2. In the left navigation pane, under Threat management, choose Policy. - -3. On the Policy page, choose Safe Attachments. - -4. On the Safe attachments page, apply this protection broadly by selecting the Turn on ATP for SharePoint, OneDrive, and Microsoft Teams check box. - -5. Select + to create a new policy. - -6. Apply the settings in the following table. - -7. After you review your settings, choose Create this policy or Save, as appropriate. - -\|Setting or option\|Recommended setting\| -\|\|\| -\|Name\|Block current and future emails with detected malware.\| -\|Description\|Block current and future emails and attachments with detected malware.\| -\|Save attachments unknown malware response\|Select Block - Block the current and future emails and attachments with detected malware.\| -\|Redirect attachment on detection\|Enable redirection (select this box) <br/> Enter the admin account or a mailbox setup for quarantine. <br/> Apply the above selection if malware scanning for attachments times out or error occurs (select this box).\| -\|Applied to\|The recipient domain is . . . select your domain.\| - -For more information, see [Set up anti-phishing policies in Defender for Office 365](../security/office-365-security/set-up-anti-phishing-policies.md). - -### Set up Safe Links in the Security & Compliance Center - -Hackers sometimes hide malicious websites in links in email or other files. Safe Links, part of Microsoft Defender for Office 365, can help protect your organization by providing time-of-click verification of web addresses (URLs) in email messages and Office documents. Protection is defined through Safe Links policies. - -We recommend that you do the following: --- Modify the default policy to increase protection.--- Add a new policy targeted to all recipients in your domain.- -To set up Safe Links, watch [this short training video](https://support.office.com/article/61492713-53c2-47da-a6e7-fa97479e97fa), or complete the following steps: - -1. Go to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077143" target="_blank">Office 365 Security & Compliance Center</a> and sign in with your admin account. - -2. In the left navigation pane, under Threat management, choose Policy. - -3. On the Policy page, choose Safe Links. - -To modify the default policy: - -1. On the Safe links page, under Policies that apply to the entire organization, select the Default policy. - -2. Under Settings that apply to content except email, select Microsoft 365 Apps for enterprise, Office for iOS and Android. - -3. Click Save. - -To create a new policy targeted to all recipients in your domain: - -1. On the Safe links page, under Policies that apply to the entire organization, click + to create a new policy. - -2. Apply the settings listed in the following table. - -3. Click Save. - -\|Setting or option\|Recommended setting\| -\|\|\| -\|Name\|Safe links policy for all recipients in the domain\| -\|Select the action for unknown potentially malicious URLs in messages\|Select On - URLs will be rewritten and checked against a list of known malicious links when user clicks on the link.\| -\|Use Safe Attachments to scan downloadable content\|Select this box.\| -\|Applied to\|The recipient domain is . . . select your domain.\| - -For more information, see [Safe Links in Defender for Office 365](../security/office-365-security/safe-links.md). - -## Turn on the Unified Audit Log - -After you turn on the audit log search in the Security & Compliance Center, you can retain the admin and other user activity in the log and search it. - -You must be assigned the Audit Logs role in Exchange Online to turn audit log search on or off in your Microsoft 365 subscription. By default, this role is assigned to the Compliance Management and Organization Management role groups on the Permissions page in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2059104" target="_blank">Exchange admin center</a>. Global admins in Microsoft 365 are members of this group by default. - -1. To turn on the audit log search, go to the admin center at <https://admin.microsoft.com> and then choose Security under Admin centers in the left nav. -2. On the Microsoft 365 Security page, choose More resources, and then Open on the Office 365 Security & Compliance Center card. - - ![Choose Open on the security & compliance cars.](../media/gotosecandcomp.png) -3. On the security and compliance page, choose Search and then Audit log search. -4. On the top of the Audit log search page, choose Turn on auditing. - -After the feature is turned on, you can search for files, folders, and many activities. For more information, see [search the audit log](../compliance/search-the-audit-log-in-security-and-compliance.md). - -## Tune-up anonymous sharing settings for SharePoint and OneDrive files and folders - -(change default anonymous link expiration to 14 days, change default sharing type to "Specific People") -To change the sharing settings for OneDrive and SharePoint: - -1. Go to the admin center at <https://admin.microsoft.com> and then choose SharePoint under Admin centers in the left nav. -2. In the SharePoint admin center, go to Policies \> <a href="https://go.microsoft.com/fwlink/?linkid=2185222" target="_blank">Sharing</a>. -3. On the Sharing page, under File and folder links, select Specific people, and under Advanced settings for "Anyone" links, select These links must expire within this many days, and type in 14 (or another number of days you want to restrict the link lifetime to). - - ![Choose Specific people and set link expiration to 14 days.](../media/anyonelinks.png) - -## Activity alerts - -You can use activity alerts to track admin and user activities and detect malware and data loss prevention incidents in your organization. Your subscription includes a set of default policies, but you can also create custom ones. For more information, see [alert policies](../compliance/alert-policies.md). For example, if you store an important file in SharePoint that you don't want anyone to share externally, you can create a notification that alerts you if someone does share it. - -The following figure shows the default policies that are included with Microsoft 365. - -![Default alert policies included with Microsoft 365.](../media/alertpolicies.png) - -## Disable or manage calendar sharing - -You can prevent people in your organization from sharing their calendars, or you can also manage what they can share. For example, you can restrict the sharing to free/busy times only. - -1. Go to the admin center at <https://admin.microsoft.com> and choose Settings \> Org Settings > <a href="https://go.microsoft.com/fwlink/p/?linkid=2053743" target="_blank">Services</a>. - -1. Choose Calendar, and choose whether people in your organization can share their calendars with people outside who have Office 365 or Exchange, or with anyone. - - If you choose the share with anyone option, you can decide to also only share free/busy information. - -3. Choose Save changes on the bottom of the page. - - The following figure shows calendar sharing not allowed. - - ![Screenshot of showing external calendar sharing as not allowed.](../media/nocalendarsharing.png) - - The following figure shows the settings when calendar sharing is allowed with an email link with only free/busy information. - - ![Screenshot of calendar free/busy sharing with anyone.](../media/sharefreebusy.png) - -If your users are allowed to share their calendars, see [these instructions](https://support.office.com/article/7ecef8ae-139c-40d9-bae2-a23977ee58d5) for how to share from Outlook on the web.
business-premium	M365 Campaigns Multifactor Authentication	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365-campaigns-multifactor-authentication.md	- Title: "Set up multifactor authentication"-- NOCSH-------- Adm_O365-- M365-subscription-management -- M365-identity-device-management-- M365-Campaigns-- m365solution-smb--- Adm_O365-- MiniMaven-- MSB365-- BCS160-- MET150-- MOE150 -description: "Set up multifactor authentication." -- -# Set up multi-factor authentication on your mobile device - -Multi-factor authentication provides more security for your business. After your admin has required you to use MFA, you can set up the Microsoft Authenticator app to let you log into key apps securely with your phone. - -> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE2MmQR] - -See more at [Set up multifactor authentication in Microsoft 365](https://support.office.com/article/a32541df-079c-420d-9395-9d59354f7225) - -## Use the Outlook app in your devices - -After your admin has required you to use MFA and you've set up an authenticator app as a second form of authentication, we recommend that you install and only use the Outlook app to access your Microsoft 365 email. See [Set up mobile devices](../business/set-up-mobile-devices.md) for how to install Office apps, including Outlook, on your phone.
business-premium	M365 Campaigns Protect Admin Accounts	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365-campaigns-protect-admin-accounts.md	- Title: "Protect your administrator accounts"-- NOCSH-------- Adm_O365-- M365-subscription-management -- M365-Campaigns-- m365solution-smb--- Adm_O365-- MiniMaven-- MSB365-- BCS160-- MET150 -description: "Learn how to set up and protect your administrator accounts." -- -# Protect your administrator accounts - -Because admin accounts come with elevated privileges, they're valuable targets for hackers and cyber criminals. This article describes: --- How to set up an additional administrator account for emergencies.-- How to protect these accounts.- -When you sign up for Microsoft 365 and enter your information, you automatically become the Global admin. A Global admin has the ultimate control of user accounts and all the other settings in the Microsoft admin center, but there are many different kinds of admin accounts with varying degrees of access. See [about admin roles](/office365/admin/add-users/about-admin-roles) for information about the different access levels for each kind of admin role. - -## Create additional admin accounts - -Use admin accounts only for administration. Admins should have a separate user account for regular use of Office apps and only use their administrative account when necessary to manage accounts and devices, and while working on other admin functions. It's also a good idea to remove the Microsoft 365 license from the admin accounts so you don't have to pay for them. - -You'll want to set up at least one additional Global admin account to give admin access to another trusted employee. You can also create separate admin accounts for user management (this role is called User management administrator). For more information, see [about admin roles](/office365/admin/add-users/about-admin-roles). - -To create additional admin accounts: - - 1. Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=837890" target="_blank">admin center</a> and then choose Users \> Active users in the left nav. - - ![Choose Users and then Active users in the left nav.](../media/Activeusers.png) - - 2. On the Active users page, select Add a user at the top of the page, and on the New user panel, enter the name and other information. - 3. Expand the Roles section, and choose Global administrator to give this user global admin access. You can also choose Customized administrator and choose any of the roles that are displayed. - - Enter an alternate email in the Alternative email address text box. You can use this address to recover your password information if you get locked out. For Global admins, a billing statement will also be sent to this address. - - ![Choose the administrator role.](../media/adminroles.png) - - 4. In the Product licenses section, move the selector for Microsoft 365 Business to Off and the Create user without product license to On. - - ![Choose the product license.](../media/productlicense.png) - -## Create an emergency admin account - -You should also create a backup account that isn't set up with multi-factor authentication (MFA) so you don't accidentally lock yourself out (for example if you lose your phone that you're using as a second form of verification). Make sure that the password for this account is a phrase or at least 16 characters long. This is often referred to as a "break-glass account." - -## Create a user account for yourself - -Use your user account to participate in collaboration with your organization, including checking mail. This means your admin credentials might be similar to Alice.Chavez<span></span>@Contoso.org and your regular user account might be similar to Alice<span></span>@Contoso.com. - -To create a new user account: - -1. Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=837890" target="_blank">admin center</a> and then choose Users \> Active users in the left nav. -2. On the Active users page, select Add a user at the top of the page, and on the New user panel, enter the name and other information. -3. Expand the Roles section, and choose User (no administrative access). -4. In the Product licenses section, move the selector for Microsoft 365 Business to On. - -## Turn on security defaults - -Security defaults help protect your organization from identity-related attacks by providing preconfigured security settings that Microsoft manages on behalf of your organization. These settings include enabling multi-factor authentication (MFA) for all admins and user accounts. For more information about security defaults and to learn how to enable them on, see [Turn on security defaults](m365-campaigns-conditional-access.md). - -## Additional recommendations --- Before using admin accounts, close out all unrelated browser sessions and apps, including personal email accounts. You can also use in private, or incognito browser windows.-- After completing admin tasks, be sure to sign out of the browser session.
business-premium	M365 Campaigns Protect Pcs Macs	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365-campaigns-protect-pcs-macs.md	- Title: "Protect unmanaged Windows 10 PCs and Macs"-- NOCSH-------- Adm_O365-- M365-subscription-management -- M365-identity-device-management-- M365-Campaigns-- m365solution-smb--- Adm_O365-- MiniMaven-- MSB365-- BCS160-- MET150-- MOE150 -description: "Protect unmanaged or bring-your-own devices (BYOD) with Microsoft 365." -- -# Protect unmanaged Windows 10 PCs and Macs - -You can manage Windows 10 PCs and Macs by enrolling them in Microsoft Intune, which allows you to ensure they're healthy and secure before accessing data in your environment. However, many campaigns and small businesses include staff who bring their own devices (BYOD), which will not be managed by the organization. For these unmanaged PCs and Macs, use this article to ensure that minimum security capabilities are configured. - -<!--A Windows 10 PC is considered managed after you have completed the following two steps: - -1. You (or the admin) set up device and data protection policies in the [setup wizard](../business/set-up.md). - -2. You have [connected your computer to Azure Active Directory](../business/set-up-windows-devices.md) and use your Microsoft 365 username and password to sign in. -3. --> - -## Protect a computer running Windows 10 or a Mac - -<!--If you have a PC that is running Windows 10 that is not connected to Microsoft 365, or a Mac, the Microsoft 365 protections do not apply to it, but here are some things you can do to keep your data secure on these devices as well: > -If your Windows 10 PC or Mac is not managed by your organization, be sure to configure these security capabilities. - -## [Windows 10](#tab/Windows10) - -Turn on device encryption<p> - -Device encryption is available on a wide range of Windows devices and helps protect your data by encrypting it. If you turn on device encryption, only authorized individuals will be able to access your device and data. See [turn on device encryption](https://support.microsoft.com/help/4028713/windows-10-turn-on-device-encryption) for instructions. - - If device encryption isn't available on your device, you can turn on standard [BitLocker encryption](https://support.microsoft.com/help/4028713/windows-10-turn-on-device-encryption) instead. (BitLocker isn't available on Windows 10 Home edition.) - -Protect your device with Windows Security<p> -If you have Windows 10, you'll get the latest antivirus protection with Windows Security. When you start up Windows 10 for the first time, Windows Security is on and actively helping to protect your PC by scanning for malware (malicious software), viruses, and security threats. Windows Security uses real-time protection to scan everything you download or run on your PC. - -Windows Update downloads updates for Windows Security automatically to help keep your PC safe and protect it from threats. - -If you have an earlier version of Windows and are using Microsoft Security Essentials, it's a good idea to move to Windows Security. For more information, see [help protect my device with Windows Security](https://support.microsoft.com/help/17464/windows-10-help-protect-my-device-with-windows-security). - -Turn on Windows Firewall<p> -You should always run Windows Firewall even if you have another firewall turned on. Turning off Windows Firewall might make your device (and your network, if you have one) more vulnerable to unauthorized access. See [Turn Windows Firewall on or off](https://support.microsoft.com/help/4028544/windows-10-turn-windows-defender-firewall-on-or-off) for instructions. - -## [Mac](#tab/Mac) - -Use FileVault to encrypt your Mac disk<p> -Disk encryption protects data when devices are lost or stolen. FileVault full-disk encryption helps prevent unauthorized access to the information on your startup disk. See [use FileVault to encrypt the startup disk on your Mac](https://support.apple.com/HT204837) for instructions. - -Protect your mac from malware<p> -Microsoft recommends that you install and use reliable antivirus software on your Mac. See the following article for a list of choices: [Best Mac antivirus 2019](https://www.macworld.co.uk/feature/mac-software/mac-antivirus-3672182/). - -You can also reduce the risk of malware by using software only from reliable sources. The settings in Security & Privacy preferences allow you to specify the sources of software installed on your Mac. For more information, see [protect your Mac from malware](https://support.apple.com/kb/PH25087). - -Turn on firewall protection<p> -Use firewall settings to protect your Mac from unwanted contact initiated by other computers when you're connected to the Internet or a network. Without this protection, your Mac might be more vulnerable to unauthorized access. See [about the application firewall](https://support.apple.com/HT201642) for instructions.
business-premium	M365 Campaigns Security Overview	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365-campaigns-security-overview.md	Watch this video to see how you can protect your campaign or business: Then follow the steps to: -- [Protect against malware and other threats](m365-campaigns-increase-protection.md)-- [Protect access to your campaign data](m365-campaigns-conditional-access.md) by protecting your accounts and apps-- [Protect admin accounts](m365-campaigns-protect-admin-accounts.md)-- [Set up mobile devices](../business/set-up-mobile-devices.md?toc=/microsoft-365/campaigns/toc.json) +- [Protect against malware and other threats](m365bp-increase-protection.md) +- [Protect access to your campaign data](m365bp-conditional-access.md) by protecting your accounts and apps +- [Protect admin accounts](m365bp-protect-admin-accounts.md) +- [Set up mobile devices](../business/set-up-mobile-devices.md) - [Train your users](m365-campaigns-users.md)
business-premium	M365 Campaigns Users	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365-campaigns-users.md	All users should be aware of and use these email practices to help keep their em - Verify legitimate emails and look for safety tips from Advanced Phishing in Defender for Office 365 Protection. - Open only safe links and attachments, as verified by Safe Links and Safe Attachments. -Learn more about [multi-factor authentication](m365-campaigns-multifactor-authentication.md) and [phishing and other attacks](m365-campaigns-phishing-and-attacks.md). +Learn more about [multi-factor authentication](m365bp-multifactor-authentication.md) and [phishing and other attacks](m365-campaigns-phishing-and-attacks.md). Download an [infographic](m365-campaigns-protect-campaign-infographic.md) with tips for you and the members of your team. ## Set up iPhones and Android devices -All users you add to your environment will need to take a few minutes to [setup iPhones and Android devices](../business/set-up-mobile-devices.md?toc=%2Fmicrosoft-365%2Fcampaigns%2Ftoc.json) to work securely: +All users you add to your environment will need to take a few minutes to [setup iPhones and Android devices](../business/set-up-mobile-devices.md) to work securely: - Set up devices to use multi-factor authentication with the authenticator app. - Use Microsoft mobile apps, including Outlook Mobile, Word, OneDrive, and other Microsoft apps from the app store. The native mail apps that are included on iPhones and Android devices aren't supported. It's also important that users keep their primary work device up to date: - Install the latest versions of Office desktop apps and keep these fresh with updates, when prompted. - Stay on top of operating system updates, such as Windows updates. -For [unmanaged Windows 10 and Mac devices](m365-campaigns-protect-pcs-macs.md), users have the responsibility to ensure that basic security features are enabled. +For [unmanaged Windows 10 and Mac devices](m365bp-protect-pcs-macs.md), users have the responsibility to ensure that basic security features are enabled. Enable basic security capabilities on BYOD Windows 10 and Mac devices
business-premium	M365bp Protect Admin Accounts	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-protect-admin-accounts.md	To create a new user account: ## Turn on security defaults -Security defaults help protect your organization from identity-related attacks by providing preconfigured security settings that Microsoft manages on behalf of your organization. These settings include enabling multi-factor authentication (MFA) for all admins and user accounts. For more information about security defaults and to learn how to enable them on, see [Turn on security defaults](m365-campaigns-conditional-access.md). +Security defaults help protect your organization from identity-related attacks by providing preconfigured security settings that Microsoft manages on behalf of your organization. These settings include enabling multi-factor authentication (MFA) for all admins and user accounts. For more information about security defaults and to learn how to enable them on, see [Turn on security defaults](m365bp-conditional-access.md). ## Additional recommendations
business-premium	M365bp Secure Users	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-secure-users.md	Title: "How security recommendations can affect your users" f1.keywords: - NOCSH--++ audience: Admin description: "Learn how security recommendations for Microsoft 365 Business Prem The security recommendations for Microsoft 365 in this solution make it much harder for hackers to gain access to your environment. The tradeoff is that your users will need to be aware of how to work within this more secure environment. We understand a little extra patience is required, but it's worth it to keep your organization protected. -![Illustration that sums up key points from below for iPhones, Android devices, Macs, Windows 10, sharing, and key staff.](../media/M365-democracy-Users_900px.png) ## Use secure email practices All users should be aware of and use these email practices to help keep their em - Verify legitimate emails and look for safety tips from Advanced Phishing in Defender for Office 365 Protection. - Open only safe links and attachments, as verified by Safe Links and Safe Attachments. -Learn more about [multi-factor authentication](m365-campaigns-multifactor-authentication.md) and [phishing and other attacks](m365-campaigns-phishing-and-attacks.md). +Learn more about [multi-factor authentication](m365bp-multifactor-authentication.md) and [phishing and other attacks](m365-campaigns-phishing-and-attacks.md). Download an [infographic](m365-campaigns-protect-campaign-infographic.md) with tips for you and the members of your team.
business-premium	Microsoft 365 Campaigns Setup Overview	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/microsoft-365-campaigns-setup-overview.md	f1.keywords: Previously updated : 9/20/2018 Last updated : 03/02/2022 audience: Admin For campaigns that qualify for special pricing, get started by [requesting an in For all other organizations, after you've [signed up for Microsoft 365 Business Premium](../admin/admin-overview/sign-up-for-office-365.md)), complete setup by [running the setup wizard](../business/set-up.md?toc=/microsoft-365/campaigns/toc.json) to configure the core settings. -For all organizations, bump up security protection by: [protecting admin accounts](m365-campaigns-protect-admin-accounts.md), [protecting access to mail and data](m365-campaigns-conditional-access.md), and [increasing threat protection](m365-campaigns-increase-protection.md). +For all organizations, bump up security protection by: [protecting admin accounts](m365bp-protect-admin-accounts.md), [protecting access to mail and data](m365bp-conditional-access.md), and [increasing threat protection](m365bp-increase-protection.md). ## Everyone: Set up your devices Users will need to take a few minutes to set up devices to work with this environment. For your key users (those who are the highest value targets for hackers), you can set up and pre-configure new devices. This helps them to get started when they sign in with their Microsoft 365 credentials. -![User device setup process.](../media/m365-democracy-user-device-setup.png) To set up user devices: 1. Each user [sets up their mobile devices](../business/set-up-mobile-devices.md?toc=%2Fmicrosoft-365%2Fcampaigns%2Ftoc.json). 2. For unmanaged devices, users set up their [PCs and Macs](m365bp-protect-pcs-macs.md). -For key staff, we recommend that you use [managed devices](../business/set-up-windows-devices.md?toc=/microsoft-365/campaigns/toc.json) for even better protection. For all devices, you'll want to set up [multifactor authentication](m365-campaigns-multifactor-authentication.md). +For key staff, we recommend that you use [managed devices](../business/set-up-windows-devices.md) for even better protection. For all devices, you'll want to set up [multifactor authentication](m365bp-multifactor-authentication.md). 3. All users should learn how to protect themselves and your campaign by learning about [phishing and other attacks](m365-campaigns-phishing-and-attacks.md). This [infographic](m365-campaigns-protect-campaign-infographic.md) can also help your users understand how to help protect your campaign from online threats. ## Contact support
commerce	Psd2	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/psd2.md	- commerce_billing - AdminSurgePortfolio search.appverid: MET150 -description: As of September 14, 2019, banks in the 31 countries of the European Economic Area are required to verify the identity of the person making an online purchase before the payment can be processed." -keywords: payment services directive 2, strong customer authentication, multi-factor authentication +description: "As of September 14, 2019, banks in the 31 countries of the European Economic Area are required to verify the identity of the person making an online purchase before the payment can be processed." Last updated 11/03/2020
commerce	Understand Your Invoice	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/understand-your-invoice.md	- AdminTemplateSet search.appverid: MET150 description: "Learn how to read and understand your bill or invoice for Microsoft business products." -keywords: billing accounts, organization info, invoices Last updated 05/04/2021
commerce	Close Your Account	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/close-your-account.md	- M365-subscription-management - Adm_O365 -- commerce_subscription +- commerce_subscriptions - AdminSurgePortfolio - fwlink 2133922 to Delete subscription heading - AdminTemplateSet
commerce	Manage Third Party App Licenses	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/licenses/manage-third-party-app-licenses.md	f1.keywords: -+ audience: Admin
commerce	Renew Your Subscription	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/renew-your-subscription.md	If you prepaid for your subscription with a product key, your subscription will 2. Select the subscription for which you want to manage recurring billing. 3. On the subscription details page, under Subscription and payment settings, select Edit recurring billing. -4. In the Edit recurring billing settings pane, select On, On, but renew once, or Turn off. +4. In the Edit recurring billing pane, select On, On, but renew once, or Turn off. 5. Select Save. > [!NOTE]
compliance	Compliance Easy Trials Compliance Manager Assessment Playbook	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-easy-trials-compliance-manager-assessment-playbook.md	Title: "Microsoft Compliance Manager premium assessments trial playbook" f1.keywords: - NOCSH--++ audience: Admin
compliance	Compliance Manager Assessments	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-assessments.md	Learn more about [how controls and improvement actions are tracked and scored.]( When an update is available for an assessment, youΓÇÖll see a notification and have the option to accept the update or defer it for a later time. +Updates are available for assessments based on Microsoft templates, such as those designed for use with Microsoft 365. If your organization is using universal templates for assessing other products, inheritance may not be supported. For more information, see [Extend assessment templates](compliance-manager-templates-extend.md). + ### What causes an update -An assessment update occurs when there are underlying template changes that impact scoring. Changes may involve adjusting control mapping or other guidance based on regulatory changes or product changes. Assessment updates can originate from your organization (such as, when a [custom template is modified](compliance-manager-templates-modify.md) as well as from Microsoft. +An assessment update occurs when there are underlying template changes that impact scoring. Changes may involve adjusting control mapping or other guidance based on regulatory changes or product changes. Assessment updates can originate from your organization (such as when a [custom template is modified](compliance-manager-templates-modify.md)) as well as from Microsoft. If Microsoft updates a Compliance Manager template that you extended, your assessment will inherit those updates once you accept them. Your assessment will retain the additional attributes you applied to the assessment when you extended it.
compliance	Compliance Manager Improvement Actions	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-improvement-actions.md	To view an improvement actionΓÇÖs details page: You can easily view the next or previous improvement action in the list by selecting the up or down arrow in the upper-right corner of the screen. If you filtered your list on the improvement actions page, moving up or down takes you to the next item within that filtered list. +> [!TIP] +> Learn more about the different [types of improvement actions and how points are awarded](compliance-score-calculation.md#action-types-and-points) and factored into your compliance score. + ## Assign improvement actions To begin implementation work on an improvement action, you can do the work yourself or assign it to another user. The assigned person could be: To begin implementation work on an improvement action, you can do the work yours Once you identify the appropriate assignee, be sure they hold a sufficient [Compliance Manager role](compliance-manager-setup.md#set-user-permissions-and-assign-roles) to perform the work. Then follow the steps below to assign the improvement action: -1. From the improvement actions details page, select Edit status near the upper-left section of the screen. +1. From the improvement actions details page, select Assign action on the left of the screen. + +2. The Assign to user flyout pane shows a Suggested people list of users. You can select the user from the list, or type the email address of the person you want to assign it to. -2. In the edit status flyout pane, select the Assigned to box to show a Suggested people list of users. You can select the user from the list, or type the email address of the person you want to assign it to. +3. Select Assign. The assigned user will receive an email explaining that the improvement action has been assigned to them, with a direct link to the improvement action. -3. Select Save and close. The assigned user will receive an email explaining that the improvement action has been assigned to them, with a direct link to the improvement action. > [!NOTE] > US Government Community (GCC) High and Department of Defense (DoD) customers won't receive an email when improvement actions are assigned to them. You can assign multiple improvement actions to one user by following these steps 5. After you populate the Assign to field with the assignee's name, select Assign. 6. You'll then see your Improvement actions page with the new assignee listed for the actions you just assigned. -## Perform work and store documentation +## Change implementation details -You can upload files and notes related to implementation and testing work directly to the Notes and documentation section. This environment is a secure, centralized repository to help you demonstrate satisfaction of controls to meet compliance standards and regulations. Any user with read-only access can read content in this section. Only users with editing rights can upload and download files and enter or edit notes. +You can record the implementation status and date for each improvement action and add notes for internal reference. These fields can be edited by any user with editing permissions, not just by the assigned person. -The Notes and documentation section contains fields for uploaded documents, implementation notes, test notes, and additional notes. +To edit an improvement actionΓÇÖs status, select Edit implementation details on the details page. Below are the available fields and status options: -#### Uploaded documents +- Implementation status + - Not implemented: action not yet implemented + - Implemented: action implemented + - Alternative implementation: select this option if you used other third-party tools or took other actions not included in Microsoft recommendations + - Planned: action is planned for implementation + - Out of scope: action isnΓÇÖt relevant to your organization and doesnΓÇÖt contribute to your score +- Implementation date: available to select when implementation status is "implemented" or "alternative implementation" +- Implementation notes: text field for notes about your implementation. -- Select Manage documents to upload any relevant files.-- When the manage documents flyout pane opens, select Add document, then select your file from your system. Accepted file types: - - Documents (.doc, .xls, .ppt, .txt, .pdf) - - Images (.jpg, .png) - - Video (.mkv) - - Compressed files (.zip, .rar) -- Once your file resolves in the pane select Close, which automatically saves the file attachment. You'll then see the file listed underneath Uploaded documents.-- To download or delete the document, select Manage documents from underneath the list of documents. On the flyout pane, select the document row to highlight it, then select Download or Delete. +There's no character limit in the notes fields. We recommend keeping notes brief so that you can easily view and edit them from the improvement actions details page. -#### Implementation notes, test notes, and additional notes +Common actions synchronize across groups. When two different assessments in the same group share improvement actions that are managed by you, any updates you make to an action's implementation details or status will automatically synchronize to the same action in any other assessment in the group. This synchronization allows you to implement one improvement action and meet several requirements across multiple regulations. -- To add notes in any of these three fields, select Edit implementation notes underneath any of these fields.-- When the flyout pane opens, enter notes in the text field, then select Save and close.-- To edit notes, select Edit implementation notes, make your edits, then select Save and close. +## Change test status -There's no character limit in the notes fields. We recommend keeping notes brief so that you can easily view and edit them from the improvement actions details page. +In the Testing section, you can view the testing status of your improvement action, the testing date, and any notes. The content of these fields can be changed under Edit testing details by any user with editing permissions. -## Change improvement action status +The available fields are as follows: -You can record the implementation status and date, and the test status and date, for each improvement action. The implementation and test status fields can be edited by any user with editing permissions, not just by the assigned person. +- Test status: available to select when implementation status is "implemented" or "alternative implementation". Options include: + - Not assessed: action hasn't been tested + - Passed: implementation has been verified by an assessor + - Failed low risk: testing failed, low risk + - Failed medium risk: testing failed, medium risk + - Failed high risk: testing failed, high risk + - Out of scope: the action is out of scope for the assessment and doesnΓÇÖt contribute to your score +- Test date: toggle through the calendar pop-up to select the date +- Testing notes and Additional notes: text fields for notes for internal reference -To edit an improvement actionΓÇÖs status, select Edit status on the upper-left section of the details page. Below are the available fields and status options: +### Update testing source -- Implementation status - - Not implemented - action not yet implemented - - Implemented - action implemented - - Alternative implementation - select this option if you used other third-party tools or took other actions not included in Microsoft recommendations - - Planned - action is planned for implementation - - Out of scope ΓÇô action isnΓÇÖt relevant to your organization and doesnΓÇÖt contribute to your score -- Implementation date: available to select when implementation status is "implemented" or "alternative implementation"-- Test status: available to select when implementation status is "implemented" or "alternative implementation": - - Not assessed ΓÇô action hasn't been tested - - Passed - implementation has been verified by an assessor - - Failed low risk - testing failed, low risk - - Failed medium risk - testing failed, medium risk - - Failed high risk ΓÇô testing failed, high risk - - Out of scope ΓÇô the action is out of scope for the assessment and doesnΓÇÖt contribute to your score -- Test date: toggle through the calendar pop-up to select the date +Compliance Manager provides you options for how to test improvement actions. In the Overview section of each improvement action, the Testing Source area has a drop-down menu from which you can choose how you want the action to be tested: Manual, Automatic, and Parent. Learn details about each testing method below. + +#### Manual testing source +Improvement actions set for manual testing are actions which you manually test and implement. You set the necessary implementation and test status states, and upload any evidence files on the Documents tab. For some actions, this is the only available method for testing improvement actions. + +#### Automatic testing source +If an implementation action is eligible to be automatically tested by Compliance Manager, you'll see the Automatic option for testing source. Compliance Manager will detect signals from other compliance solutions you've set up in your Microsoft 365 environment, as well as any complementary actions that Microsoft Secure Score also monitors. The Testing logic field on the Testing tab will show what kind of policy or configuration is required in another solution in order for the action to pass and earn points toward your compliance score. + +When signals indicate that an improvement action has been successfully implemented, you'll automatically receive the points eligible for that action, which will factor into scores for any related controls and assessments. Learn more about how [continuous assessment affects your compliance score](compliance-score-calculation.md#how-compliance-manager-continuously-assesses-controls). -Common actions synch across groups. When two different assessments in the same group share improvement actions that are managed by you, any updates you make to an action's implementation details or status will automatically synchronize to the same action in any other assessment in the group. This synchronization allows you to implement one improvement action and meet several requirements across multiple regulations. + Automatic testing is on by default for all eligible improvement actions. You can adjust these settings to automatically test only certain improvement actions, or you can turn off automatic testing for all actions. Learn more about how automated testing works and how to adjust your settings at [Set up automated testing](compliance-manager-setup.md#manage-automated-testing-settings). + +#### Parent testing source + +When you select Parent as the testing source for an improvement action, you'll choose another action to which your action will be linked. Your action in effect becomes the "child" to the action that you designate as the "parent." When you designate a parent for an improvement action, that action will inherent the implementation and testing details of the parent action. Any time the parent action's status changes, the child's status will inherit those changes. The child action will also accept all evidence in its Documents tab that belong to the parent action, which could override any data that previously existed in the child action's Documents. + +> [!NOTE] +> Having a testing source of Parent doesn't necessarily mean that the action is automatically tested by Compliance Manager. For example, if the parent action's testing source is manual, then the child action will take on the status of parent action, which is a manual test and implementation by the organization. + +To set up a parent testing source, follow the steps below: + +- On an improvement action details page, locate the Overview section. +- Under the Testing Source header, select Parent from the drop-down menu. +- Select Assign parent. +- On the Assign parent improvement action flyout pane, find the improvement action you want to assign as the parent from the list, or enter the action's name in the search bar near the top. When you identify your intended action, select the checkbox that appears to the left of the action name when you hover over it, then select Save. + +You'll come back to your action's details page. Under Testing Source on the Overview section, the new action you designated as the parent is listed under Parent action. + +## Review standards and regulations + +The standards and regulations section provides a searchable and filterable list of standards and regulations associated with your improvement action. These can be viewed by the relevant control, the control ID, the control family, and the regulation involved. + +## Perform work and store documentation + +You can upload files and notes related to implementation and testing work directly to the Documents section. This environment is a secure, centralized repository to help you demonstrate satisfaction of controls to meet compliance standards and regulations. Any user with read-only access can read content in this section. Only users with editing rights can upload and download files. + +#### Uploaded documents + +- Select Manage documents to upload any relevant files. +- When the manage documents flyout pane opens, select Add document, then select your file from your system. Accepted file types: + - Documents (.doc, .xls, .ppt, .txt, .pdf) + - Images (.jpg, .png) + - Video (.mkv) + - Compressed files (.zip, .rar) +- Once your file resolves in the pane select Close, which automatically saves the file attachment. You'll then see the file listed underneath Uploaded documents. +- To download or delete the document, select Manage documents from underneath the list of documents. On the flyout pane, select the document row to highlight it, then select Download or Delete. ## Assign improvement action to assessor for completion
compliance	Compliance Manager Mcca	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-mcca.md	Title: "Microsoft Compliance Configuration Analyzer for Compliance Manager" f1.keywords: - NOCSH--++ audience: Admin
compliance	Compliance Manager Quickstart	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-quickstart.md	Title: "Microsoft Compliance Manager quickstart guide" f1.keywords: - NOCSH--++ audience: Admin
compliance	Compliance Manager Setup	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-setup.md	Title: "Get started with Microsoft Compliance Manager" f1.keywords: - NOCSH--++ audience: Admin The Compliance Manager settings in the Microsoft 365 compliance center allow you ### Set up automated testing -Some improvement actions in Compliance Manager are also monitored by [Microsoft Secure Score](../security/defender/microsoft-secure-score.md). You can set up automated testing of actions that are jointly monitored, which means that when an action is tested and updated in Secure Score, those results synch with the same actions in Compliance Manager and count toward your compliance score. +Compliance Manager detects signals from other Microsoft 365 compliance solutions that your organization subscribes to, including information governance, information protection, data loss prevention, communication compliance, and insider risk management. In each improvement action's details page, the Testing logic field on the Testing tab will show what's required in the other solution in order for the action to pass and earn points toward your compliance score. -Automatic testing is turned on by default for organizations new to Compliance Manager. When you first deploy Microsoft 365 or Office 365, it takes approximately seven days for Secure Score to fully collect data and factor it into your compliance score. When automated testing is turned on, the actionΓÇÖs test date wonΓÇÖt be updated, but its test status will update. When new assessments are created, scores automatically include Microsoft control scores and Secure Score integration. +Compliance Manager also detects signals from complementary improvement actions that are also monitored by [Microsoft Secure Score](../security/defender/microsoft-secure-score.md). Using these signals, Compliance Manager can automatically test certain improvement actions for you, which helps maximize efficiency in your compliance activities. When an improvement action is successfully tested and implemented, you receive the full amount of points, which gets credited to your overall compliance score. -The global administrator for your organization can change the settings for automated testing at any time. You can turn off automated testing for common improvement actions, or turn it on for individual actions. Follow the instructions below to change your automated testing settings. +In each improvement action's details page + +Automatic testing is turned on by default for organizations new to Compliance Manager. When you first deploy Microsoft 365 or Office 365, it takes approximately seven days to fully collect data and factor it into your compliance score. When automated testing is turned on, the actionΓÇÖs test date wonΓÇÖt be updated, but its test status will update. When new assessments are created, scores automatically include Microsoft control scores and Secure Score integration. -#### To manage your automated testing settings: +#### Manage automated testing settings + +The global administrator for your organization can change the settings for automated testing at any time. You can turn off automated testing for common improvement actions, or turn it on for individual actions. Follow the instructions below to change your automated testing settings. 1. Select <a href="https://go.microsoft.com/fwlink/p/?linkid=2174201" target="_blank">Settings</a> in the Microsoft 365 compliance center. The global administrator for your organization can change the settings for autom Note: Only the global administrator can turn on or off automatic updates for all actions. The Compliance Manager Administrator can turn on automatic updates for individual actions, but not for all actions globally. +Learn more +- [Learn more about how continuous monitoring contributes to your compliance score](compliance-score-calculation.md#how-compliance-manager-continuously-assesses-controls). +- [Learn more about designating a testing source for an improvement action](compliance-manager-improvement-actions.md#update-testing-source). + ### Manage user history The Manage user history settings help you quickly identify which users have worked with improvement actions in Compliance Manager. The identifiable user data associated with improvement actions includes any implementation and testing work done, documents they uploaded, and any notes they entered. Understanding and retrieving this type of data may be necessary for your organizationΓÇÖs own compliance needs. To remove filters: ### View your improvement actions -The Compliance Manager dashboard shows your key improvement actions. To view all of your improvement actions, select the Improvement actions tab on your dashboard, which brings you to your improvement actions page. You can also select View all improvement actions underneath the list of key improvement actions on your dashboard to get to your improvement actions page. +The Compliance Manager dashboard shows your key improvement actions. To view all of your improvement actions, select the Improvement actions tab on your dashboard, which brings you to your improvement actions page. You can also select View all improvement actions underneath the list of key improvement actions on your dashboard to get to your improvement actions page. The improvement actions page shows all of the improvement actions that are managed by your organization. Actions that are managed by Microsoft can be viewed within each assessment (learn more about [Microsoft actions](compliance-manager-assessments.md#microsoft-actions-tab)). -If you have a long list of actions on your improvement actions page, it may be helpful to filter your view. Select Filter at the upper-right corner of the actions list. When the Filters flyout pane appears, select your criteria based on regulations and standards, solution, and group. You can also customize your view by selecting Group in the upper-right corner. From the drop-down menu, select to view by group, solution, category, action type, or status. +If you have a long list of actions on your improvement actions page, it may be helpful to filter your view. Select Filter at the upper-right corner of the actions list. When the Filters flyout pane appears, select your criteria from the available options. You can also customize your view by selecting Group in the upper-right corner. From the drop-down menu, select to view by group, solution, category, action type, or status. The default view for this page does not show improvement actions with a test status of Passed. To view actions that have passed testing, check the Passed box in the Filters flyout pane. Only actions with a test status of Passed count toward your score. Some actions may show a pending update label. Learn more about [updates to improvement actions](compliance-manager-improvement-actions.md#accepting-updates-to-improvement-actions). The improvement actions page shows the following data points for each improvement action: +- Products: the product being evaluated. - Points achieved: the number of points achieved out of the total available by completing the action - Regulations: the regulations or standards pertaining to the action - Group: the group to which you assigned the action The improvement actions page shows the following data points for each improvemen - Assessments: the assessments that contain the action - Categories: the related data protection category (such as, protect information, manage devices, etc.) - Test status: - - None ΓÇô no status update recorded - - Not assessed - testing hasn't started - - Passed - implementation successfully tested - - Failed low risk - testing failed, low risk - - Failed medium risk - testing failed, medium risk - - Failed high risk - testing failed, high risk - - Out of scope ΓÇô the action is not in scope for the assessment and doesn't impact your score - - To be detected - for manual test, indicates an action has been implemented but not tested; for automated test, indicates an action is waiting for automation result - - Could not be detected - automated status can't be determined - - Partially tested ΓÇô automated scoring that awards partial points + - None ΓÇô no status update recorded + - Not assessed - testing hasn't started + - Passed - implementation successfully tested + - Failed low risk - testing failed, low risk + - Failed medium risk - testing failed, medium risk + - Failed high risk - testing failed, high risk + - Out of scope ΓÇô the action is not in scope for the assessment and doesn't impact your score + - To be detected - for manual test, indicates an action has been implemented but not tested; for automated test, indicates an action is waiting for automation result + - Could not be detected - automated status can't be determined + - Partially tested ΓÇô automated scoring that awards partial points +- Action type: indicates whether the improvement action is technical, meaning it can be implemented within a solution or product, or non-technical, which would be implemented outside of a technical solution +- Assigned to: the person this action has been assigned to, if applicable +- Testing source: indicates whether the testing source for the action is manual, automatic, or inherited from a parent Learn more: [See how to assign and perform work on improvement actions](compliance-manager-improvement-actions.md). Find the solutions page by selecting the Solutions tab on your Compliance Ma To filter your view of solutions: 1. Select Filter at the top-left corner of your assessments list. -2. On the Filters flyout pane, place a check next to the desired criteria (standards and regulations, solution, action type, Compliance Manager group, category). +2. On the Filters flyout pane, place a check next to the desired criteria (regulations, solutions, action types, groups, categories). 3. Select the Apply button. The filter pane will close and youΓÇÖll see your filtered view. You can also modify your view to see assessments by group, product, or regulation by selecting the type of grouping from the Group drop-down menu above your assessments list.
compliance	Compliance Manager Templates Create	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-templates-create.md	Title: "Create assessment templates in Microsoft Compliance Manager" f1.keywords: - NOCSH--++ audience: Admin
compliance	Compliance Manager Templates Extend	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-templates-extend.md	Title: "Extend assessment templates in Microsoft Compliance Manager" f1.keywords: - NOCSH--++ audience: Admin
compliance	Compliance Manager Templates Format Excel	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-templates-format-excel.md	Title: "Format assessment template data in Excel for Microsoft Compliance Manager" f1.keywords: - NOCSH--++ audience: Admin The Actions tab is required. It designates improvement actions managed by y - actionTitle: This is the title for your action and is a required field. The title you provide must be unique. Important: if you reference an action you own that already exists (such as in another template) and you modify any of its elements in the subsequent columns, those changes will propagate to the same action in other templates. -- implementationType: In this required field, list one of the three implementation types below:-- Operational - actions implemented by people and processes to protect the confidentiality, integrity, and availability of organizational systems, assets, data, and personnel (example: security awareness and training)-- Technical - actions completed by using technology and mechanisms contained in the hardware, software, or firmware components of the information system to protect the confidentiality, integrity, and availability of organizational systems and data (example: multi-factor authentication)-- Documentation - actions implemented through documented policies and procedures establishing and defining the controls required to protect the confidentiality, integrity, and availability of organizational systems, assets, data, and personnel (example: an information security policy) +- implementationType: In this required field, list one of the following three implementation types: + 1) Operational - actions implemented by people and processes to protect the confidentiality, integrity, and availability of organizational systems, assets, data, and personnel (example: security awareness and training). + 2) Technical - actions completed by using technology and mechanisms contained in the hardware, software, or firmware components of the information system to protect the confidentiality, integrity, and availability of organizational systems and data (example: multi-factor authentication). + 3) Documentation - actions implemented through documented policies and procedures establishing and defining the controls required to protect the confidentiality, integrity, and availability of organizational systems, assets, data, and personnel (example: an information security policy). - actionScore: In this required field, provide a numeric score value for your action. The value must be a whole number ranging from 1 to 99; it cannot be 0, null, or blank. The higher the number, the greater its value toward improving your compliance posture. The image below demonstrates how Compliance Manager scores controls:
compliance	Compliance Manager Templates List	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-templates-list.md	Title: "Microsoft Compliance Manager templates list" f1.keywords: - NOCSH--++ audience: Admin Templates are added to Compliance Manager as new laws and regulations are enacte ## List of templates and where to find them -Below is the complete list of templates in Compliance Manager. Links in the template names below take you to related documentation where available about that standard, regulation, or law. +Below is the complete list of templates in Compliance Manager. Template names match the associated regulation or certification. Where available, links in the template names below take you to related documentation about that standard, regulation, or law. + +Each template (apart from the baseline) is available in at least one version designed for use with a specific product, such as Microsoft 365, along with a universal version that you can use to assess other products of your choice. To learn more about template options, see [Learn about assessment templates](compliance-manager-templates.md). You can also select individual templates in Compliance Manager to view more information about them, including a description of the regulation and properties of the template. Read the About section for a summary.
compliance	Compliance Manager Templates Modify	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-templates-modify.md	Title: "Modify assessment templates in Microsoft Compliance Manager" f1.keywords: - NOCSH--++ audience: Admin
compliance	Compliance Manager Templates	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-templates.md	Title: "Working with assessment templates in Microsoft Compliance Manager" f1.keywords: - NOCSH--++ audience: Admin description: "Understand how to use and manage templates for building assessment A template is a framework of controls for creating an assessment in Compliance Manager. Our comprehensive set of templates can help your organization comply with national, regional, and industry-specific requirements governing the collection and use of data. -We refer to templates by the same name as their underlying certification or regulation, such as the EU GDPR template and the ISO/IEC 27701:2019 template. Since Compliance Manger can be used toΓÇ»assess different types of products, each template comes in two versions: one that applies to a pre-defined product such as Microsoft 365, andΓÇ»a universal version that can be tailored to suit your chosen product. +## Template versions: Microsoft and universal + +We refer to templates by the same name as their underlying certification or regulation, such as the EU GDPR template and the ISO/IEC 27701:2019 template. + +Compliance Manger can be used toΓÇ»assess different types of products. All templates apart from the baseline come in at least one version that applies to a pre-defined product, such as Microsoft 365, andΓÇ»a universal version that can be tailored to suit other products. Assessments from universal templates are more generalized but offer expanded versatility, since they can help you easily track your organization's compliance across multiple products. Note that US Government Community (GCC) Moderate, GCC High, and Department of Defense (DoD) customers cannot currently use universal templates.
compliance	Compliance Manager Whats New	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-whats-new.md	description: "Find out whatΓÇÖs new in Compliance Manger and whatΓÇÖs to come. R ## February 2022 +### Continuous compliance assessment of improvement actions + +We're adding automated testing and evidence generation for over 35 improvement actions in Compliance Manager that were not previously covered by Secure Score. With continuous compliance assessment, you can receive updates about which of these improvement actions you've completed if they're relevant for your compliance assessments and you're licensed to access the relevant solutions. Continuous compliance assessment also gives users visibility into the scoring logic of your improvement actions and provides insight and evidence about why you received a certain score. This feature works alongside existing integrations with Microsoft 365 Secure Score, and any automated actions you've previously configured will continue to work as-is. Learn more about [automated testing settings](compliance-manager-setup.md#set-up-automated-testing). ### Alerts and alert policies Users can now set alerts for changes in Compliance Manager that an organization wants to track. Using an easy setup wizard, you can build alert policies to create notifications when the following types of events happen: an improvement action score change, an improvement action assignment change, a testing or implementation status change in an improvement action, and a file upload or deletion in an improvement action's Documents tab. Learn more by visiting [Compliance Manager alerts and alert policies](compliance-manager-alert-policies.md). Zero Trust is a proactive, integrated approach to security across all layers of - Zero Trust Network - Zero Trust Visibility, automation, and orchestration -### New assessment templates +### New preview templates The following assessment templates are now available in preview:
compliance	Compliance Manager	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager.md	Title: "Microsoft Compliance Manager" f1.keywords: - NOCSH--++ audience: Admin
compliance	Compliance Score Calculation	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-score-calculation.md	Title: "Compliance score calculation" f1.keywords: - NOCSH--++ audience: Admin Because every organization has specific needs, Compliance Manager relies on you ## How Compliance Manager continuously assesses controls -Compliance Manager automatically scans through your Microsoft 365 environment and detects your system settings, continuously and automatically updating your technical action status. Microsoft Secure Score is the underlying engine that performs the monitoring. +Compliance Manager automatically identifies settings in your Microsoft 365 environment that help determine when certain configurations meet improvement action implementation requirements. Compliance Manager detects signals from other compliance solutions you may have deployed, including information governance, information protection, communication compliance, and insider risk management, and also leverages Microsoft Secure Score monitoring of complementary improvement actions. -Your action status is updated on your dashboard every 24 hours. Once you follow a recommendation to implement a control, youΓÇÖll typically see the control status updated the next day. +Your action status is updated on your dashboard within 24 hours of a change being made. Once you follow a recommendation to implement a control, youΓÇÖll typically see the control status updated the next day. For example, if you turn on multi-factor authentication (MFA) in the Azure AD portal, Compliance Manager detects the setting and reflects it in the control access solution details. Conversely, if you didnΓÇÖt turn on MFA, Compliance Manager flags that as a recommended action for you to take. If you successfully implement the non-technical action in each of the 5 groups, This scoring logic is designed to provide the most accurate accounting of how actions are implemented and tested in your organization. ### How score values are determined - + Actions are assigned a score value based on whether theyΓÇÖre mandatory or discretionary, and whether theyΓÇÖre preventative, detective, or corrective. ### Mandatory and discretionary actions +- Mandatory actions can't be bypassed, either intentionally or accidentally. An example of a mandatory action is a centrally managed password policy that sets requirements for password length, complexity, and expiration. Users must follow these requirements to access the system. +- Discretionary actions rely upon users to understand and adhere to a policy. For example, a policy requiring users to lock their computer when they leave it is a discretionary action because it relies on the user. ### Preventative, detective, and corrective actions +- Preventative actions address specific risks. For example, protecting information at rest using encryption is a preventative action against attacks and breaches. Separation of duties is a preventative action to manage conflict of interest and guard against fraud. +- Detective actions actively monitor systems to identify irregular conditions or behaviors that represent risk, or that can be used to detect intrusions or breaches. Examples include system access auditing and privileged administrative actions. Regulatory compliance audits are a type of detective action used to find process issues. - Corrective actions try to keep the adverse effects of a security incident to a minimum, take corrective action to reduce the immediate effect, and reverse the damage if possible. Privacy incident response is a corrective action to limit damage and restore systems to an operational state after a breach.
compliance	Create Apply Retention Labels	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-apply-retention-labels.md	If you publish retention labels to Exchange, it can take up to seven days for th ![Diagram of when published labels take effect.](../media/retention-labels-published-timings.png) -If the labels don't appear after seven days, check the Status of the label policy by selecting it from the Label policies page in the compliance center. If you see the status of Off (Error) and in the details for the locations see a message that it's taking longer than expected to deploy the policy (for SharePoint) or to try redeploying the policy (for OneDrive), try running [Set-RetentionCompliancePolicy](/powershell/module/exchange/set-retentioncompliancepolicy), a PowerShell command, to retry the policy distribution: +If the labels don't appear after seven days, check the Status of the label policy by selecting it from the Label policies page in the compliance center. If you see the status of Off (Error) and in the details for the locations see a message that it's taking longer than expected to deploy the policy or to try redeploying the policy, try running the [Set-AppRetentionCompliancePolicy](/powershell/module/exchange/set-appretentioncompliancepolicy) or [Set-RetentionCompliancePolicy](/powershell/module/exchange/set-retentioncompliancepolicy) PowerShell command to retry the policy distribution: -1. [Connect to Security & Compliance Center PowerShell](/powershell/exchange/connect-to-scc-powershell) +1. [Connect to Security & Compliance Center PowerShell](/powershell/exchange/connect-to-scc-powershell). -2. Run the following command: +2. Run one of the following commands: - ``` PowerShell - Set-RetentionCompliancePolicy -Identity <policy name> -RetryDistribution - ``` + - For the policy locations Teams private channel messages, Yammer user messages and Yammer community messages: + + ```PowerShell + Set-AppRetentionCompliancePolicy -Identity <policy name> -RetryDistribution + ``` + + - For all other policy locations, such as Exchange email, SharePoint sites, Teams channel messages etc: + + ```PowerShell + Set-RetentionCompliancePolicy -Identity <policy name> -RetryDistribution + ``` ### How to check on the status of retention labels published to Exchange
compliance	Create Retention Policies	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-retention-policies.md	When you create and submit a retention policy, it can take up to seven days for ![Diagram of when retention policy take effect.](../media/retention-policy-timings.png) -First, the retention policy needs to be distributed to the locations that you selected, and then applied to content. You can always check the distribution status of the retention policy by selecting it from the Retention policies page in the compliance center. From the flyout pane, if you see the status of Off (Error) and in the details for the locations see a message that it's taking longer than expected to deploy the policy (for SharePoint) or to try redeploying the policy (for OneDrive), try running the [Set-RetentionCompliancePolicy](/powershell/module/exchange/set-retentioncompliancepolicy) PowerShell command to retry the policy distribution: +First, the retention policy needs to be distributed to the locations that you selected, and then applied to content. You can always check the distribution status of the retention policy by selecting it from the Retention policies page in the compliance center. From the flyout pane, if you see the status of Off (Error) and in the details for the locations see a message that it's taking longer than expected to deploy the policy or to try redeploying the policy, try running the [Set-AppRetentionCompliancePolicy](/powershell/module/exchange/set-appretentioncompliancepolicy) or [Set-RetentionCompliancePolicy](/powershell/module/exchange/set-retentioncompliancepolicy) PowerShell command to retry the policy distribution: 1. [Connect to Security & Compliance Center PowerShell](/powershell/exchange/connect-to-scc-powershell). -2. Run the following command: +2. Run one of the following commands: - ```PowerShell - Set-RetentionCompliancePolicy -Identity <policy name> -RetryDistribution - ``` + - For the policy locations Teams private channel messages, Yammer user messages and Yammer community messages: + + ```PowerShell + Set-AppRetentionCompliancePolicy -Identity <policy name> -RetryDistribution + ``` + + - For all other policy locations, such as Exchange email, SharePoint sites, Teams channel messages etc: + + ```PowerShell + Set-RetentionCompliancePolicy -Identity <policy name> -RetryDistribution + ``` ## Updating retention policies
compliance	Dlp Policy Reference	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-policy-reference.md	f1.keywords: CSH Previously updated : Last updated : 03/02/2022 audience: Admin updated: 06/23/2021 \|Financial\| UK Financial Data\|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [EU debit card number](sensitive-information-type-entity-definitions.md#eu-debit-card-number) </br> - [SWIFT code](sensitive-information-type-entity-definitions.md#swift-code)\| \|Financial\| US Financial Data\|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [U.S. bank account number](sensitive-information-type-entity-definitions.md#us-bank-account-number)</br> - [ABA Routing Number](sensitive-information-type-entity-definitions.md#aba-routing-number)\| \|Financial\| U.S. Federal Trade Commission (FTC) Consumer Rules\|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [U.S. bank account number](sensitive-information-type-entity-definitions.md#us-bank-account-number)</br> - [ABA Routing Number](sensitive-information-type-entity-definitions.md#aba-routing-number)\| -\|Financial\| U.S. Gramm-Leach-Bliley Act (GLBA) Enhanced\|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [U.S. bank account number](sensitive-information-type-entity-definitions.md#us-bank-account-number)</br> - [U.S. Individual Taxpayer Identification Number (ITIN)](sensitive-information-type-entity-definitions.md#us-individual-taxpayer-identification-number-itin) </br> - [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)</br> - [U.S./U.K. passport number](sensitive-information-type-entity-definitions.md#usuk-passport-number) </br> -[U.S. driver's license number](sensitive-information-type-entity-definitions.md#us-drivers-license-number)\| +\|Financial\| U.S. Gramm-Leach-Bliley Act (GLBA) Enhanced\|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [U.S. bank account number](sensitive-information-type-entity-definitions.md#us-bank-account-number)</br> - [U.S. Individual Taxpayer Identification Number (ITIN)](sensitive-information-type-entity-definitions.md#us-individual-taxpayer-identification-number-itin) </br> - [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)</br> - [U.S./U.K. passport number](sensitive-information-type-entity-definitions.md#usuk-passport-number) </br> -[U.S. driver's license number](sensitive-information-type-entity-definitions.md#us-drivers-license-number)</br> - [All Full Names](sensitive-information-type-entity-definitions.md#all-full-names)</br> - [U.S. Physical Addresses](sensitive-information-type-entity-definitions.md#us-physical-addresses)\| \|Financial\| U.S. Gramm-Leach-Bliley Act (GLBA)\|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [U.S. bank account number](sensitive-information-type-entity-definitions.md#us-bank-account-number)</br> - [U.S. Individual Taxpayer Identification Number (ITIN)](sensitive-information-type-entity-definitions.md#us-individual-taxpayer-identification-number-itin) </br> - [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)\| -\|Medical and health\| Australia Health Records Act (HRIP Act) Enhanced \|- [Australia tax file number](sensitive-information-type-entity-definitions.md#australia-tax-file-number) </br> - [Australia medical account number](sensitive-information-type-entity-definitions.md#australia-medical-account-number)\| +\|Medical and health\| Australia Health Records Act (HRIP Act) Enhanced \|- [Australia tax file number](sensitive-information-type-entity-definitions.md#australia-tax-file-number) </br> - [Australia medical account number](sensitive-information-type-entity-definitions.md#australia-medical-account-number) </br> - [All Full Names](sensitive-information-type-entity-definitions.md#all-full-names) </br> - [All Medical Terms And Conditions](sensitive-information-type-entity-definitions.md#all-medical-terms-and-conditions) </br> - [Australia Physical Addresses](sensitive-information-type-entity-definitions.md#australia-physical-addresses)\| \|Medical and health\| Australia Health Records Act (HRIP Act)\|- [Australia tax file number](sensitive-information-type-entity-definitions.md#australia-tax-file-number) </br> - [Australia medical account number](sensitive-information-type-entity-definitions.md#australia-medical-account-number)\| \|Medical and health\| Canada Health Information Act (HIA) \|- [Canada passport number](sensitive-information-type-entity-definitions.md#canada-passport-number)</br> - [Canada social insurance number](sensitive-information-type-entity-definitions.md#canada-social-insurance-number) </br> - [Canada health service number](sensitive-information-type-entity-definitions.md#canada-health-service-number) </br> - [Canada Personal Health Identification Number](sensitive-information-type-entity-definitions.md#canada-personal-health-identification-number-phin)\| \|Medical and health\| Canada Personal Health Information Act (PHIA) Manitoba\|- [Canada social insurance number](sensitive-information-type-entity-definitions.md#canada-social-insurance-number) </br> - [Canada health service number](sensitive-information-type-entity-definitions.md#canada-health-service-number) </br> - [Canada Personal Health Identification Number](sensitive-information-type-entity-definitions.md#canada-personal-health-identification-number-phin)\| \|Medical and health\| Canada Personal Health Act (PHIPA) Ontario \|- [Canada passport number](sensitive-information-type-entity-definitions.md#canada-passport-number)</br> - [Canada social insurance number](sensitive-information-type-entity-definitions.md#canada-social-insurance-number) </br> - [Canada health service number](sensitive-information-type-entity-definitions.md#canada-health-service-number) </br> - [Canada Personal Health Identification Number](sensitive-information-type-entity-definitions.md#canada-personal-health-identification-number-phin)\| \|Medical and health\| U.K. Access to Medical Reports Act\|- [U.K. national health service number](sensitive-information-type-entity-definitions.md#uk-national-health-service-number) </br> - [U.K. national insurance number (NINO)](sensitive-information-type-entity-definitions.md#uk-national-insurance-number-nino)\| -\|Medical and health\| U.S. Health Insurance Act (HIPAA) Enhanced\|</br> - [International classification of diseases (ICD-9-CM)](sensitive-information-type-entity-definitions.md#international-classification-of-diseases-icd-9-cm) </br> - [International classification of diseases (ICD-10-CM)](sensitive-information-type-entity-definitions.md#international-classification-of-diseases-icd-10-cm) \| +\|Medical and health\| U.S. Health Insurance Act (HIPAA) Enhanced\|</br> - [International classification of diseases (ICD-9-CM)](sensitive-information-type-entity-definitions.md#international-classification-of-diseases-icd-9-cm) </br> - [International classification of diseases (ICD-10-CM)](sensitive-information-type-entity-definitions.md#international-classification-of-diseases-icd-10-cm) </br> - [All Full Names](sensitive-information-type-entity-definitions.md#all-full-names) </br> - [All Medical Terms And Conditions](sensitive-information-type-entity-definitions.md#all-medical-terms-and-conditions) </br> - [U.S. Physical Addresses](sensitive-information-type-entity-definitions.md#us-physical-addresses)\| \|Medical and health\| U.S. Health Insurance Act (HIPAA)\| - [International classification of diseases (ICD-9-CM)](sensitive-information-type-entity-definitions.md#international-classification-of-diseases-icd-9-cm) </br> - [International classification of diseases (ICD-10-CM)](sensitive-information-type-entity-definitions.md#international-classification-of-diseases-icd-10-cm)\| -\|Privacy\| Australia Privacy Act Enhanced\|- [Australia driver's license number](sensitive-information-type-entity-definitions.md#australia-drivers-license-number) </br> - [Australia passport number](sensitive-information-type-entity-definitions.md#australia-passport-number)\| +\|Privacy\| Australia Privacy Act Enhanced\|- [Australia driver's license number](sensitive-information-type-entity-definitions.md#australia-drivers-license-number) </br> - [Australia passport number](sensitive-information-type-entity-definitions.md#australia-passport-number) </br> - [All Full Names](sensitive-information-type-entity-definitions.md#all-full-names) </br> - [All Medical Terms And Conditions](sensitive-information-type-entity-definitions.md#all-medical-terms-and-conditions) </br> - [Australia Physical Addresses](sensitive-information-type-entity-definitions.md#australia-physical-addresses)\| \|Privacy\| Australia Privacy Act\|- [Australia driver's license number](sensitive-information-type-entity-definitions.md#australia-drivers-license-number) </br> - [Australia passport number](sensitive-information-type-entity-definitions.md#australia-passport-number)\| \|Privacy\| Australia Personally Identifiable Information (PII) Data\|- [Australia tax file number](sensitive-information-type-entity-definitions.md#australia-tax-file-number) </br> - [Australia driver's license number](sensitive-information-type-entity-definitions.md#australia-drivers-license-number)\| \|Privacy\| Canada Personally Identifiable Information (PII) Data\|- [Canada driver's license number](sensitive-information-type-entity-definitions.md#canada-drivers-license-number)</br> - [Canada bank account number](sensitive-information-type-entity-definitions.md#canada-bank-account-number) </br> - [Canada passport number](sensitive-information-type-entity-definitions.md#canada-passport-number)</br> - [Canada social insurance number](sensitive-information-type-entity-definitions.md#canada-social-insurance-number) </br> - [Canada health service number](sensitive-information-type-entity-definitions.md#canada-health-service-number) </br> - [Canada Personal Health Identification Number](sensitive-information-type-entity-definitions.md#canada-personal-health-identification-number-phin)\| \|Privacy\| Canada Personal Information Protection Act (PIPA)\|- [Canada passport number](sensitive-information-type-entity-definitions.md#canada-passport-number)</br> - [Canada social insurance number](sensitive-information-type-entity-definitions.md#canada-social-insurance-number) </br> - [Canada health service number](sensitive-information-type-entity-definitions.md#canada-health-service-number) </br> - [Canada Personal Health Identification Number](sensitive-information-type-entity-definitions.md#canada-personal-health-identification-number-phin)\| -\|Privacy\| Canada Personal Information Protection Act (PIPEDA)\|- [Australia passport number](sensitive-information-type-entity-definitions.md#australia-passport-number) </br> [Canada driver's license number](sensitive-information-type-entity-definitions.md#canada-drivers-license-number) </br> - [Canada bank account number](sensitive-information-type-entity-definitions.md#canada-bank-account-number) </br> - [Canada passport number](sensitive-information-type-entity-definitions.md#canada-passport-number)</br> - [Canada social insurance number](sensitive-information-type-entity-definitions.md#canada-social-insurance-number) </br> - [Canada health service number](sensitive-information-type-entity-definitions.md#canada-health-service-number) </br> - [Canada Personal Health Identification Number](sensitive-information-type-entity-definitions.md#canada-personal-health-identification-number-phin)\| +\|Privacy\| Canada Personal Information Protection Act (PIPEDA)\|- [Canada driver's license number](sensitive-information-type-entity-definitions.md#canada-drivers-license-number) </br> - [Canada bank account number](sensitive-information-type-entity-definitions.md#canada-bank-account-number) </br> - [Canada passport number](sensitive-information-type-entity-definitions.md#canada-passport-number)</br> - [Canada social insurance number](sensitive-information-type-entity-definitions.md#canada-social-insurance-number) </br> - [Canada health service number](sensitive-information-type-entity-definitions.md#canada-health-service-number) </br> - [Canada Personal Health Identification Number](sensitive-information-type-entity-definitions.md#canada-personal-health-identification-number-phin)\| \|Privacy\| France Data Protection Act\|- [France national id card (CNI)](sensitive-information-type-entity-definitions.md#france-national-id-card-cni) </br> - [France social security number (INSEE)](sensitive-information-type-entity-definitions.md#france-social-security-number-insee)\| \|Privacy\| France Personally Identifiable Information (PII) Data\|- [France social security number (INSEE)](sensitive-information-type-entity-definitions.md#france-social-security-number-insee) </br> - [France driver's license number](sensitive-information-type-entity-definitions.md#france-drivers-license-number) </br> - [France passport number](sensitive-information-type-entity-definitions.md#france-passport-number) </br> - [France national id card (CNI)](sensitive-information-type-entity-definitions.md#france-national-id-card-cni)\| -\|Privacy\| General Data Protection Regulation (GDPR) Enhanced\|- [EU debit card number](sensitive-information-type-entity-definitions.md#eu-debit-card-number) </br> - [EU driver's license number](sensitive-information-type-entity-definitions.md#eu-drivers-license-number) </br> - [EU national identification number](sensitive-information-type-entity-definitions.md#eu-national-identification-number) </br> - [EU passport number](sensitive-information-type-entity-definitions.md#eu-passport-number) </br> - [EU social security number or equivalent identification](sensitive-information-type-entity-definitions.md#eu-social-security-number-or-equivalent-identification) </br> - [EU Tax identification number](sensitive-information-type-entity-definitions.md#eu-tax-identification-number)\| +\|Privacy\| General Data Protection Regulation (GDPR) Enhanced\|- [Austria Physical Addresses](sensitive-information-type-entity-definitions.md#austria-physical-addresses) </br> - [Belgium Physical Addresses](sensitive-information-type-entity-definitions.md#belgium-physical-addresses)</br> - [Bulgaria Physical Addresses](sensitive-information-type-entity-definitions.md#bulgaria-physical-addresses)</br> - [Croatia Physical Addresses](sensitive-information-type-entity-definitions.md#croatia-physical-addresses)</br> - [Cyprus Physical Addresses](sensitive-information-type-entity-definitions.md#cyprus-physical-addresses)</br> - [Czech Republic Physical Addresses](sensitive-information-type-entity-definitions.md#czech-republic-physical-addresses)</br> - [Denmark Physical Addresses](sensitive-information-type-entity-definitions.md#denmark-physical-addresses)</br> - [Estonia Physical Addresses](sensitive-information-type-entity-definitions.md#estonia-physical-addresses)</br> - [Finland Physical Addresses](sensitive-information-type-entity-definitions.md#finland-physical-addresses)</br> - [France Physical Addresses](sensitive-information-type-entity-definitions.md#france-physical-addresses)</br> - [Germany Physical Addresses](sensitive-information-type-entity-definitions.md#germany-physical-addresses)</br> - [Greece Physical Addresses](sensitive-information-type-entity-definitions.md#greece-physical-addresses)</br> - [Hungary Physical Addresses](sensitive-information-type-entity-definitions.md#hungary-physical-addresses)</br> - [Ireland Physical Addresses](sensitive-information-type-entity-definitions.md#ireland-physical-addresses)</br> - [Italy Physical Addresses](sensitive-information-type-entity-definitions.md#italy-physical-addresses)</br> - [Latvia Physical Addresses](sensitive-information-type-entity-definitions.md#latvia-physical-addresses)</br> - [Lithuania Physical Addresses](sensitive-information-type-entity-definitions.md#lithuania-physical-addresses)</br> - [Luxembourg Physical Addresses](sensitive-information-type-entity-definitions.md#luxemburg-physical-addresses)</br> - [Malta Physical Addresses](sensitive-information-type-entity-definitions.md#malta-physical-addresses)</br> - [Netherlands Physical Addresses](sensitive-information-type-entity-definitions.md#netherlands-physical-addresses)</br> - [Poland Physical Addresses](sensitive-information-type-entity-definitions.md#poland-physical-addresses)</br> - [Portuguese Physical Addresses](sensitive-information-type-entity-definitions.md#portugal-physical-addresses)</br> - [Romania Physical Addresses](sensitive-information-type-entity-definitions.md#romania-physical-addresses)</br> - [Slovakia Physical Addresses](sensitive-information-type-entity-definitions.md#slovakia-physical-addresses)</br> - [Slovenia Physical Addresses](sensitive-information-type-entity-definitions.md#slovenia-physical-addresses)</br> - [Spain Physical Addresses](sensitive-information-type-entity-definitions.md#spain-physical-addresses)</br> - [Sweden Physical Addresses](sensitive-information-type-entity-definitions.md#sweden-physical-addresses)</br> - [Austria Social Security Number](sensitive-information-type-entity-definitions.md#austria-social-security-number)</br> - [France Social Security Number (INSEE)](sensitive-information-type-entity-definitions.md#france-social-security-number-insee)</br> - [Greece Social Security Number (AMKA)](sensitive-information-type-entity-definitions.md#greece-social-security-number-amka)</br> - [Hungarian Social Security Number (TAJ)](sensitive-information-type-entity-definitions.md#hungary-social-security-number-taj)</br> - [Spain Social Security Number (SSN)](sensitive-information-type-entity-definitions.md#spain-social-security-number-ssn)</br> - [Austria Identity Card](sensitive-information-type-entity-definitions.md#austria-identity-card)</br> - [Cyprus Identity Card](sensitive-information-type-entity-definitions.md#cyprus-identity-card)</br> - [Germany Identity Card Number](sensitive-information-type-entity-definitions.md#germany-identity-card-number)</br> - [Malta Identity Card Number](sensitive-information-type-entity-definitions.md#malta-identity-card-number)</br> - [France National ID Card (CNI)](sensitive-information-type-entity-definitions.md#france-national-id-card-cni)</br> - [Greece National ID Card](sensitive-information-type-entity-definitions.md#greece-national-id-card)</br> - [Finland National ID](sensitive-information-type-entity-definitions.md#finland-national-id)</br> - [Poland National ID (PESEL)](sensitive-information-type-entity-definitions.md#poland-national-id-pesel)</br> - [Sweden National ID](sensitive-information-type-entity-definitions.md#sweden-national-id)</br> - [Croatia Personal Identification (OIB) Number](sensitive-information-type-entity-definitions.md#croatia-personal-identification-oib-number)</br> - [Czech Personal Identity Number](sensitive-information-type-entity-definitions.md#czech-personal-identity-number)</br> - [Denmark Personal Identification Number](sensitive-information-type-entity-definitions.md#denmark-personal-identification-number)</br> - [Estonia Personal Identification Code](sensitive-information-type-entity-definitions.md#estonia-personal-identification-code)</br> - [Hungary Personal Identification Number](sensitive-information-type-entity-definitions.md#hungary-personal-identification-number)</br> - [Luxemburg National Identification Number (Natural persons)](sensitive-information-type-entity-definitions.md#luxemburg-national-identification-number-natural-persons)</br> - [Luxemburg National Identification Number (Non-natural persons)](sensitive-information-type-entity-definitions.md#luxemburg-national-identification-number-non-natural-persons)</br> - [Italy Fiscal Code](sensitive-information-type-entity-definitions.md#italy-fiscal-code)</br> - [Latvia Personal Code](sensitive-information-type-entity-definitions.md#latvia-personal-code)</br> - [Lithuania Personal Code](sensitive-information-type-entity-definitions.md#lithuania-personal-code)</br> - [Romania Personal Numerical Code (CNP)](sensitive-information-type-entity-definitions.md#romania-personal-numeric-code-cnp)</br> - [Netherlands Citizen's Service (BSN) Number](sensitive-information-type-entity-definitions.md#netherlands-citizens-service-bsn-number)</br> - [Ireland Personal Public Service (PPS) Number](sensitive-information-type-entity-definitions.md#ireland-personal-public-service-pps-number)</br> - [Bulgaria Uniform Civil Number](sensitive-information-type-entity-definitions.md#bulgaria-uniform-civil-number)</br> - [Belgium National Number](sensitive-information-type-entity-definitions.md#belgium-national-number)</br> - [Spain DNI](sensitive-information-type-entity-definitions.md#spain-dni)</br> - [Slovenia Unique Master Citizen Number](sensitive-information-type-entity-definitions.md#slovenia-unique-master-citizen-number)</br> - [Slovakia Personal Number](sensitive-information-type-entity-definitions.md#slovakia-personal-number)</br> - [Portugal Citizen Card Number](sensitive-information-type-entity-definitions.md#portugal-citizen-card-number)</br> - [Malta Tax ID Number](sensitive-information-type-entity-definitions.md#malta-tax-identification-number)</br> - [Austria Tax Identification Number](sensitive-information-type-entity-definitions.md#austria-tax-identification-number)</br> - [Cyprus Tax Identification Number](sensitive-information-type-entity-definitions.md#cyprus-tax-identification-number)</br> - [France Tax Identification Number (num├⌐ro SPI.)](sensitive-information-type-entity-definitions.md#france-tax-identification-number)</br> - [Germany Tax Identification Number](sensitive-information-type-entity-definitions.md#germany-tax-identification-number)</br> - [Greek Tax identification Number](sensitive-information-type-entity-definitions.md#greece-tax-identification-number)</br> - [Hungary Tax identification Number](sensitive-information-type-entity-definitions.md#hungary-tax-identification-number)</br> - [Netherlands Tax Identification Number](sensitive-information-type-entity-definitions.md#netherlands-tax-identification-number)</br> - [Poland Tax Identification Number](sensitive-information-type-entity-definitions.md#poland-tax-identification-number)</br> - [Portugal Tax Identification Number](sensitive-information-type-entity-definitions.md#portugal-tax-identification-number)</br> - [Slovenia Tax Identification Number](sensitive-information-type-entity-definitions.md#slovenia-tax-identification-number)</br> - [Spain Tax Identification Number](sensitive-information-type-entity-definitions.md#spain-tax-identification-number)</br> - [Sweden Tax Identification Number](sensitive-information-type-entity-definitions.md#sweden-tax-identification-number)</br> - [Austria Driver's License](sensitive-information-type-entity-definitions.md#austria-drivers-license-number)</br> - [Belgium Driver's License Number](sensitive-information-type-entity-definitions.md#belgium-drivers-license-number)</br> - [Bulgaria Driver's License Number](sensitive-information-type-entity-definitions.md#bulgaria-drivers-license-number)</br> - [Croatia Driver's License Number](sensitive-information-type-entity-definitions.md#croatia-drivers-license-number)</br> - [Cyprus Driver's License Number](sensitive-information-type-entity-definitions.md#cyprus-drivers-license-number)</br> - [Czech Driver's License Number](sensitive-information-type-entity-definitions.md#czech-drivers-license-number)</br> - [Denmark Driver's License Number](sensitive-information-type-entity-definitions.md#denmark-drivers-license-number)</br> - [Estonia Driver's License Number](sensitive-information-type-entity-definitions.md#estonia-drivers-license-number)</br> - [Finland Driver's License Number](sensitive-information-type-entity-definitions.md#finland-drivers-license-number)</br> - [France Driver's License Number](sensitive-information-type-entity-definitions.md#france-drivers-license-number)</br> - [German Driver's License Number](sensitive-information-type-entity-definitions.md#germany-drivers-license-number)</br> - [Greece Driver's License Number](sensitive-information-type-entity-definitions.md#greece-drivers-license-number)</br> - [Hungary Driver's License Number](sensitive-information-type-entity-definitions.md#hungary-drivers-license-number)</br> - [Ireland Driver's License Number](sensitive-information-type-entity-definitions.md#ireland-drivers-license-number)</br> - [Italy Driver's License Number](sensitive-information-type-entity-definitions.md#italy-drivers-license-number)</br> - [Latvia Driver's License Number](sensitive-information-type-entity-definitions.md#latvia-drivers-license-number)</br> - [Lithuania Driver's License Number](sensitive-information-type-entity-definitions.md#lithuania-drivers-license-number)</br> - [Luxemburg Driver's License Number](sensitive-information-type-entity-definitions.md#luxemburg-drivers-license-number)</br> - [Malta Driver's License Number](sensitive-information-type-entity-definitions.md#malta-drivers-license-number)</br> - [Netherlands Driver's License Number](sensitive-information-type-entity-definitions.md#netherlands-drivers-license-number)</br> - [Poland Driver's License Number](sensitive-information-type-entity-definitions.md#poland-drivers-license-number)</br> - [Portugal Driver's License Number](sensitive-information-type-entity-definitions.md#portugal-drivers-license-number)</br> - [Romania Driver's License Number](sensitive-information-type-entity-definitions.md#romania-drivers-license-number)</br> - [Slovakia Driver's License Number](sensitive-information-type-entity-definitions.md#slovakia-drivers-license-number)</br> - [Slovenia Driver's License Number](sensitive-information-type-entity-definitions.md#slovenia-drivers-license-number)</br> - [Spain Driver's License Number](sensitive-information-type-entity-definitions.md#spain-drivers-license-number)</br> - [Sweden Driver's License Number](sensitive-information-type-entity-definitions.md#sweden-drivers-license-number)</br> - [Austria Passport Number](sensitive-information-type-entity-definitions.md#austria-passport-number)</br> - [Belgium Passport Number](sensitive-information-type-entity-definitions.md#belgium-passport-number)</br> - [Bulgaria Passport Number](sensitive-information-type-entity-definitions.md#bulgaria-passport-number)</br> - [Croatia Passport Number](sensitive-information-type-entity-definitions.md#croatia-passport-number)</br> - [Cyprus Passport Number](sensitive-information-type-entity-definitions.md#cyprus-passport-number)</br> - [Czech Republic Passport Number](sensitive-information-type-entity-definitions.md#czech-passport-number)</br> - [Denmark Passport Number](sensitive-information-type-entity-definitions.md#denmark-passport-number)</br> - [Estonia Passport Number](sensitive-information-type-entity-definitions.md#estonia-passport-number)</br> - [Finland Passport Number](sensitive-information-type-entity-definitions.md#finland-passport-number)</br> - [France Passport Number](sensitive-information-type-entity-definitions.md#france-passport-number)</br> - [German Passport Number](sensitive-information-type-entity-definitions.md#germany-passport-number)</br> - [Greece Passport Number](sensitive-information-type-entity-definitions.md#greece-passport-number)</br> - [Hungary Passport Number](sensitive-information-type-entity-definitions.md#hungary-passport-number)</br> - [Ireland Passport Number](sensitive-information-type-entity-definitions.md#ireland-passport-number)</br> - [Italy Passport Number](sensitive-information-type-entity-definitions.md#italy-passport-number)</br> - [Latvia Passport Number](sensitive-information-type-entity-definitions.md#latvia-passport-number)</br> - [Lithuania Passport Number](sensitive-information-type-entity-definitions.md#lithuania-passport-number)</br> - [Luxemburg Passport Number](sensitive-information-type-entity-definitions.md#luxemburg-passport-number)</br> - [Malta Passport Number](sensitive-information-type-entity-definitions.md#malta-passport-number)</br> - [Netherlands Passport Number](sensitive-information-type-entity-definitions.md#netherlands-passport-number)</br> - [Poland Passport](sensitive-information-type-entity-definitions.md#poland-passport-number)</br> - [Portugal Passport Number](sensitive-information-type-entity-definitions.md#portugal-passport-number)</br> - [Romania Passport Number](sensitive-information-type-entity-definitions.md#romania-passport-number)</br> - [Slovakia Passport Number](sensitive-information-type-entity-definitions.md#slovakia-passport-number)</br> - [Slovenia Passport Number](sensitive-information-type-entity-definitions.md#slovenia-passport-number)</br> - [Spain Passport Number](sensitive-information-type-entity-definitions.md#spain-passport-number)</br> - [Sweden Passport Number](sensitive-information-type-entity-definitions.md#sweden-passport-number)</br> - [EU Debit Card Number](sensitive-information-type-entity-definitions.md#eu-debit-card-number)</br> - [All Full Names](sensitive-information-type-entity-definitions.md#all-full-names)\| \|Privacy\| General Data Protection Regulation (GDPR)\|- [EU debit card number](sensitive-information-type-entity-definitions.md#eu-debit-card-number) </br> - [EU driver's license number](sensitive-information-type-entity-definitions.md#eu-drivers-license-number) </br> - [EU national identification number](sensitive-information-type-entity-definitions.md#eu-national-identification-number)</br> - [EU passport number](sensitive-information-type-entity-definitions.md#eu-passport-number) </br> - [EU social security number or equivalent identification](sensitive-information-type-entity-definitions.md#eu-social-security-number-or-equivalent-identification)</br> - [EU Tax identification number](sensitive-information-type-entity-definitions.md#eu-tax-identification-number)\| \|Privacy\| Germany Personally Identifiable Information (PII) Data\|- [Germany driver's license number](sensitive-information-type-entity-definitions.md#germany-drivers-license-number) </br> - [Germany passport number](sensitive-information-type-entity-definitions.md#germany-passport-number)\| \|Privacy\| Israel Personally Identifiable Information (PII) Data\|- [Israel national identification number](sensitive-information-type-entity-definitions.md#israel-national-identification-number)\| \|Privacy\| Israel Protection of Privacy\|- [Israel national identification number](sensitive-information-type-entity-definitions.md#israel-national-identification-number)</br> - [Israel bank account number](sensitive-information-type-entity-definitions.md#israel-bank-account-number)\| -\|Privacy\| Japan Personally Identifiable Information (PII) Data enhanced\|- [Japan Social Insurance Number (SIN)](sensitive-information-type-entity-definitions.md#japan-social-insurance-number-sin)</br> - [Japan My Number - Personal](sensitive-information-type-entity-definitions.md#japan-my-numberpersonal)</br> - [Japan passport number](sensitive-information-type-entity-definitions.md#japan-passport-number)</br> - [Japan driver's license number](sensitive-information-type-entity-definitions.md#japan-drivers-license-number)\| +\|Privacy\| Japan Personally Identifiable Information (PII) Data enhanced\|- [Japan Social Insurance Number (SIN)](sensitive-information-type-entity-definitions.md#japan-social-insurance-number-sin)</br> - [Japan My Number - Personal](sensitive-information-type-entity-definitions.md#japan-my-numberpersonal)</br> - [Japan passport number](sensitive-information-type-entity-definitions.md#japan-passport-number)</br> - [Japan driver's license number](sensitive-information-type-entity-definitions.md#japan-drivers-license-number)</br> - [All Full Names](sensitive-information-type-entity-definitions.md#all-full-names)</br> - [Japan Physical Addresses](sensitive-information-type-entity-definitions.md#all-physical-addresses)\| \|Privacy\| Japan Personally Identifiable Information (PII) Data\|- [Japan resident registration number](sensitive-information-type-entity-definitions.md#japan-resident-registration-number) </br> - [Japan Social Insurance Number (SIN)](sensitive-information-type-entity-definitions.md#japan-social-insurance-number-sin)\| -\|Privacy\| Japan Protection of Personal Information Enhanced\|- [Japan Social Insurance Number (SIN)](sensitive-information-type-entity-definitions.md#japan-social-insurance-number-sin) </br> - [Japan My Number - Personal](sensitive-information-type-entity-definitions.md#japan-my-numberpersonal)</br> - [Japan passport number](sensitive-information-type-entity-definitions.md#japan-passport-number) </br> - [Japan driver's license number](sensitive-information-type-entity-definitions.md#japan-drivers-license-number)\| +\|Privacy\| Japan Protection of Personal Information Enhanced\|- [Japan Social Insurance Number (SIN)](sensitive-information-type-entity-definitions.md#japan-social-insurance-number-sin) </br> - [Japan My Number - Personal](sensitive-information-type-entity-definitions.md#japan-my-numberpersonal)</br> - [Japan passport number](sensitive-information-type-entity-definitions.md#japan-passport-number) </br> - [Japan driver's license number](sensitive-information-type-entity-definitions.md#japan-drivers-license-number)</br> - [All Full Names](sensitive-information-type-entity-definitions.md#all-full-names)</br> - [Japan Physical Addresses](sensitive-information-type-entity-definitions.md#all-physical-addresses)\| \|Privacy\| Japan Protection of Personal Information\|- [Japan resident registration number](sensitive-information-type-entity-definitions.md#japan-resident-registration-number)</br> - [Japan Social Insurance Number (SIN)](sensitive-information-type-entity-definitions.md#japan-social-insurance-number-sin)\| \|Privacy\| Saudi Arabia Personally Identifiable (PII) Data\|- [Saudi Arabia National ID](sensitive-information-type-entity-definitions.md#saudi-arabia-national-id)\| \|Privacy\| U.K. Data Protection Act\|- [U.K. national insurance number (NINO)](sensitive-information-type-entity-definitions.md#uk-national-insurance-number-nino) </br> - [U.S./U.K. passport number](sensitive-information-type-entity-definitions.md#usuk-passport-number) </br> - [SWIFT code](sensitive-information-type-entity-definitions.md#swift-code)\| \|Privacy\| U.K. Privacy and Electronic Communications Regulations\|- [SWIFT code](sensitive-information-type-entity-definitions.md#swift-code)\| \|Privacy\| U.K. Personally Identifiable Information (PII) Data\|- [U.K. national insurance number (NINO)](sensitive-information-type-entity-definitions.md#uk-national-insurance-number-nino) </br> - [U.S./U.K. passport number](sensitive-information-type-entity-definitions.md#usuk-passport-number)\| \|Privacy\| U.K. Personal Information Online Code of Practice (PIOCP)\|- [U.K. national insurance number (NINO)](sensitive-information-type-entity-definitions.md#uk-national-insurance-number-nino) </br> - [U.K. national health service number](sensitive-information-type-entity-definitions.md#uk-national-health-service-number) </br> - [SWIFT code](sensitive-information-type-entity-definitions.md#swift-code)\| -\|Privacy\| U.S Patriot Act Enhanced\|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [U.S. bank account number](sensitive-information-type-entity-definitions.md#us-bank-account-number)</br> - [U.S. Individual Taxpayer Identification Number (ITIN)](sensitive-information-type-entity-definitions.md#us-individual-taxpayer-identification-number-itin) </br> - [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)\| +\|Privacy\| U.S Patriot Act Enhanced\|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [U.S. bank account number](sensitive-information-type-entity-definitions.md#us-bank-account-number)</br> - [U.S. Individual Taxpayer Identification Number (ITIN)](sensitive-information-type-entity-definitions.md#us-individual-taxpayer-identification-number-itin) </br> - [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)</br> - [All Full Names](sensitive-information-type-entity-definitions.md#all-full-names)</br> - [U.S. Physical Addresses](sensitive-information-type-entity-definitions.md#us-physical-addresses)\| \|Privacy\| U.S. Patriot Act\|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [U.S. bank account number](sensitive-information-type-entity-definitions.md#us-bank-account-number)</br> - [U.S. Individual Taxpayer Identification Number (ITIN)](sensitive-information-type-entity-definitions.md#us-individual-taxpayer-identification-number-itin) </br> - [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)\| -\|Privacy\| U.S. Personally Identifiable Information (PII) Data Enhanced\|- [U.S. Individual Taxpayer Identification Number (ITIN)](sensitive-information-type-entity-definitions.md#us-individual-taxpayer-identification-number-itin) </br> - [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)</br> - [U.S./U.K. passport number](sensitive-information-type-entity-definitions.md#usuk-passport-number)\| +\|Privacy\| U.S. Personally Identifiable Information (PII) Data Enhanced\|- [U.S. Individual Taxpayer Identification Number (ITIN)](sensitive-information-type-entity-definitions.md#us-individual-taxpayer-identification-number-itin) </br> - [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)</br> - [U.S./U.K. passport number](sensitive-information-type-entity-definitions.md#usuk-passport-number)</br> - [All Full Names](sensitive-information-type-entity-definitions.md#all-full-names)</br> - [U.S. Physical Addresses](sensitive-information-type-entity-definitions.md#us-physical-addresses)\| \|Privacy\| U.S. Personally Identifiable Information (PII) Data\|- [U.S. Individual Taxpayer Identification Number (ITIN)](sensitive-information-type-entity-definitions.md#us-individual-taxpayer-identification-number-itin) </br> - [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)</br> - [U.S./U.K. passport number](sensitive-information-type-entity-definitions.md#usuk-passport-number)\| -\|Privacy\| U.S. State Breach Notification Laws Enhanced\|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [U.S. bank account number](sensitive-information-type-entity-definitions.md#us-bank-account-number)</br> -[U.S. driver's license number](sensitive-information-type-entity-definitions.md#us-drivers-license-number) </br> - [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn) </br> - [U.S./U.K. passport number](sensitive-information-type-entity-definitions.md#usuk-passport-number)\| +\|Privacy\| U.S. State Breach Notification Laws Enhanced\|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [U.S. bank account number](sensitive-information-type-entity-definitions.md#us-bank-account-number)</br> -[U.S. driver's license number](sensitive-information-type-entity-definitions.md#us-drivers-license-number) </br> - [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)</br> - [All Full Names](sensitive-information-type-entity-definitions.md#all-full-names) </br> - [U.S./U.K. passport number](sensitive-information-type-entity-definitions.md#usuk-passport-number)</br> - [All Medical Terms And Conditions](sensitive-information-type-entity-definitions.md#all-medical-terms-and-conditions)\| \|Privacy\| U.S. State Breach Notification Laws\|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [U.S. bank account number](sensitive-information-type-entity-definitions.md#us-bank-account-number)</br> -[U.S. driver's license number](sensitive-information-type-entity-definitions.md#us-drivers-license-number) </br> - [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)\| -\|Privacy\| U.S. State Social Security Number Confidentiality Laws\|- [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)\| +\|Privacy\| U.S. State Social Security Number Confidentiality Laws\|- [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)\| ## Locations
enterprise	Enabling SP Multigeo Satellite Geolocation	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/Enabling-SP-MultiGeo-satellite-geolocation.md	description: This article provides information for Global or SharePoint admins a This article is for Global or SharePoint administrators who have created a Multi-Geo satellite location before SharePoint Multi-Geo capabilities became generally available on March 27, 2019, and who have not enabled SharePoint Multi-Geo in their satellite geo location(s). >[!Note] ->If you have added a new geo location after March 27th, you do not need to perform these instructions, as your new geo location will already be enabled for OneDrive and SharePoint Multi-Geo. +>If you have added a new geo location after March 27th, 2019, you do not need to perform these instructions, as your new geo location will already be enabled for OneDrive and SharePoint Multi-Geo. These instructions will allow you to enable SharePoint in your satellite location, so your Multi-Geo satellite users can take advantage of both OneDrive and SharePoint Multi-Geo capabilities in O365.
lighthouse	M365 Lighthouse Configure Portal Security	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-configure-portal-security.md	MSPs may use risk-based Conditional Access to make sure their staff members prov ## Related content -[Password reset permissions](/azure/active-directory/roles/permissions-reference)┬á(article) \ +[Password reset permissions](/azure/active-directory/roles/permissions-reference#password-reset-permissions)┬á(article)\ [Requirements for Microsoft 365 Lighthouse](m365-lighthouse-requirements.md) (article)\ [Overview of Microsoft 365 Lighthouse](m365-lighthouse-overview.md) (article)\ [Sign up for Microsoft 365 Lighthouse](m365-lighthouse-sign-up.md) (article)\ -[Microsoft 365 Lighthouse FAQ](m365-lighthouse-faq.yml) (article) +[Microsoft 365 Lighthouse FAQ](m365-lighthouse-faq.yml) (article)
lighthouse	M365 Lighthouse Manage Mfa	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-manage-mfa.md	To enable MFA through Conditional Access, see [Tutorial: Secure user sign-in eve ## Notify users who aren't registered for MFA -1. In the left pane in Lighthouse, select Users. +1. In the left navigation pane in Lighthouse, select Users. 2. Select the Multifactor Authentication tab.
lighthouse	M365 Lighthouse Mitigate Threats	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-mitigate-threats.md	Microsoft 365 Lighthouse lets partners investigate and mitigate threats across a - Users must be running Microsoft Defender Antivirus (included with Windows). Lighthouse does not support non-Microsoft antivirus software. For more information, see [Turn on Microsoft Defender Antivirus](/mem/intune/user-help/turn-on-defender-windows). -- You must be a Global Administrator in the partner tenant you're signing into. +- You must be a Global Administrator in the partner tenant that you're signing in to. ## Investigate active threats
lighthouse	M365 Lighthouse Sign Up	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-sign-up.md	This article provides instructions for how to sign up for Microsoft 365 Lighthou - Microsoft 365 Lighthouse is deployed in the partner tenant only—not in the customer tenants, but make sure you and your customer tenants meet the requirements listed in [Microsoft 365 Lighthouse requirements](m365-lighthouse-requirements.md). -- You must be a Global Administrator in the partner tenant you're signing into. +- You must be a Global Administrator in the partner tenant that you're signing in to. ## Steps to sign up for Microsoft 365 Lighthouse -1. Go to the Microsoft 365 admin center at <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">https://admin.microsoft.com</a> and log in using your partner tenant credentials. +1. Go to the Microsoft 365 admin center at <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">https://admin.microsoft.com</a> and sign in using your partner tenant credentials. 1. Go to Billing > Purchase Services > Other Services.
lighthouse	M365 Lighthouse Tenants Page Overview	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-tenants-page-overview.md	To edit details or delete an existing contact, select the contact name from the #### Microsoft 365 usage card -Lighthouse provides insights into Microsoft 365 services usage, including how many users within a tenant are licensed and actively using each service. Active indicates the number of users or devices that have signed into the service at least once in the past 28 days. Change indicates change in active users and devices since last month. +Lighthouse provides insights into Microsoft 365 services usage, including how many users within a tenant are licensed and actively using each service. Active indicates the number of users or devices that have signed in to the service at least once in the past 28 days. Change indicates change in active users and devices since last month. The Microsoft 365 Usage card contains two sections:
lighthouse	M365 Lighthouse View Manage Risky Users	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-view-manage-risky-users.md	In Azure AD Identity Protection, risk detections include any identified suspicio - Reset password ΓÇô change or reset the user password. - - Block sign-in - prevents anyone from signing in as this user. + - Block sign-in - prevent anyone from signing in as this user. - Confirm user compromised ΓÇô set risk state to confirmed compromised.
lighthouse	M365 Lighthouse Win365 Page Overview	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-win365-page-overview.md	Title: "Microsoft 365 Lighthouse Windows 365 (Cloud PCs) page overview" +f1.keywords: CSH
security	Mdb Onboard Devices	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-onboard-devices.md	audience: Admin Previously updated : 02/24/2022 Last updated : 03/02/2022 ms.prod: m365-security ms.technology: mdb localization_priority: Normal > > Some information in this article relates to prereleased products/services that might be substantially modified before they are commercially released. Microsoft makes no warranties, express or implied, for the information provided here. -The device onboarding experience in Defender for Business was built on the same device onboarding processes that are used in Microsoft Defender for Endpoint. Watch the following video to see how it works:<br/><br/> +The device onboarding experience in Defender for Business was built on processes that are similar to what we use in Microsoft Defender for Endpoint. Watch the following video to see how it works:<br/><br/> > [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4bGqr] With Microsoft Defender for Business, you have several options to choose from fo 1. See your options for [onboarding devices](#device-onboarding-methods), and select one of the following methods: - [Automatic onboarding for Windows devices enrolled in Microsoft Endpoint Manager](#automatic-onboarding-for-windows-devices-enrolled-in-microsoft-endpoint-manager) - - [Microsoft Defender for Business security configuration](#microsoft-defender-for-business-security-configuration) - - [Microsoft Endpoint Manager (Microsoft Intune)](#microsoft-endpoint-manager) - [Local script for evaluating Defender for Business](#local-script-in-defender-for-business) + - [Microsoft Endpoint Manager (Microsoft Intune)](#microsoft-endpoint-manager) + - [Microsoft Defender for Business security configuration](#microsoft-defender-for-business-security-configuration) 2. [Run a detection test](#run-a-detection-test) for newly onboarded Windows devices. The following table describes the most commonly used methods to onboard devices \| Onboarding method \| Description \| OS \| \|\|\|\| -\| Automatic onboarding<br/>(available to customers who are already using Microsoft Endpoint Manager) \| Automatic onboarding sets up a connection between Defender for Business and Microsoft Endpoint Manager, and then onboards Windows devices to Defender for Business. In order to use this option, your devices must already be enrolled in Endpoint Manager.<br/><br/>To learn more, see [Use automatic onboarding for Windows devices enrolled in Microsoft Endpoint Manager](#automatic-onboarding-for-windows-devices-enrolled-in-microsoft-endpoint-manager). \| Windows \| +\| Automatic onboarding<br/>(available to customers who are already using Microsoft Endpoint Manager) \| Microsoft 365 Business Premium customers already have Microsoft Intune, and can use this option. Automatic onboarding sets up a connection between Defender for Business and Microsoft Endpoint Manager, and then onboards Windows devices to Defender for Business. In order to use this option, your devices must already be enrolled in Endpoint Manager.<br/><br/>To learn more, see [Automatic onboarding](#automatic-onboarding-for-windows-devices-enrolled-in-microsoft-endpoint-manager). \| Windows \| +\| Local script <br/> \| This option enables you to onboard individual devices to Defender for Business manually. You can onboard up to 10 devices at a time using the local script.<br/><br/>To learn more, see [Local script in Defender for Business](#local-script-in-defender-for-business). \| Windows <br/>macOS \| +\| Microsoft Intune or Microsoft Endpoint Manager<br/>(available to customers who are using Microsoft Intune or Endpoint Manager) \| [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) and [Mobile Device Management](/mem/intune/enrollment/device-enrollment) are part of Endpoint Manager. Microsoft 365 Business Premium customers already have Microsoft Intune, and can use this option.<br/><br/>If you were already using Endpoint Manager before you got Defender for Business, you can opt to continue using Endpoint Manager to onboard and manage devices<br/><br/>To use this method, see [Microsoft Endpoint Manager](#microsoft-endpoint-manager). \| Windows <br/>macOS<br/>iOS<br/>Android OS \| \| Microsoft Defender for Business security configuration <br/>(uses the Microsoft 365 Defender portal) \| To use this option, you configure certain settings to facilitate communication between Defender for Business and Endpoint Manager. Then, you onboard devices in the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) by using a package that you download and run on each device. A trust is established between devices and Azure Active Directory (Azure AD), and Defender for Business security policies are pushed to devices.<br/><br/>To learn more, see [Microsoft Defender for Business security configuration](#microsoft-defender-for-business-security-configuration). \| Windows <br/>macOS \| -\| Microsoft Intune or Microsoft Endpoint Manager<br/>(available to customers who are using Microsoft Intune or Endpoint Manager) \| [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) and [Mobile Device Management](/mem/intune/enrollment/device-enrollment) are part of Endpoint Manager. If you were already using Endpoint Manager before you got Defender for Business, you can opt to continue using Endpoint Manager to onboard and manage devices<br/><br/>To use this method, see [Microsoft Endpoint Manager](#microsoft-endpoint-manager). \| Windows <br/>macOS<br/>iOS<br/>Android OS \| -\| Local script <br/>(for evaluating Defender for Business) \| This option enables you to onboard individual devices to Defender for Business manually. It's not recommended for a production deployment, but is useful for evaluating how Defender for Business will work in your environment on up to 10 devices per script.<br/><br/>To learn more, see [Local script in Defender for Business](#local-script-in-defender-for-business). \| Windows <br/>macOS \| ++ > [!IMPORTANT] > If something goes wrong and your onboarding process fails, see [Microsoft Defender for Business troubleshooting](mdb-troubleshooting.yml). The following table describes the most commonly used methods to onboard devices The automatic onboarding option applies to Windows devices only. Automatic onboarding is available if your organization was already using Microsoft Endpoint Manager, Microsoft Intune, or Mobile Device Management (MDM) in Microsoft Intune before you got Defender for Business, and you already have Windows devices enrolled in Endpoint Manager. -If Windows devices are already enrolled in Endpoint Manager, Defender for Business will detect those devices while you are in the process of setting up and configuring Defender for Business. You'll be asked if you want to use automatic onboarding for all or some of your Windows devices. You can onboard all Windows devices at once, or select specific devices to start with, and then add more later. +If Windows devices are already enrolled in Endpoint Manager, Defender for Business will detect those devices while you are in the process of setting up and configuring Defender for Business. You'll be asked if you want to use automatic onboarding for all or some of your Windows devices. You can onboard all Windows devices at once, or select specific devices to start with, and then add more devices later. To learn more about automatic onboarding, see step 3 in [Use the wizard to set up Microsoft Defender for Business](mdb-use-wizard.md). -## Microsoft Defender for Business security configuration - -> [!NOTE] -> If you're already using Endpoint Manager to manage your devices and security policies, skip this method, and see [Microsoft Endpoint Manager](#microsoft-endpoint-manager) instead. +## Local script in Defender for Business -Microsoft Defender for Business security configuration was built on a capability known as [Security Management for Microsoft Defender for Endpoint (preview)](/mem/intune/protect/mde-security-integration). It enables you to onboard devices to Defender for Business in the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) without requiring those devices to be fully enrolled in Microsoft Endpoint Manager beforehand. +You can use a local script to onboard Windows and Mac devices. When you run the onboarding script on a device, it creates a trust with Azure Active Directory, enrolls the device in Microsoft Endpoint Manager, and onboards the device to Defender for Business. This method is useful for onboarding devices in Defender for Business. You can onboard up to 10 devices at a time. -This method enables you to onboard devices and manage your antivirus and firewall policies in the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)). Here's how it works: +1. Go to the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), and sign in. -1. You download an onboarding package from the Microsoft 365 Defender portal, and then run the package on your devices to onboard those devices to Defender for Business. +2. In the navigation pane, choose Settings > Endpoints, and then under Device management, choose Onboarding. -2. Running the package establishes a trust between each device (if the trust doesn't already exist) and Azure Active Directory (Azure AD). +3. Select an operating system, such as Windows 10 and 11, and then, under Onboard a device, in the Deployment method section, choose Local script. -3. Devices communicate with Endpoint Manager using their Azure AD Identity, and security policies in Defender for Business are pushed to devices. +4. Select Download onboarding package. We recommend saving the onboarding package to a removable drive. -4. You can view your devices and policies in both the Microsoft 365 Defender portal and the Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)). +5. Follow the guidance in the following articles: -To use this option, certain settings must be configured beforehand. To learn more, including prerequisites and supported operating systems, see [Manage Microsoft Defender for Endpoint on devices with Microsoft Endpoint Manager](/mem/intune/protect/mde-security-integration). + - Windows devices: [Onboard Windows devices using a local script](../defender-endpoint/configure-endpoints-script.md#onboard-devices) + - macOS devices: [Manual deployment for Microsoft Defender for Endpoint on macOS](../defender-endpoint/mac-install-manually.md#client-configuration) ## Microsoft Endpoint Manager If you were already using Endpoint Manager (which includes Microsoft Intune and See [Device enrollment in Microsoft Intune](/mem/intune/enrollment/device-enrollment). -## Local script in Defender for Business - -You can use a local script to onboard Windows and Mac devices to evaluate how Defender for Business will work for you. When you run the onboarding script on a device, it creates a trust with Azure Active Directory, enrolls the device in Microsoft Endpoint Manager, and onboards the device to Defender for Business. This method is useful for onboarding devices in Defender for Business and for onboarding a few devices at a time. Each script can be used on up to 10 devices. +## Microsoft Defender for Business security configuration > [!NOTE] -> This method is not recommended for production deployment, but is useful for onboarding up to 10 devices per script. +> If you're already using Endpoint Manager to manage your devices and security policies, skip this method, and see [Microsoft Endpoint Manager](#microsoft-endpoint-manager) instead. -1. Go to the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), and sign in. +Microsoft Defender for Business security configuration was built on a capability known as [Security Management for Microsoft Defender for Endpoint (preview)](/mem/intune/protect/mde-security-integration). It enables you to onboard devices to Defender for Business in the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) without requiring those devices to be fully enrolled in Microsoft Endpoint Manager beforehand. -2. In the navigation pane, choose Settings > Endpoints, and then under Device management, choose Onboarding. +This method enables you to onboard devices and manage your antivirus and firewall policies in the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)). Here's how it works: -3. Select an operating system, such as Windows 10 and 11, and then, under Onboard a device, in the Deployment method section, choose Local script. +1. You download an onboarding package from the Microsoft 365 Defender portal, and then run the package on your devices to onboard those devices to Defender for Business. -4. Select Download onboarding package. We recommend saving the onboarding package to a removable drive. +2. Running the package establishes a trust between each device (if the trust doesn't already exist) and Azure Active Directory (Azure AD). -5. Follow the guidance in the following articles: +3. Devices communicate with Endpoint Manager using their Azure AD Identity, and security policies in Defender for Business are pushed to devices. - - Windows devices: [Onboard Windows devices using a local script](../defender-endpoint/configure-endpoints-script.md#onboard-devices) - - macOS devices: [Manual deployment for Microsoft Defender for Endpoint on macOS](../defender-endpoint/mac-install-manually.md#client-configuration) +4. You can view your devices and policies in both the Microsoft 365 Defender portal and the Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)). + +To use this option, certain settings must be configured beforehand. To learn more, including prerequisites and supported operating systems, see [Manage Microsoft Defender for Endpoint on devices with Microsoft Endpoint Manager](/mem/intune/protect/mde-security-integration). ## Run a detection test After the command has run, the Command Prompt window will close automatically. I ## Gradual device onboarding -If you want to onboard your organization's devices in phases, follow these steps: +You can onboard your organization's devices in phases. We call this gradual device onboarding. 1. Identify a set of devices to onboard.
security	Mdb Use Wizard	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-use-wizard.md	audience: Admin Previously updated : 02/21/2022 Last updated : 03/02/2022 ms.prod: m365-security ms.technology: mdb localization_priority: Normal The wizard is designed to help you set up and configure Defender for Business qu If you choose not to use the wizard, or if the wizard is closed before your setup process is complete, you can still complete your setup and configuration process on your own. -See [Set up and configure Microsoft Defender for Business](mdb-setup-configuration.md) to walk through the steps. +See [Set up and configure Microsoft Defender for Business](mdb-setup-configuration.md) to walk through these steps: + +1. [Assign roles and permissions](mdb-roles-permissions.md) so your security team can access and use the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)). + +2. [Set up email notifications for your security team](mdb-email-notifications.md) so they're in the loop about new alerts or vulnerabilities. + +3. [Onboard devices](mdb-onboard-devices.md) so they're protected by Defender for Business. + +4. [Manage your security policies](mdb-configure-security-settings.md), which include next-generation protection, firewall protection, and web content filtering. ## Next steps
security	TOC	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/TOC.md	#### [Enable Corelight data integration](corelight-integration.md) #### [Device discovery FAQ](device-discovery-faq.md) +### [Device inventory]() +#### [Device inventory](machines-view-overview.md) +#### [Exclude devices](exclude-devices.md) +#### [Device timeline event flags](device-timeline-event-flag.md) +#### [Manage device group and tags](machine-tags.md) + ### [Network devices](network-devices.md) ### [Host firewall reporting in Microsoft Defender for Endpoint](host-firewall-reporting.md) ###### [Investigate connection events that occur behind forward proxies](investigate-behind-proxy.md) ##### [Investigate a user account](investigate-user.md) -#### [Devices list]() -##### [View and organize the Devices list](machines-view-overview.md) -##### [Device timeline event flags](device-timeline-event-flag.md) -##### [Manage device group and tags](machine-tags.md) - #### [Take response actions]() ##### [Take response actions on a device]() ###### [Response actions on devices](respond-machine-alerts.md)
security	Device Discovery	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-discovery.md	ms.sitesec: library ms.pagetype: security f1.keywords: - NOCSH-+ ms.localizationpriority: medium Watch this video for a quick overview of how device discovery: > [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RWORdQ] -In conjunction with this capability, a security recommendation to onboard devices to Microsoft Defender for Endpoint is available as part of the existing Threat and Vulnerability Management experience. +In conjunction with this capability, a security recommendation to onboard devices to Microsoft Defender for Endpoint is available as part of the existing threat and vulnerability management experience. ## Discovery methods You can change and customize your discovery settings, for more information, see > [!NOTE] > The discovery engine distinguishes between network events that are received in the corporate network versus outside of the corporate network. Devices that are not connected to corporate networks will not be discovered or listed in the device inventory. -## Device Inventory +## Device inventory -Devices that have been discovered but have not yet been onboarded and secured by Microsoft Defender for Endpoint will be listed in Device Inventory within the Endpoints tab. +Devices that have been discovered but have not yet been onboarded and secured by Microsoft Defender for Endpoint will be listed in the device inventory within the Computers and Mobile tab. -You can use a filter in the device inventory list called Onboarding status, which can have any of the following values: +To assess these devices, you can use a filter in the device inventory list called Onboarding status, which can have any of the following values: - Onboarded: The endpoint is onboarded to Microsoft Defender for Endpoint. - Can be onboarded: The endpoint was discovered in the network and the Operating System was identified as one that is supported by Microsoft Defender for Endpoint, but it is not currently onboarded. We highly recommend onboarding these devices. - Unsupported: The endpoint was discovered in the network but is not supported by Microsoft Defender for Endpoint. - Insufficient info: The system could not determine the supportability of the device. Enabling standard discovery on more devices in the network can enrich the discovered attributes. -![Image of device inventory dashboard.](images/2b62255cd3a9dd42f3219e437b956fb9.png) +![Image of device inventory dashboard.](images/device-discovery-inventory.png) > [!TIP] > You can always apply filters to exclude unmanaged devices from the device inventory list. You can also use the onboarding status column on API queries to filter out unmanaged devices. +For more information, see [Device inventory](machines-view-overview.md). + ## Network device discovery The large number of unmanaged network devices deployed in an organization creates a large surface area of attack, and represents a significant risk to the entire enterprise. Microsoft Defender for Endpoint network discovery capabilities helps you ensure network devices are discovered, accurately classified, and added to the asset inventory. DeviceNetworkEvents \| take 10 ``` -## Changed behavior - -The following section lists the changes you'll observe in Microsoft Defender for Endpoint and <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft 365 Defender portal</a> when this capability is enabled. - -1. Devices that are not onboarded to Microsoft Defender for Endpoint are expected to appear in the device inventory, advanced hunting, and API queries. This may significantly increase the size of query results. - 1. "DeviceInfo" and "DeviceNetworkInfo" tables in Advanced Hunting will now hold discovered device. You can filter out those devices by using "OnboardingStatus" attribute. - 2. Discovered devices are expected to appear in Streaming API query results. You can filter out those devices by using the `OnboardingStatus` filter in your query. -2. Unmanaged devices will be assigned to existing device groups based on the defined criteria. -3. In rare cases, Standard discovery might trigger alerts on network monitors or security tools. Please provide feedback, if you experience such events, to help prevent these issues from recurring. You can explicitly exclude specific targets or entire subnets from being actively probed by Standard discovery. - ## Next steps - [Configure device discovery](configure-device-discovery.md)
security	Exclude Devices	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/exclude-devices.md	+ + Title: Exclude devices in Microsoft Defender for Endpoint +description: Exclude devices from the device inventory list +keywords: exclude +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security ++ +ms.localizationpriority: medium + +audience: ITPro ++ +ms.technology: mde ++ +# Exclude devices ++ +Applies to: + +- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) +- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) + +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-respondmachine-abovefoldlink) + +## Exclude devices from threat and vulnerability management + +Excluding devices that are inactive, duplicate, or out of scope allows you to focus on discovering and prioritizing the risks on your active devices. This action can also help reflect a more accurate threat and vulnerability management exposure score, as the excluded devices won't be visible in your threat and vulnerability management reports. + +Once devices are excluded, you wonΓÇÖt be able to view┬áupdated or┬árelevant information about vulnerabilities and installed software on these devices. It affects all threat and vulnerability management pages, reports, and related tables in advanced hunting. + +Even though the device exclusion feature removes the device data from vulnerability management pages and reports, the devices remain connected to the network and can still be a risk to the organization. You'll be able to cancel the device exclusion at any time. + +## How to exclude a device + +You can choose to exclude a single device or multiple devices at the same time. + +### Exclude a single device + +1. Go to the Device inventory page and select the device to exclude. +2. Select┬áExclude┬áfrom the action bar on the device inventory page or from the actions menu in the device flyout. + +![Image of exclude device menu option.](images/exclude-devices-menu.png) + + 3. Select a justification: + + - Inactive device + - Duplicate device + - Device doesnΓÇÖt exist + - Out of scope┬á┬á + - Other + +4. Type a┬ánote┬áand select┬áExclude device. + +![Image of exclude device.](images/exclude-device.png) + +You can also exclude a device from its device page. + +> [!NOTE] +> Excluding active devices is not recommended, since it is especially risky to not have visibility into their vulnerability info. If a device is active and you try to exclude it, youΓÇÖll get a warning message and a confirmation pop-up asking if you are sure you want to exclude an active device. + +It can take up to 10 hours for a device to be fully excluded from vulnerability management views and data. + +Excluded devices are┬ástill visible in the Device┬áinventory┬álist.┬áYou can manage your view of excluded devices by: + +- Adding the Exclusion state column to the device inventory view. +- Using theΓÇ»Exclusion stateΓÇ»filter to view the relevant list of devices. + +![Image of exclusion state.](images/exclusion-state.png) + +### Bulk device exclusion + +You can also choose to exclude multiple devices at the same time: + +1. Go to the Device inventory page and select the devices to exclude. + +2. From the actions bar, select Exclude. + +3. Choose a justification and select Exclude device. + +If you select multiple devices in the device list with different exclusion statuses, the exclude selected devices flyout will provide you details on how many of the selected devices are already excluded. You can exclude the devices again, but the justification and notes will be overridden. + +![Image of bulk exclude](images/exclude-device-bulk.png) + +Once a device is excluded, if you go to the device page of an excluded device, you wonΓÇÖt be able to see data for discovered vulnerabilities, software inventory or security recommendations. The data also wonΓÇÖt show up in vulnerability management pages, related advanced hunting tables and the vulnerable devices report. + +## Stop excluding a device + +YouΓÇÖll be able to┬ástop excluding a device┬áat any time. Once devices are no longer excluded, their vulnerability data will be visible in vulnerability management pages, reports, and in advanced hunting. It may take up to 8 hours for the changes to take effect. + +1. Go to the Device inventory, select the excluded device to open the flyout, and then select Exclusion details +2. Select┬áStop exclusion + +![Image of exclusion details](images/exclusion-details.png) + +## See also + +- [Device inventory](machines-view-overview.md)
security	Machine Tags	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/machine-tags.md	ms.technology: mde > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink) -Add tags on devices to create a logical group affiliation. Device tags support proper mapping of the network, enabling you to attach different tags to capture context and to enable dynamic list creation as part of an incident. Tags can be used as a filter in Devices list view, or to group devices. For more information on device grouping, see [Create and manage device groups](machine-groups.md). +Add tags on devices to create a logical group affiliation. Device tags support proper mapping of the network, enabling you to attach different tags to capture context and to enable dynamic list creation as part of an incident. Tags can be used as a filter in the Device inventory view, or to group devices. For more information on device grouping, see [Create and manage device groups](machine-groups.md). You can add tags on devices using the following ways: To add device tags using API, see [Add or remove device tags API](add-or-remove- - Security operations dashboard - Select the device name from the Top devices with active alerts section. - Alerts queue - Select the device name beside the device icon from the alerts queue. - - Devices list - Select the device name from the list of devices. + - Devices inventory - Select the device name from the list of devices. - Search box - Select Device from the drop-down menu and enter the device name. You can also get to the alert page through the file and IP views. -2. Select Manage Tags from the row of Response actions. +2. Select Manage tags from the row of Response actions. :::image type="content" alt-text="Image of manage tags button." source="images/manage-tags-option.png"::: To add device tags using API, see [Add or remove device tags API](add-or-remove- :::image type="content" alt-text="Image of adding tags on a device1." source="images/create-new-tag.png"::: -Tags are added to the device view and will also be reflected on the Devices list view. You can then use the Tags filter to see the relevant list of devices. +Tags are added to the device view and will also be reflected on the Devices inventory view. You can then use the Tags filter to see the relevant list of devices. > [!NOTE] > Filtering might not work on tag names that contain parenthesis.
security	Machines View Overview	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/machines-view-overview.md	Title: View and organize the Microsoft Defender for Endpoint devices list + Title: Device inventory description: Learn about the available features that you can use from the Devices list such as sorting, filtering, and exporting the list to enhance investigations. keywords: sort, filter, export, csv, device name, domain, last seen, internal IP, health state, active alerts, active malware detections, threat category, review alerts, network, connection, malware, type, password stealer, ransomware, exploit, threat, general malware, unwanted software ms.prod: m365-security ms.technology: mde -# View and organize the Microsoft Defender for Endpoint Devices list +# Device inventory [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] Applies to:+ - [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-machinesview-abovefoldlink) -The Devices list shows a list of the devices in your network where alerts were generated. By default, the queue displays devices seen in the last 30 days. - -At a glance you'll see information such as domain, risk level, OS platform, and other details for easy identification of devices most at risk. - -There are several options you can choose from to customize the devices list view. On the top navigation you can: --- Add or remove columns-- Export the entire list in CSV format-- Select the number of items to show per page-- Apply filters- -During the onboarding process, the Devices list is gradually populated with devices as they begin to report sensor data. Use this view to track your onboarded endpoints as they come online, or download the complete endpoint list as a CSV file for offline analysis. - -> [!NOTE] -> If you export the device list, it will contain every device in your organization. It might take a significant amount of time to download, depending on how large your organization is. Exporting the list in CSV format displays the data in an unfiltered manner. The CSV file will include all devices in the organization, regardless of any filtering applied in the view itself. - -![Image of devices list with list of devices.](images/device-inventory.png) - -## Sort and filter the device list - -You can apply the following filters to limit the list of alerts and get a more focused view. - -### Device name +The device inventory helps you discover, explore, and investigate devices in your organization including computers, servers, mobile, network appliances and IoT devices. It can help you discover unknown devices and identify device management gaps in your network. -Select the name of the device you're interested in investigating. +During the Microsoft Defender for Endpoint onboarding process, devices onboarded to MDE are gradually populated into the device inventory as they begin to report sensor data. Following this, the device inventory is populated by devices that are discovered in your network through the device discovery process. The device inventory has three tabs that list devices by: -### Domain +- Computers and Mobile: Enterprise endpoints (workstations, servers and mobile devices) +- Network devices: Devices like routers and switches +- IoT devices: Devices like printers and cameras -Select the domain you're interested in investigating. +## Navigate to the Device inventory page -### Risk level +Access the device inventory page by selecting┬áDevice inventory┬áfrom the Endpoints navigation menu in the┬á[Microsoft 365 Defender portal](/defender/microsoft-365-security-center-mde). -The risk level reflects the overall risk assessment of the device based on a combination of factors, including the types and severity of active alerts on the device. Resolving active alerts, approving remediation activities, and suppressing subsequent alerts can lower the risk level. +## Device inventory overview -### Exposure level +The device inventory opens on the Computers and Mobile tab. At a glance youΓÇÖll see information such as device name, domain, risk level, exposure level, OS platform, onboarding status, sensor health state, and other details for easy identification of devices most at risk. -The exposure level reflects the current exposure of the device based on the cumulative impact of its pending security recommendations. The possible levels are low, medium, and high. Low exposure means your devices are less vulnerable from exploitation. +Use the Onboarding Status column to sort and filter by discovered devices, and those already onboarded to Microsoft Defender for Endpoint. -If the exposure level says "No data available," there are a few reasons why this may be the case: +![Image of devices list with list of devices.](images/device-inventory.png) -- Device stopped reporting for more than 30 days. In that case it's considered inactive, and the exposure isn't computed.-- Device OS not supported - see [minimum requirements for Microsoft Defender for Endpoint](minimum-requirements.md).-- Device with stale agent (unlikely). +From the Network devices and IoT devices tabs, youΓÇÖll also see information such as vendor, model and device type: -### OS Platform +![Image of network devices list.](images/device-inventory-networkdevices.png) -Select only the OS platforms you're interested in investigating. +At the top of each device inventory tab, you can see the total number of devices, the number of devices that are not yet onboarded, and the number of devices that have been identified as a higher risk to your organization. You can use this information to help you prioritize devices for security posture improvements. -### Windows versions +The Newly discovered device count for network devices and IoT devices tabs, shows the number of new devices discovered, in the last 7 days, listed in the current view. -Select only the Windows versions you're interested in investigating. +![Image of new discovered device count.](images/new-discovered-devices.png) -### Health state +## Explore the device inventory -Filter by the following device health states: +There are several options you can choose from to customize the device inventory view. On the top navigation for each tab you can: -- Active: Devices that are actively reporting sensor data to the service.-- Inactive: Devices that have stopped sending signals for more than 7 days.-- Misconfigured: Devices that have impaired communications with service or are unable to send sensor data. Misconfigured devices can further be classified to: - - No sensor data - - Impaired communications +- Search for a device by name +- Search for a device by the most recently used IP address or IP address prefix +- Add or remove columns +- Export the entire list in CSV format for offline analysis +- Select the date range to display +- Apply filters - For more information on how to address issues on misconfigured devices see, [Fix unhealthy sensors](fix-unhealthy-sensors.md). +> [!NOTE] +> If you export the device list, it will contain every device in your organization. It might take a significant amount of time to download, depending on how large your organization is. Exporting the list in CSV format displays the data in an unfiltered manner. The CSV file will include all devices in the organization, regardless of any filtering applied in the view itself. -### Onboarding status +You can use the sort and filter functionality available on each device inventory tab to get a more focused view, and to help you assess and manage the devices in your organization. -Onboarding status indicates whether the device is currently onboarded to Microsoft Defender for Endpoint or not. You can filter by the following states: +The counts on the top of each tab will be updated based on the current view. -- Onboarded: The endpoint is onboarded to Microsoft Defender for Endpoint. +## Use filters to customize the device inventory views -- Can be onboarded: The endpoint was discovered in the network as a supported device, but it's not currently onboarded. Microsoft highly recommends onboarding these devices. +Filter \| Description +:\|: +Risk level </br> \| The risk level reflects the overall risk assessment of the device based on a combination of factors, including the types and severity of active alerts on the device. Resolving active alerts, approving remediation activities, and suppressing subsequent alerts can lower the risk level. +Exposure level </br> \| The exposure level reflects the current exposure of the device based on the cumulative impact of its pending security recommendations. The possible levels are low, medium, and high. Low exposure means your devices are less vulnerable from exploitation. </br> </br> If the exposure level says ΓÇ£No data available,ΓÇ¥ there are a few reasons why this may be the case:</br>- Device stopped reporting for more than 30 days. In that case itΓÇÖs considered inactive, and the exposure isnΓÇÖt computed.</br>- Device OS not supported - see [minimum requirements for Microsoft Defender for Endpoint](https://microsoft-my.sharepoint.com/personal/siosulli_microsoft_com/Documents/Security%20Posture/TVM/minimum-requirements.md).</br>- Device with stale agent (unlikely). +Tags </br> \| Filter the list based on the grouping and tagging that youΓÇÖve added to individual devices. See [Create and manage device tags](machine-tags.md). +Device value</br> \| Filter the list based on whether the device has been marked as high value or low value. +Exclusion state </br> \| Filter the list based on whether the device has been excluded or not. For more information, see [Exclude devices](exclude-devices.md). +OS Platform </br>\| Filter by the OS platforms youΓÇÖre interested in investigating </br></br>(_Computers and mobile and IoT devices only_) +First seen </br> \| Filter your view based on when the device was first seen in the network or when it was first reported by the Microsoft Defender for Endpoint sensor.</br></br>(_Computers and mobile and IoT devices only_) +Windows version </br> \| Filter by the Windows versions youΓÇÖre interested in investigating.</br></br> (_Computers and mobile only_) +Sensor health state </br> \| Filter by the following sensor health states, for devices onboard to Microsoft Defender for Endpoint:</br> - Active: Devices that are actively reporting sensor data to the service.</br> - Inactive: Devices that have stopped sending signals for more than 7 days. </br> - Misconfigured: Devices that have impaired communications with service or are unable to send sensor data. </br> Misconfigured devices can further be classified to: </br> - No sensor data </br> - Impaired communications </br> For more information on how to address issues on misconfigured devices see, [Fix unhealthy sensors](https://microsoft-my.sharepoint.com/personal/siosulli_microsoft_com/Documents/Security%20Posture/TVM/fix-unhealthy-sensors.md).</br></br> (_Computers and mobile only_) +Onboarding status </br> \| Onboarding status indicates whether the device is currently onboarded to Microsoft Defender for Endpoint or not. You can filter by the following states: </br> - Onboarded: The endpoint is onboarded to Microsoft Defender for Endpoint. </br> - Can be onboarded: The endpoint was discovered in the network as a supported device, but itΓÇÖs not currently onboarded. Microsoft highly recommends onboarding these devices. </br> - Unsupported: The endpoint was discovered in the network, but is not supported by Microsoft Defender for Endpoint. </br> - Insufficient info: The system couldnΓÇÖt determine the supportability of the device.</br></br> (_Computers and mobile only_) +Antivirus status </br> \| Filter the view based on whether the antivirus status is disabled, not updated or unknown.</br></br> (_Computers and mobile only_) +Group </br> \| Filter the list based on the group youΓÇÖre interested in investigating. </br></br> (_Computers and mobile only_) +Managed by </br> \| Managed by indicates how the device is being managed. You can filter by:</br>- Microsoft Defender for Endpoint </br> - Mobile device management (MDM) </br>- Unknown: This could be due the running an outdated Windows version, SCCM being in place, or another third party MDM.</br></br> (_Computers and mobile only_) +Device Type </br> \| Filter by the device type youΓÇÖre interested in investigating.</br></br> (_IoT devices only_) -- Unsupported: The endpoint was discovered in the network, but is not supported by Microsoft Defender for Endpoint. +## Use columns to customize the device inventory views -- Insufficient info: The system couldn't determine the supportability of the device. +You can add or remove columns from the view and sort the entries by clicking on an available column header. -### Last device update +On the Computer and Mobiles tab, select Customize columns to see the columns available. The default values are checked in the image below: -Filter your view based on when the device was last updated. +![Image of computers and mobiles](images/computerandmobilescolumns.png) -### First seen +On the Network devices tab, select Customize columns to see the columns available. The default values are checked in the image below: -Filter your view based on when the device was first seen in the network or when it was first reported by the Microsoft Defender for Endpoint sensor. +![Image of network device columns](images/networkdevicescolumns.png) -### Tags +On the IoT devices tab, select Customize columns to see the columns available. The default values are checked in the image below: -Filter the list based on the grouping and tagging that you've added to individual devices. See [Create and manage device tags](machine-tags.md). +![Image of IoT device columns](images/iotdevicescolumns.png) -## Related topics +## Related articles -- [Investigate devices in the Microsoft Defender for Endpoint Devices list](investigate-machines.md) +[Investigate devices in the Microsoft Defender for Endpoint Devices list](investigate-machines.md)
security	Offboard Machines	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/offboard-machines.md	Follow the corresponding instructions depending on your preferred deployment met > > In addition, devices that are not active in the last 30 days are not factored in on the data that reflects your organization's threat and vulnerability management [exposure score](tvm-exposure-score.md) and Microsoft Secure Score for Devices. > -> To view only active devices, you can filter by [health state](machines-view-overview.md#health-state), [device tags](machine-tags.md) or [machine groups](machine-groups.md). +> To view only active devices, you can filter by [sensor health state](machines-view-overview.md#use-filters-to-customize-the-device-inventory-views), [device tags](machine-tags.md) or [machine groups](machine-groups.md). ## Offboard Windows devices
security	Admin Submission	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/admin-submission.md	For other ways to submit email messages, URLs, and attachments to Microsoft, see ## Report suspicious content to Microsoft -1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to the Submissions page at Email & collaboration \> Submissions. To go directly to the Submissions page, use <https://security.microsoft.com/reportsubmission>. +1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to the Submissions page at Actions & submissions \> Submissions. To go directly to the Submissions page, use <https://security.microsoft.com/reportsubmission>. -2. On the Submissions page, verify that the Submitted for analysis tab is selected, select the email you want to report, and then click ![Submit to Microsoft for analysis icon.](../../media/m365-cc-sc-create-icon.png) Submit to Microsoft for analysis. +2. On the Submissions page, verify that the Emails or Email attachments or URLs tab is selected based on the type of content you want to report, and then click ![Submit to Microsoft for analysis icon.](../../media/m365-cc-sc-create-icon.png) Submit to Microsoft for analysis. -3. Use the Submit to Microsoft for analysis flyout that appears to submit the email, URL, or email attachment as described in the following sections. +3. Use the Submit to Microsoft for analysis flyout that appears to submit the respective type of content (email, URL, or email attachment) as described in the following sections. > [!NOTE] > File and URL submissions are not available in the clouds that do not allow for data to leave the environment. The ability to select File or URL will be greyed out. The reported message will be marked as a false positive or a false negative. An 3. In the Select a reason for submitting to Microsoft section, select one of the following options: - Should not have been blocked (False positive) - - Should have been blocked (False negative): In the This URL should have been categorized as section that appears, select Phish or Malware. + - Should have been blocked (False negative): In the This URL should have been categorized as section that appears, select one of the following values (if you're not sure, use your best judgment): + - Phish + - Malware 4. When you're finished, click Submit. The reported message will be marked as a false positive or a false negative. An 3. In the Select a reason for submitting to Microsoft section, select one of the following options: - Should not have been blocked (False positive) - - Should have been blocked (False negative): In the This file should have been categorized as section that appears, Malware is the only choice, and is automatically selected. + - Should have been blocked (False negative): In the This file should have been categorized as section that appears, select one of the following values (if you're not sure, use your best judgment): + - Phish + - Malware 4. When you're finished, click Submit. The reported message will be marked as a false positive or a false negative. An ## View admin submissions to Microsoft -1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to the Submissions page at Email & collaboration \> Submissions. To go directly to the Submissions page, use <https://security.microsoft.com/reportsubmission>. +1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to the Submissions page at Actions & submissions \> Submissions. To go directly to the Submissions page, use <https://security.microsoft.com/reportsubmission>. 2. On the Submissions page, verify that the Emails, URL, or Email attachment tab is selected. The reported message will be marked as a false positive or a false negative. An - Recipient - Date submitted<sup>\</sup> - Reason for submitting<sup>\</sup> - - Rescan status<sup>\</sup> - - Rescan result<sup>\</sup> + - Status<sup>\</sup> + - Result<sup>\</sup> - Filter verdict - Delivery/Block reason - Submission ID The reported message will be marked as a false positive or a false negative. An - Recipient - Name - Submitted by + - Reason for submitting + - Status + - Tags When you're finished, click Apply. The reported message will be marked as a false positive or a false negative. An - Type - Reason - Status - - Rescan result + - Result - Tags - To export the entries, click Export. In the dialog that appears, save the .csv file. -### Admin submission rescan details +### Admin submission result details Messages that are submitted in admin submissions are reviewed and results shown in the submissions detail flyout: Messages that are submitted in admin submissions are reviewed and results shown - Current detonation results to see if the URLs or files contained in the message were malicious or not. - Feedback from graders. -If an override was found, the rescan should complete in several minutes. If there wasn't a problem in email authentication or delivery wasn't affected by an override, then the feedback from graders could take up to a day. +If an override was found, the result should be available in several minutes. If there wasn't a problem in email authentication or delivery wasn't affected by an override, then the feedback from graders could take up to a day. ## View user submissions to Microsoft If you've deployed the [Report Message add-in](enable-the-report-message-add-in.md), the [Report Phishing add-in](enable-the-report-phish-add-in.md), or people use the [built-in reporting in Outlook on the web](report-junk-email-and-phishing-scams-in-outlook-on-the-web-eop.md), you can see what users are reporting on the User reported message tab. -1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to the Submissions page at Email & collaboration \> Submissions. To go directly to the Submissions page, use <https://security.microsoft.com/reportsubmission>. +1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to the Submissions page at Actions & submissions \> Submissions. To go directly to the Submissions page, use <https://security.microsoft.com/reportsubmission>. 2. On the Submissions page, select the User reported messages tab. If you've deployed the [Report Message add-in](enable-the-report-message-add-in. - Date reported<sup>\</sup> - Sender<sup>\</sup> - Reported reason<sup>\</sup> - - Rescan result<sup>\</sup> + - Result<sup>\</sup> - Message reported ID* - Network Message ID - Sender IP - Reported from - Phish simulation + - Converted to admin submission - Tags<sup>\</sup> - Marked as<sup>\</sup> - Marked by If you've deployed the [Report Message add-in](enable-the-report-message-add-in. - Message reported ID - Network Message ID - Sender - - Reported reason: Not junk, Phish, or Spam. + - Reported reason: Not junk, Phish, or Spam + - Reported from: Microsoft add-in or Third party add-in - Phish simulation: Yes or No + - Converted to admin submission: Yes or No - Tags When you're finished, click Apply. If you've deployed the [Report Message add-in](enable-the-report-message-add-in. - Reason - Sender - Reported by - - Rescan result + - Result - Reported from - Phish simulation + - Converted to admin submission - Tags - To export the entries, click Export. In the dialog that appears, save the .csv file.
security	Manage Tenant Allows	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/manage-tenant-allows.md	audience: ITPro ms.localizationpriority: medium search.appverid: - - MET150 + - MET150manage-tenant-allows.md - M365-security-compliance description: Admins can learn how to configure allows in the Tenant Allow/Block List in the Security portal. Admins can't add allows directly to the Tenant Allow/Block List. Instead, you us > [!IMPORTANT] > Since Microsoft manages the allows for you, sender, URL, or file allows that are not needed or considered to be bad will be removed. This is to protect your environment and prevent a misconfiguration of allows. In cases where you may disagree, a support cases may be needed to help determine why a message is still considered as bad. -## Add allows using the Submissions portal +## Add sender allows using the Submissions portal -Allow files, URLs, and senders in the Submissions section of Microsoft 365 Defender. +Allow senders (or domains) on the Submissions page in Microsoft 365 Defender. -1. In the Microsoft 365 Defender portal, go to Email & collaboration \> Submissions. +1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to Actions & submissions \> Submissions. Or, to go directly to the Submissions page, use <https://security.microsoft.com/reportsubmission>. -2. On the Submissions page, verify that the Submitted for analysis tab is selected, and then click ![Ad icon.](../../media/m365-cc-sc-create-icon.png) Submit to Microsoft for analysis. +2. On the Submissions page, verify that the Emails tab is selected, and then click ![Submit to Microsoft for analysis icon.](../../media/m365-cc-sc-create-icon.png) Submit to Microsoft for analysis. -3. Use the Submit to Microsoft for review flyout to submit a message, either by adding the network message ID or uploading the email file. +3. Use the Submit to Microsoft for review flyout to submit a message by adding the network message ID or uploading the email file. 4. In the Select a reason for submitting to Microsoft section, select Should not have been blocked (false positive). Allow files, URLs, and senders in the Submissions section of Microsoft 365 Defen > [!div class="mx-imgBorder"] > ![False positive submission example.](../../media/admin-submission-allow-messages.png) +## Add URL allows using the Submissions portal + +Allow URLs on the Submissions page in Microsoft 365 Defender. + +1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to Actions & submissions \> Submissions. Or, to go directly to the Submissions page, use <https://security.microsoft.com/reportsubmission>. + +2. On the Submissions page, select the URLs tab, and then click ![Submit to Microsoft for analysis icon.](../../media/m365-cc-sc-create-icon.png) Submit to Microsoft for analysis. + +3. Use the Submit to Microsoft for review flyout to submit a message by adding the URL. + +4. In the Select a reason for submitting to Microsoft section, select Should not have been blocked (false positive). + +5. Turn on the Allow URLs like this option. + +6. From the Remove after drop-down list, specify for how long you want the allow option to work. + +7. When you're finished, click the Submit button. + +> [!div class="mx-imgBorder"] +> ![Submit URL for analysis.](../../media/submit-url-for-analysis.png) ++ +## Add File allows using the Submissions portal + +Allow Files on the Submissions page in Microsoft 365 Defender. + +In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to Actions & submissions \> Submissions. Or, to go directly to the Submissions page, use <https://security.microsoft.com/reportsubmission>. + +2. On the Submissions page, select the Email attachments tab, and then click ![Submit to Microsoft for analysis icon.](../../media/m365-cc-sc-create-icon.png) Submit to Microsoft for analysis. + +3. Use the Submit to Microsoft for review flyout to submit a message by adding the file or files. + +4. In the Select a reason for submitting to Microsoft section, select Should not have been blocked (false positive). + +5. Turn on the Allow files like this option. + +6. From the Remove after drop-down list, specify for how long you want the allow option to work. + +7. When you're finished, click the Submit button. + +> [!div class="mx-imgBorder"] +> ![Submit email for analysis.](../../media/submit-email-for-analysis.png) ++ ## Create spoofed sender allow entries using Microsoft 365 Defender > [!NOTE] Allow files, URLs, and senders in the Submissions section of Microsoft 365 Defen > - Entries for spoofed senders never expire. > - Spoof supports both allow and block. URL supports only allow. -1. In the Microsoft 365 Defender portal, go to Policies & rules \> Threat Policies \> Rules section \> Tenant Allow/Block Lists. +1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to Email & collaboraton \> Policies & rules \> Threat policies \> Tenant Allow/Block Lists in the Rules section. Or, to go directly to the Tenant Allow/Block Lists page, use <https://security.microsoft.com/tenantAllowBlockList>. -2. On the Tenant Allow/Block List page, select the Spoofing tab, and then click ![Block icon.](../../media/m365-cc-sc-create-icon.png) Add. +2. On the Tenant Allow/Block List page, select the Spoofing tab, and then click ![Add icon.](../../media/m365-cc-sc-create-icon.png) Add. 3. In the Add new domain pairs flyout that appears, configure the following settings: - Add new domain pairs with wildcards: Enter one domain pair per line, up to a maximum of 20. For details about the syntax for spoofed sender entries, see [Manage the Tenant Allow/Block List](tenant-allow-block-list.md). Allow files, URLs, and senders in the Submissions section of Microsoft 365 Defen ## Add spoofed sender allow entries using PowerShell -To add spoofed sender entries in the Tenant Allow/Block List, use the following syntax: +To add spoofed sender entries in the Tenant Allow/Block List in [Exchange Online PowerShell](/exchange/connect-to-exchange-online-powershell), use the following syntax: ```powershell New-TenantAllowBlockListSpoofItems -SpoofedUser <Domain \| EmailAddress \| *> -SendingInfrastructure <Domain \| IPAddress/24> -SpoofType <External \| Internal> -Action <Allow \| Block>
security	Manage Tenant Blocks	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/manage-tenant-blocks.md	ms.prod: m365-security - Only the _combination_ of the spoofed user _and_ the sending infrastructure as defined in the domain pair is specifically allowed or blocked from spoofing. - When you configure an allow or block entry for a domain pair, messages from that domain pair no longer appear in the spoof intelligence insight. - Entries for spoofed senders never expire.-- Spoof supports both allow and block. URL supports only allow. +- Spoof supports both allow and block. 1. In the Microsoft 365 Defender portal, go to Policies & rules \> Threat Policies \> Rules section \> Tenant Allow/Block Lists.
security	Modify Remove Entries Tenant Allow Block	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/modify-remove-entries-tenant-allow-block.md	You can use the Microsoft 365 Defender portal or PowerShell to modify and remove 1. In the Microsoft 365 Defender portal, go to Policies & rules \> Threat Policies \> Rules section \> Tenant Allow/Block Lists. 2. Select the tab that contains the type of entry that you want to modify: - - Senders) + - Senders + - Spoofing - URLs - Files - - Spoofing + 3. Select the entry that you want to modify, and then click ![Edit icon.](../../media/m365-cc-sc-edit-icon.png) Edit. The values that you are able to modify in the flyout that appears depend on the tab you selected in the previous step: - Senders - Never expire and/or expiration date. - Optional note + - Spoofing + - Action: You can change the value to Allow or Block. - URLs - Never expire and/or expiration date. - Optional note - Files - Never expire and/or expiration date. - Optional note - - Spoofing - - Action: You can change the value to Allow or Block. + 4. When you're finished, click Save. > [!NOTE] You can use the Microsoft 365 Defender portal or PowerShell to modify and remove 2. Select the tab that contains the type of entry that you want to remove: - Senders + - Spoofing - URLs - Files - - Spoofing - + 3. Select the entry that you want to remove, and then click ![Delete icon.](../../media/m365-cc-sc-delete-icon.png) Delete. 4. In the warning dialog that appears, click Delete**. ## Use PowerShell -### Modify block file and URL entries in the Tenant Allow/Block List +### Modify allow or block sender, file and URL entries in the Tenant Allow/Block List -To modify block sender, file, and URL entries in the Tenant Allow/Block List, use the following syntax: +To modify allow or block sender, file, and URL entries in the Tenant Allow/Block List, use the following syntax: ```powershell Set-TenantAllowBlockListItems -ListType <Sender \| FileHash \| Url> -Ids <"Id1","Id2",..."IdN"> [<-ExpirationDate Date \| -NoExpiration>] [-Notes <String>] Set-TenantAllowBlockListItems -ListType Url -Ids "RgAAAAAI8gSyI_NmQqzeh-HXJBywBw For detailed syntax and parameter information, see [Set-TenantAllowBlockListItems](/powershell/module/exchange/set-tenantallowblocklistitems). -### Remove URL or file entries from the Tenant Allow/Block List +### Remove allow or block sender, URL or file entries from the Tenant Allow/Block List -To remove sender, file, and URL entries from the Tenant Allow/Block List, use the following syntax: +To remove allow or block sender, file, and URL entries from the Tenant Allow/Block List, use the following syntax: ```powershell Remove-TenantAllowBlockListItems -ListType <Sender \| FileHash \| Url> -Ids <"Id1","Id2",..."IdN"> Remove-TenantAllowBlockListItems -ListType Url -Ids "RgAAAAAI8gSyI_NmQqzeh-HXJBy For detailed syntax and parameter information, see [Remove-TenantAllowBlockListItems](/powershell/module/exchange/remove-tenantallowblocklistitems). -### Modify allow or block spoofed sender entries +### Modify allow or block spoofed sender entries from the Tenant Allow/Block List To modify allow or block spoofed sender entries in the Tenant Allow/Block List, use the following syntax: Set-TenantAllowBlockListItems -Ids "RgAAAAAI8gSyI_NmQqzeh-HXJBywBwCqfQNJY8hBTbdl For detailed syntax and parameter information, see [Set-TenantAllowBlockListSpoofItems](/powershell/module/exchange/set-tenantallowblocklistspoofitems). -### Remove allow or block spoofed sender entries - +### Remove allow or block spoofed sender entries from the Tenant Allow/Block List + To remove allow or block spoof sender entries from the Tenant Allow/Block List, use the following syntax: ```powershell
security	Tenant Allow Block List	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/tenant-allow-block-list.md	To manage all allows and blocks, see [Add blocks in the Tenant Allow/Block List] - Senders: - Value: The sender domain or email address. - Action: The value Allow or Block. + - Modified by - Last updated - Remove on - Notes - URLs: - Value: The URL. - Action: The value Allow or Block. + - Modified by - Last updated - Remove on - Notes - Files - Value: The file hash. - Action: The value Allow or Block. + - Modified by - Last updated - Remove on - Notes For detailed syntax and parameter information, see [Get-TenantAllowBlockListSpoo ## URL syntax for the Tenant Allow/Block List -- IP4v and IPv6 addresses are allowed, but TCP/UDP ports are not. +- IPv4 and IPv6 addresses are allowed, but TCP/UDP ports are not. - Filename extensions are not allowed (for example, test.pdf).
security	Whats New In Defender For Office 365	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/whats-new-in-defender-for-office-365.md	For more information on what's new with other Microsoft Defender security produc - [What's new in Microsoft Defender for Identity](/defender-for-identity/whats-new) - [What's new in Microsoft Cloud App Security](/cloud-app-security/release-notes) +## March 2022 -## December/January 2021 +- [Streamlined the submission experience in Microsoft Defender for Office 365](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/streamlining-the-submissions-experience-in-microsoft-defender/ba-p/3152080): Introducing the new unified and streamlined submission process to make your experience simpler. ++ +## January 2022 - [Updated Hunting and Investigation Experiences for Microsoft Defender for Office 365](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/updated-hunting-and-investigation-experiences-for-microsoft/ba-p/3002015): Introducing the email summary panel for experiences in Defender for Office 365, along with experience updates for Threat Explorer and Real-time detections.