+| Excel | Draft with Copilot | Get suggestions for formulas, chart types, and insights about data in your spreadsheet. |

+1. In the admin center, go to the **Reports** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a> page.

+2. From the dashboard homepage, select **SharePoint** in the left navigation.

+You can view the activities in the SharePoint report by choosing the **Activity** tab.

+

+Select **Choose columns** to add or remove columns from the report.

+Contact your Global Administrator to edit the user consent policy in the Microsoft Entra portal by following the steps in [Configure how users consent to applications](/entra/identity/enterprise-apps/configure-user-consent).

+ Title: "What happens to my data and access when my Microsoft 365 for business subscription ends?"

+When your subscription ends, your access to Microsoft 365 products and services, apps, and customer data go through multiple statuses before the subscription is fully turned off, or deleted. Being aware of this status progression can help you return your subscription to an active status before it's too late. If you're leaving Microsoft 365, we recommend that you [back up your data](move-users-different-subscription.md#back-up-data-before-changing-microsoft-365-for-business-plans) before it gets deleted.

+This article applies to all Microsoft 365 for business subscriptions, including Enterprise and Volume Licensing.

+> For some subscriptions, you can only cancel during a limited window of time after you buy or renew your subscription. If the cancellation window has passed, [turn off recurring billing](renew-your-subscription.md) to cancel the subscription at the end of its term.

+## Understand subscription lifecycle statuses

+When your subscription ends, it goes through multiple lifecycle statuses before it gets deleted. This gives you, as the admin, time to reactivate the subscription if you want to continue the service, or to back up your customer data if you decide you no longer want the subscription.

+A subscription goes through the following statuses over the course of its lifecycle:

+Active > Expired > Disabled > Deleted

+The **Expired** status starts immediately after the subscription reaches its end date, regardless of whether it expired naturally by reaching the end of the subscription term, you turned off recurring billing, canceled, or upgraded it.

+The subscription only enters the **Expired** status after all the licenses are removed. If you order fewer than the original number of licenses, the subscription doesnΓÇÖt enter the **Expired** status. Instead, admins have 90 days to resolve the conflict for any assigned licenses in excess of the purchased quantity. During this 90 day period thereΓÇÖs no service interruption to subscriptions that are assigned on a per user basis. For nonuser based subscriptions, like Office 365 Extra File Storage for SharePoint, a reduction in the license quantity immediately results in reduced storage. For Enterprise volume licensing customers, we recommend placing an Online Reservation to restore service, and then contact your licensing partner to understand why there was a reduction in licenses.

+**For yearly or three-year subscriptions**, if you turn off recurring billing, it goes through all the lifecycle statuses. The **Expired** status starts on the subscription end date, not the date that you turned off recurring billing.

+**For monthly subscriptions**, if you cancel a monthly subscription within the cancellation policy window, it skips the **Expired** status and immediately moves to the **Disabled** status on the date you cancel it. This means that your users immediately lose access to the Microsoft 365 assets, and only admins have access to the data during the Disabled state.

+> [!IMPORTANT]

+> If a subscription is deleted, adding a new subscription of the same type doesn't restore the data that was associated with the deleted subscription.

+> **What is "customer data"?** Customer data, as defined in the [Microsoft Online Service Terms](https://www.microsoft.com/en-us/licensing/product-licensing/products), refers to all data, including all text, sound, or image files that are provided to Microsoft by, or on behalf of, the customer through the customer's use of Microsoft 365 services. To learn more about the protection of customer data, see [Get started with the Microsoft Service Trust Portal](../../compliance/get-started-with-service-trust-portal.md).

+ The number of days a subscription stays in each lifecycle status is different, depending on whether you bought the subscription directly from Microsoft, or through an Enterprise agreement, a Cloud Solution Provider (CSP), or Volume Licensing (VL). For more information, see [Lengths of time a subscription spends in each lifecycle status](#lengths-of-time-a-subscription-spends-in-each-lifecycle-status), later in this article. The following table explains what you can expect for each lifecycle status when a paid Microsoft 365 for business subscription ends.

+|&nbsp;| Active | Expired* | Disabled* | Deleted |

+|--|--||-||

+| Customer data | Data is accessible to all | Data is accessible to all | Data is accessible to admins only | Data is deleted and Microsoft Entra ID is removed, if not in use by other services |

+| Users | Users have normal access to Microsoft 365, files, and Microsoft 365 apps | Users have normal access to Microsoft 365, files, and Microsoft 365 apps | Users can't access Microsoft 365 apps. Microsoft 365 apps eventually move into a read-only, reduced functionality mode and display [Unlicensed Product notifications](https://support.microsoft.com/office/0d23d3c0-c19c-4b2f-9845-5344fedc4380) | Users can't access Microsoft 365, files, or Microsoft 365 apps |

+| Licenses bought via the Volume Licensing program and assigned across the organization| | Service is immediately unavailable on the subscription end date, or if there's a reduction in license quatity | N/A | N/A |

+| Admins | Admins have normal access to Microsoft 365, data, and Microsoft 365 apps | Admins can access the admin center | Admins can access the admin center, but can't assign licenses to users | Admins can access the admin center to manage other subscriptions, or to buy new subscriptions |

+| Reactivation | Subscription is already active | Global or billing admins can reactivate the subscription in the admin center | Global or billing admins can reactivate the subscription in the admin center | Subscription can't be reactivated |

+*For most offers, in most countries/regions.

+## Lengths of time a subscription spends in each lifecycle status

+For most offers, in most countries and regions, the number of days a subscription stays in each lifecycle status is shown in the following table.

+|&nbsp;| Active | Expired | Disabled | Deleted |

+|--|--||-||

+| All subscription terms | Default status | 30 days | 90 days | Terminal state |

+### Lifecycle status durations for Enterprise customers

+If youΓÇÖre an Enterprise customer, the lifecycle statuses and time periods for each are different, based on the length of your subscription. The following table lists the statuses and number of days for each status and each subscription length.

+|&nbsp;| Active | Grace | Inactive | Deleted |

+|--|-|-|-||

+| Monthly term | Default status | 30 days | 90 days | Terminal state |

+| Annual term | Default status | 30 days | 90 days | Terminal state |

+| Multi-year term | Default status | 90 days | 90 days | Terminal state |

+### Lifecycle status durations for volume licensing customers

+If you bought your subscription through an Enterprise volume licensing agreement or through the Open Value licensing program, the following table lists the statuses and number of days.

+|&nbsp;| Active | Grace | Inactive | Deleted |

+|--|--|-|-||

+| Enterprise | Default status. Subscription end date aligns with the agreement end date | 90 days from subscription end date | 60 days | Terminal State |

+| Open / Open Value | Subscription start date based on activation of token (not necessarily purchase date) | 30 days | 90 days | Terminal state |

+### Lifecycle status durations for Cloud Service Provider (CSP) customers

+If you bought your subscription through a CSP, see [Subscription lifecycle states - Partner Center](/partner-center/subscription-lifecycle) for descriptions of the lifecycle statuses that apply to those subscriptions.

+## Understand your options if your subscription is about to expire

+While a subscription is active, you and your users have normal access to your data, services like email, OneDrive, and Microsoft 365 apps. As the admin, you receive a series of notifications via email and in the admin center as your subscription nears its expiration date.

+If youΓÇÖre a Volume Licensing customer, see [Options if your volume licensing subscription is about to expire](#options-if-your-volume-licensing-subscription-is-about-to-expire).

+Before the subscription reaches its expiration date, you have two options:

+1. **Enable recurring billing for the subscription.**

+ - If **Recurring billing** is already turned on, you don't have to take any action. Your subscription is automatically billed, and you're charged for another year or month, depending on your current billing frequency.

+ - If you turned off **Recurring billing**, you can [turn it back on](renew-your-subscription.md) on to keep your subscription active

+ - If you bought Microsoft 365 Apps for business with a prepaid card, you can [turn on **Recurring billing**](renew-your-subscription.md) for your subscription and provide a payment method to continue the subscription.

+ - If you have Microsoft 365 Apps for business, see [Manage recurring billing for your subscription](renew-your-subscription.md).

+2. **Let the subscription expire.**

+ - If you don't want to continue your subscription, [turn off recurring billing](renew-your-subscription.md). Your subscription ends on its expiration date, and you can ignore all related email notifications.

+ - If you're a Microsoft 365 Business Standard customer, and you prepaid for your subscription and activated it with a product key, you can let your subscription expire by taking no action.

+## Lifecycle information for volume licensing customers

+This section contains information specifically for customers who bought online services either through the Open Volume Licensing program or through a volume licensing program, like Enterprise, Select Plus, or Microsoft Products & Services Agreement (MPSA).

+> The Open Volume Licensing program was retired in December 2021.

+For all VL subscriptions, the **Expired** status starts immediately after the subscription reaches its end date, or the number of licenses is reduced. Services immediately become unavailable when the **Expired** status starts and lasts for 90 days. The exact end date depends on how you bought your subscription.

+- For subscriptions bought through the VL program, the end date depends on the date you placed the order.

+- For Open Value customers, the end date depends on the date you activated your product keys.

+### Options if your volume licensing subscription is about to expire

+1. **Enable recurring billing for the subscription.**

+ - If your online services were bought through the Open Volume Licensing program, see [Microsoft Open License program changes](https://www.microsoft.com/en-us/licensing/news/microsoft-open-license-program-changes) for your options to renew existing subscriptions or buy new products and services.

+ - If you bought your subscription through a Volume Licensing program, contact your Microsoft volume licensing partner about placing a renewal order.

+2. **Let the subscription expire.**

+ - If you're an Open Volume Licensing customer working with a partner, you can let your subscription expire by taking no action.

+ - If you bought your subscription through a volume licensing program, contact your Microsoft volume licensing partner to ensure there's no automatic extension in place for your agreement.

+## What happens when you cancel a subscription

+If you cancel your subscription within the cancellation policy window, the subscription skips the **Expired** status and moves directly to the **Disabled** status.

+We recommend that you [back up your data](move-users-different-subscription.md) before you cancel your subscription. As an admin, you can still access and back up data for your organization while itΓÇÖs in the Disabled status. Any customer data that you leave behind might be deleted after 90 days and will be deleted no later than 180 days after cancellation.

+> [!IMPORTANT]

+> If you explicitly delete a subscription, it skips the Expired and Disabled statuses and SharePoint Online data and content, including OneDrive, is immediately deleted.

+If you're a partner who's an admin on behalf of (AOBO) a customer, and you canceled a subscription, it can take up to 90 days for the admin center to reflect the status change.

+To learn how to cancel, see [Cancel your subscription in the Microsoft 365 admin center](cancel-your-subscription.md). If you want your subscription data to be deleted before the typical Disabled status is over, you can [close your account](../close-your-account.md).

+## What happens when your trial ends

+When your trial ends, we automatically start billing you for your subscription. Before your trial ends, you can take one of the following actions:

+- **Extend your trial.** If you need more time to evaluate Microsoft 365, you can [extend your trial](../extend-your-trial.md).

+- **Cancel the trial or let it expire.** If you decide not to buy Microsoft 365, you can [turn off recurring billing](renew-your-subscription.md) and let your trial expire or [cancel it](cancel-your-subscription.md). Before your trial ends, back up any data that you want to keep. After the 30-day Expired status ends, your trial account information and data are permanently deleted.

+|Microsoft Admin Center| admin.cloud.microsoft|

+- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges)

+<!--China endpoints version 2024032900-->

+<!--File generated 2024-03-29 08:00:04.0622-->

+-- | - | -- | | -

+4 | Allow<BR>Required | No | `*.sharepoint.cn`<BR>`40.73.129.0/24, 40.73.161.0/24, 42.159.38.0/23, 2406:e500:4600::/39` | **TCP:** 443, 80

+7 | Allow<BR>Required | No | `*.azure-mobile.cn, *.chinacloud-mobile.cn, *.chinacloudapi.cn, *.chinacloudapp.cn, *.chinacloudsites.cn, *.partner.microsoftonline-m-i.net.cn, *.partner.microsoftonline-m.net.cn, *.partner.microsoftonline-p.net.cn, *.partner.officewebapps.cn, *.windowsazure.cn, portal.partner.microsoftonline.cdnsvc.com, r4.partner.outlook.cn`<BR>`23.236.126.0/24, 40.73.240.0/24, 40.73.242.0/24, 58.68.168.0/24, 112.25.33.0/24, 123.150.49.0/24, 125.65.247.0/24, 171.107.84.0/24, 180.210.232.0/24, 180.210.234.0/24, 209.177.86.0/24, 209.177.90.0/24, 209.177.94.0/24, 222.161.226.0/24, 2406:e500:4900::/48` | **TCP:** 443, 80

+8 | Allow<BR>Required | No | `*.onmschina.cn, *.partner.microsoftonline-i.net.cn, *.partner.microsoftonline.net.cn`<BR>`101.28.252.0/24, 115.231.150.0/24, 123.235.32.0/24, 171.111.154.0/24, 175.6.10.0/24, 180.210.229.0/24, 211.90.28.0/24` | **TCP:** 443, 80

+<!--Worldwide endpoints version 2024032900-->

+<!--File generated 2024-03-29 08:00:02.3936-->

+-- | - | | - | --

+1 | Optimize<BR>Required | Yes | `outlook.cloud.microsoft, outlook.office.com, outlook.office365.com`<BR>`13.107.6.152/31, 13.107.18.10/31, 13.107.128.0/22, 23.103.160.0/20, 40.96.0.0/13, 40.104.0.0/15, 52.96.0.0/14, 131.253.33.215/32, 132.245.0.0/16, 150.171.32.0/22, 204.79.197.215/32, 2603:1006::/40, 2603:1016::/36, 2603:1026::/36, 2603:1036::/36, 2603:1046::/36, 2603:1056::/36, 2620:1ec:4::152/128, 2620:1ec:4::153/128, 2620:1ec:c::10/128, 2620:1ec:c::11/128, 2620:1ec:d::10/128, 2620:1ec:d::11/128, 2620:1ec:8f0::/46, 2620:1ec:900::/46, 2620:1ec:a92::152/128, 2620:1ec:a92::153/128` | **TCP:** 443, 80<BR>**UDP:** 443

+This article describes how to deploy Microsoft Defender for Endpoint on macOS through Microsoft Intune.

+|Approve system extension|`sysext.mobileconfig`|N/A|

+|Network extension policy|`netfilter.mobileconfig`|N/A|

+|Full Disk Access|`fulldisk.mobileconfig`|`com.microsoft.wdav.epsext`|

+|Microsoft Defender for Endpoint configuration settings <br/><br/>If you're planning to run non-Microsoft antivirus on Mac, set `passiveMode` to `true`.|`MDE_MDAV_and_exclusion_settings_Preferences.xml`|`com.microsoft.wdav`|

+|Background services|`background_services.mobileconfig`|N/A|

+|Configure Microsoft Defender for Endpoint notifications|`notif.mobileconfig`|`com.microsoft.wdav.tray`|

+|Accessibility settings|`accessibility.mobileconfig`|`com.microsoft.dlp.daemon`|

+|Configure Microsoft AutoUpdate (MAU)|`com.microsoft.autoupdate2.mobileconfig`|`com.microsoft.autoupdate2`|

+|Device Control|`DeviceControl.mobileconfig`|N/A|

+|Data Loss Prevention|`DataLossPrevention.mobileconfig`|N/A|

+|Download the onboarding package|`WindowsDefenderATPOnboarding__MDATP_wdav.atp.xml`|`com.microsoft.wdav.atp`|

+|Deploy the Microsoft Defender for Endpoint on macOS application|`Wdav.pkg`|N/A|

+1. Select **Create**.

+1. On the **Basics** tab, **Name** the profile. For example, `SysExt-prod-macOS-Default-MDE`.

+1. Select **Next**.

+ |`com.microsoft.wdav.epsext`|`UBF8T346G9`|

+ |`com.microsoft.wdav.netext`|`UBF8T346G9`|

+1. Review the configuration profile. Select **Create**.

+1. Select **Create**.

+1. On the **Basics** tab, **Name** the profile. For example, `NetFilter-prod-macOS-Default-MDE`.

+1. Select **Next**.

+1. On the **Configuration settings** tab, enter a Cus**tom configuration profile** name. For example, `NetFilter-prod-macOS-Default-MDE`.

+1. Select **Next**.

+1. Review the configuration profile. Select **Create**.

+1. Select **Create**.

+1. On the **Basics** tab, **Name** the profile. For example, `FullDiskAccess-prod-macOS-Default-MDE`.

+1. Select **Next**.

+1. On the **Configuration settings** tab, enter a **Custom configuration profile** name. For example, `Fulldisk.mobileconfig`.

+1. Select **Next**.

+1. Review the configuration profile. Select **Create**.

+1. Select **Create**.

+1. On the **Basics** tab, **Name** the profile. For example, `FullDiskAccess-prod-macOS-Default-MDE`.

+1. Select **Next**.

+1. On the **Configuration settings** tab, enter a **Custom configuration profile** name. For example, `Fulldisk.mobileconfig`.

+1. Select **Next**.

+1. Review the configuration profile. Select **Create**.

+To turn off notifications for the end users, you can change **Show NotificationCenter** from `true` to `false` in

+1. Select **Create**.

+1. On the **Basics** tab, **Name** the profile. For example, `FullDiskAccess-prod-macOS-Default-MDE`.

+1. Select **Next**.

+1. On the **Configuration settings** tab, enter a **Custom configuration profile** name. For example, `Notification.mobileconfig`.

+1. Select **Next**.

+1. Review the configuration profile. Select **Create**.

+1. Select **Create**.

+1. On the **Basics** tab, **Name** the profile. For example, `Accessibility-prod-macOS-Default-MDE`.

+1. Select **Next**.

+1. On the **Configuration settings** tab, enter a **Custom configuration profile** name. For example, `Accessibility.mobileconfig`.

+1. Select **Next**.

+1. Review the configuration profile. Select **Create**.

+1. Select **Create**.

+1. On the **Basics** tab, **Name** the profile. For example, `Autoupdate-prod-macOS-Default-MDE`.

+1. Select **Next**.

+1. On the **Configuration settings** tab, enter a **Custom configuration profile** name. For example, `Autoupdate.mobileconfig`.

+1. Select **Next**.

+1. Review the configuration profile. Select **Create**.

+In this step, we go over the "Preferences," which enables you to configure anti-malware and EDR policies using Microsoft Defender portal and Microsoft Intune.

+1. Under **Select Template**, choose a template and select **Create Policy**.

+1. Select **Next**.

+1. On the **Assignments** tab, assign the profile to a group where the macOS devices and/or users are located, or All Users and All devices.

+1. Under **Select Template**, select **Microsoft Defender Antivirus** and select **Create Policy**.

+1. On the **Basics** tab, enter the **Name** and **Description** of the policy. Select **Next**.

+1. On the **Configuration Settings** tab, under Network Protection, select an **Enforcement level**. Select **Next**.

+1. On the **Assignments** tab, assign the profile to a group where the macOS devices and/or users are located, or All Users and All devices.

+1. Review the policy in **Review+Create** and select **Save**.

+1. Under **App type**, select **macOS**. Select **Select**.

+1. On the **App information**, keep the default values and select **Next**.

+1. On the **Assignments** tab, select **Next**.

+ ```bash

+ unzip WindowsDefenderATPOnboardingPackage.zip

+ ```

+ ```console

+ Archive: WindowsDefenderATPOnboardingPackage.zip

+ warning: WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators

+ inflating: intune/kext.xml

+ inflating: intune/WindowsDefenderATPOnboarding.xml

+ inflating: jamf/WindowsDefenderATPOnboarding.plist

+ ```

+ :::image type="content" alt-text="Sample description" source="media/deploy-onboarding-package.png" lightbox="media/deploy-onboarding-package.png":::

+This profile contains license information for Microsoft Defender for Endpoint.

+1. Select **Create**.

+1. On the **Basics** tab, **Name** the profile. For example, `Autoupdate-prod-macOS-Default-MDE`. Select **Next**.

+1. On the **Configuration settings** tab, enter a **Custom configuration profile** name. For example, `Autoupdate.mobileconfig`.

+1. Select **Next**.

+1. Review the configuration profile. Select **Create**.

+See the following article to test for an anti-malware detection review: [Antivirus detection test for verifying device's onboarding and reporting services](validate-antimalware.md)

+Learn about adding Microsoft Defender for Endpoint to macOS devices using Microsoft Intune.

+description: Onboard Windows 10 and Windows 11 devices, servers, non-Windows devices and learn how to run a detection test.

+In many cases, organizations have existing endpoint security products in place. The bare minimum being an antivirus solution, but in some cases, an organization might have existing endpoint detection and response solution.

+It's common that Defender for Endpoint needs to exist along side these existing endpoint security products either indefinitely or during a cutover period. Fortunately, Defender for Endpoint and the endpoint security suite is modular and can be adopted in a systematic approach.

+| [Configure Auto Investigation & Remediation (AIR) capabilities](configure-automated-investigations-remediation.md) | Microsoft Defender for Endpoint uses Automated investigations to significantly reduce the volume of alerts that need to be investigated individually. The Automated investigation feature uses various inspection algorithms, and processes used by analysts (such as playbooks) to examine alerts and take immediate remediation action to resolve breaches. AIR significantly reduces alert volume, allowing security operations experts to focus on more sophisticated threats and other high value initiatives.|Not applicable|

+You'll need to go through onboarding steps of the [Microsoft Defender portal](https://security.microsoft.com) (Go to **Settings** > **Endpoints** > **Onboarding**) to onboard any of the supported devices. Depending on the device, you're guided with appropriate steps and provided management and deployment tool options suitable for the device.

+In general, you identify the client you're onboarding, then follow the corresponding tool appropriate to the device or your environment.

+When you select **Line-of-business app**, you have the option to add your specific installation package file. Also, you can choose to use [Test Base](https://go.microsoft.com/fwlink/?linkid=2165798) to help you manage the performance of your LOB app.