Updates from: 03/30/2024 02:12:39
Category Microsoft Docs article Related commit history on GitHub Change details
microsoft-365-copilot-overview Microsoft 365 Copilot Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/copilot/microsoft-365-copilot-overview.md
Microsoft 365 apps (such as Word, Excel, PowerPoint, Outlook, Teams, loop, and m
| PowerPoint | Draft with Copilot | Create a new presentation from a prompt or Word file, leveraging enterprise templates. PowerPoint files can also be used for grounding data | | | Chat | Summary and Q&A | | | Light commanding | Add slides, pictures, or make deck-wide formatting changes. |
+| Excel | Draft with Copilot | Get suggestions for formulas, chart types, and insights about data in your spreadsheet. |
| Loop | Collaborative content creation | Create content that can be collaboratively improved through direct editing or refinement by Copilot. | | Outlook | Coaching tips | Get coaching tips and suggestions on clarity, sentiment, and tone, along with an overall message assessment and suggestions for improvement. | | | Summarize | Summarize an email thread to help the user quickly understand the discussion. |
admin Sharepoint Activity Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/sharepoint-activity-ww.md
f1.keywords:
Previously updated : 10/20/2020 Last updated : 03/29/2024 audience: Admin
For example, you can understand the activity of every user licensed to use Share
## How do I get to the SharePoint activity report?
-1. In the admin center, go to the **Reports** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a> page.
-2. From the dashboard homepage, click on the **View more** button on the SharePoint card.
+1. In the admin center, go to the **Reports** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a> page.
+2. From the dashboard homepage, select **SharePoint** in the left navigation.
## Interpret the SharePoint activity report
-You can view the activities in the SharePoint report by choosing the **Activity** tab.<br/>![Microsoft 365 reports - Microsoft SharePoint activity report.](../../media/5a0a96f-0e4f-4fb9-8baa-3262275b3d1f.png)
+You can view the activities in the SharePoint report by choosing the **Activity** tab.
-Select **Choose columns** to add or remove columns from the report.
+![Microsoft 365 reports - Microsoft SharePoint activity report.](../../media/5a0a96f-0e4f-4fb9-8baa-3262275b3d1f.png)
+
+Select **Choose columns** to add or remove columns from the report.
![SharePoint activity report - choose columns.](../../media/3c396cd1-9701-4712-8eaa-eb7bba702aa8.png)
admin User Consent https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/user-consent.md
A user can give access only to apps they own that access their Microsoft 365 inf
## Turning user consent on or off
-Contact your Global Administrator to edit the user consent policy in the Microsoft Entra portal by following [these steps](https://learn.microsoft.com/entra/identity/enterprise-apps/configure-user-consent).
+Contact your Global Administrator to edit the user consent policy in the Microsoft Entra portal by following the steps in [Configure how users consent to applications](/entra/identity/enterprise-apps/configure-user-consent).
## Related content
commerce Manage Self Service Purchases Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/manage-self-service-purchases-users.md
search.appverid: - MET150 description: "Users can learn how to manage their self-service purchases in the Microsoft 365 admin center." Previously updated : 02/22/2024 Last updated : 03/27/2024 # Manage self-service purchases and trials (for users)
commerce What If My Subscription Expires https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/what-if-my-subscription-expires.md
Title: "What happens to my data and access when my subscription ends?"
+ Title: "What happens to my data and access when my Microsoft 365 for business subscription ends?"
f1.keywords: - NOCSH
- AdminTemplateSet search.appverid: MET150 description: "Learn what happens to your data when your Microsoft 365 for business subscription expires, is disabled, or if you cancel." Previously updated : 01/10/2023 Last updated : 03/29/2024 # What happens to my data and access when my Microsoft 365 for business subscription ends?
-If your subscription endsΓÇöeither because it expires, or because you decide to upgrade or cancel itΓÇöyour access to Microsoft 365 services, applications, and customer data go through multiple stages before the subscription is fully turned off, or *deleted*. If you're aware of this progression, you're better equipped to return your subscription to an active stage before it's too late, or, if you're leaving Microsoft 365, back up your data before it's ultimately deleted.
+When your subscription ends, your access to Microsoft 365 products and services, apps, and customer data go through multiple statuses before the subscription is fully turned off, or deleted. Being aware of this status progression can help you return your subscription to an active status before it's too late. If you're leaving Microsoft 365, we recommend that you [back up your data](move-users-different-subscription.md#back-up-data-before-changing-microsoft-365-for-business-plans) before it gets deleted.
-Read through this important information before you contact [Microsoft 365 support](../../admin/get-help-support.md).
+This article applies to all Microsoft 365 for business subscriptions, including Enterprise and Volume Licensing.
> [!IMPORTANT]
-> For some subscriptions, you can only cancel during a limited window of time after you buy or renew your subscription. If the cancellation window has passed, turn off recurring billing to cancel the subscription at the end of its term.
+> For some subscriptions, you can only cancel during a limited window of time after you buy or renew your subscription. If the cancellation window has passed, [turn off recurring billing](renew-your-subscription.md) to cancel the subscription at the end of its term.
-## What happens to data when a subscription expires?
+## Understand subscription lifecycle statuses
-When your subscription expires, it goes through the following stages: Expired > Disabled > Deleted. The Expired stage starts immediately after the subscription has reached its end date.
+When your subscription ends, it goes through multiple lifecycle statuses before it gets deleted. This gives you, as the admin, time to reactivate the subscription if you want to continue the service, or to back up your customer data if you decide you no longer want the subscription.
-- **Annual subscriptions.** If you turn off recurring billing on an annual subscription, it goes through the same stages as an expired subscription. The first stage starts on the anniversary of the annual subscription, not the date that you turned off the subscription's recurring billing setting.-- **Monthly subscriptions.** If you cancel a monthly subscription, it immediately moves to the Disabled stage on the date you cancel it. This means that your users immediately lose access to the Microsoft 365 assets, and only admins have access to the data for the next 90 days.
+A subscription goes through the following statuses over the course of its lifecycle:
-The following table explains what you can expect when a paid Microsoft 365 for business subscription expires.
+Active > Expired > Disabled > Deleted
-| Active | Expired <br/>(30 days\*) | Disabled <br/>(90 days\*) | Deleted |
-||||-|
-| *Data accessible to all* | *Data accessible to all* | *Data accessible to admins only* | **Data deleted<br/>Microsoft Entra ID is removed, if not in use by other services** |
-| Users have normal access to Microsoft 365, files, and Microsoft 365 apps | Users have normal access to Microsoft 365, files, and Microsoft 365 apps | Users can't access Microsoft 365 apps | Users can't access Microsoft 365, files, or Microsoft 365 apps |
-| Admins have normal access to Microsoft 365, data, and Microsoft 365 apps | Admins can access the admin center | Admins can access the admin center, but can't assign licenses to users | Admins can access the admin center to buy and manage other subscriptions |
-| | Global or billing admins can reactivate the subscription in the admin center | Global or billing admins can reactivate the subscription in the admin center | |
+The **Expired** status starts immediately after the subscription reaches its end date, regardless of whether it expired naturally by reaching the end of the subscription term, you turned off recurring billing, canceled, or upgraded it.
-*For most offers, in most countries and regions.
-
-> [!NOTE]
->
-> **What is "customer data"?** Customer data, as defined in the [Microsoft Online Service Terms](https://www.microsoft.com/en-us/licensing/product-licensing/products), refers to all data, including all text, sound, or image files that are provided to Microsoft by, or on behalf of, the customer through the customer's use of Microsoft 365 services. To learn more about the protection of customer data, see the [Get started with the Microsoft Service Trust Portal](../../compliance/get-started-with-service-trust-portal.md).
+The subscription only enters the **Expired** status after all the licenses are removed. If you order fewer than the original number of licenses, the subscription doesnΓÇÖt enter the **Expired** status. Instead, admins have 90 days to resolve the conflict for any assigned licenses in excess of the purchased quantity. During this 90 day period thereΓÇÖs no service interruption to subscriptions that are assigned on a per user basis. For nonuser based subscriptions, like Office 365 Extra File Storage for SharePoint, a reduction in the license quantity immediately results in reduced storage. For Enterprise volume licensing customers, we recommend placing an Online Reservation to restore service, and then contact your licensing partner to understand why there was a reduction in licenses.
-## What happens if I cancel a subscription?
+**For yearly or three-year subscriptions**, if you turn off recurring billing, it goes through all the lifecycle statuses. The **Expired** status starts on the subscription end date, not the date that you turned off recurring billing.
-If you cancel your subscription before its term end date, the subscription skips the Expired stage and moves directly into the Disabled stage, which is 90 days for most subscriptions, in most countries and regions. We recommend that you [back up your data](move-users-different-subscription.md) before canceling. As an admin, you can still access and back up data for your organization while it is in the Disabled stage. Any customer data that you leave behind might be deleted after 90 days and will be deleted no later than 180 days after cancellation.
-
-If you're a partner who's an admin on behalf of (AOBO) a customer, and you've canceled a subscription, it can take up to 90 days for the admin center to reflect the status change.
+**For monthly subscriptions**, if you cancel a monthly subscription within the cancellation policy window, it skips the **Expired** status and immediately moves to the **Disabled** status on the date you cancel it. This means that your users immediately lose access to the Microsoft 365 assets, and only admins have access to the data during the Disabled state.
+
+> [!IMPORTANT]
+> If a subscription is deleted, adding a new subscription of the same type doesn't restore the data that was associated with the deleted subscription.
> [!NOTE]
-> If you want your subscription data to be deleted before the typical Disabled stage is over, you can [close your account](../close-your-account.md).
+> **What is "customer data"?** Customer data, as defined in the [Microsoft Online Service Terms](https://www.microsoft.com/en-us/licensing/product-licensing/products), refers to all data, including all text, sound, or image files that are provided to Microsoft by, or on behalf of, the customer through the customer's use of Microsoft 365 services. To learn more about the protection of customer data, see [Get started with the Microsoft Service Trust Portal](../../compliance/get-started-with-service-trust-portal.md).
-Here's what to expect for you and your users if you cancel a subscription.
-
-- **Admin access** Admins can still sign in and access the admin center, and buy other subscriptions as needed. As a global or billing admin, you have 90 days to [reactivate the subscription](reactivate-your-subscription.md) with all data intact.
+ The number of days a subscription stays in each lifecycle status is different, depending on whether you bought the subscription directly from Microsoft, or through an Enterprise agreement, a Cloud Solution Provider (CSP), or Volume Licensing (VL). For more information, see [Lengths of time a subscription spends in each lifecycle status](#lengths-of-time-a-subscription-spends-in-each-lifecycle-status), later in this article. The following table explains what you can expect for each lifecycle status when a paid Microsoft 365 for business subscription ends.
-- **User access** Your users can't use services like OneDrive for Business, or access customer data like email or documents on team sites. Office applications, like Word and Excel, are eventually moved into a read-only, reduced functionality mode and display [Unlicensed Product notifications](https://support.microsoft.com/office/0d23d3c0-c19c-4b2f-9845-5344fedc4380).
+|&nbsp;| Active | Expired* | Disabled* | Deleted |
+|--|--||-||
+| Customer data | Data is accessible to all | Data is accessible to all | Data is accessible to admins only | Data is deleted and Microsoft Entra ID is removed, if not in use by other services |
+| Users | Users have normal access to Microsoft 365, files, and Microsoft 365 apps | Users have normal access to Microsoft 365, files, and Microsoft 365 apps | Users can't access Microsoft 365 apps. Microsoft 365 apps eventually move into a read-only, reduced functionality mode and display [Unlicensed Product notifications](https://support.microsoft.com/office/0d23d3c0-c19c-4b2f-9845-5344fedc4380) | Users can't access Microsoft 365, files, or Microsoft 365 apps |
+| Licenses bought via the Volume Licensing program and assigned across the organization| | Service is immediately unavailable on the subscription end date, or if there's a reduction in license quatity | N/A | N/A |
+| Admins | Admins have normal access to Microsoft 365, data, and Microsoft 365 apps | Admins can access the admin center | Admins can access the admin center, but can't assign licenses to users | Admins can access the admin center to manage other subscriptions, or to buy new subscriptions |
+| Reactivation | Subscription is already active | Global or billing admins can reactivate the subscription in the admin center | Global or billing admins can reactivate the subscription in the admin center | Subscription can't be reactivated |
-To learn how to cancel, see [Cancel your subscription](cancel-your-subscription.md).
+*For most offers, in most countries/regions.
-> [!IMPORTANT]
-> If you explicitly delete a subscription, it skips the Expired and Disabled stages and the SharePoint Online data and content, including OneDrive, is immediately deleted.
+## Lengths of time a subscription spends in each lifecycle status
-## What are my options if my subscription is about to expire?
+For most offers, in most countries and regions, the number of days a subscription stays in each lifecycle status is shown in the following table.
-While a subscription is active, you and your users have normal access to your data, services like email and OneDrive for Business, and Microsoft 365 apps. As the admin, you'll receive a series of notifications via email and in the admin center as your subscription nears its expiration date.
-
-Before the subscription actually reaches its expiration date, you have a few options:
-
-- **Enable recurring billing for the subscription.**
- - If **Recurring billing** is already turned on, you don't have to take any action. Your subscription is automatically billed, and you're charged for another year or month, depending on your current payment frequency. If for any reason you've turned **Recurring billing** off, you can always [turn Recurring billing back on](renew-your-subscription.md).
- - If you bought Microsoft 365 Apps for business with a prepaid card, you can [turn on Recurring billing](renew-your-subscription.md) for your subscription.
- - If you're an Open Volume Licensing customer with a prepaid, one-year subscription, contact your partner to buy a new product key. You'll receive instructions via email to activate your key in the [Volume Licensing Service Center](https://go.microsoft.com/fwlink/p/?LinkID=282016). To learn how to find a new partner, or the partner you've worked with in the past, see [Find your partner or reseller](../../admin/manage/find-your-partner-or-reseller.md).
- - If you have Microsoft 365 Apps for business, see [Manage recurring billing for your subscription](renew-your-subscription.md).
-- **Let the subscription expire.**
- - If you're paying by credit card or invoice and you don't want to continue your subscription, [turn off Recurring billing](renew-your-subscription.md). Your subscription ends on its expiration date, and you can ignore all related email notifications.
- - If you're an Open Volume Licensing customer working with a partner, you can let your subscription expire by taking no action.
- - If you're a Microsoft 365 Business Standard customer, and you prepaid for your subscription and activated it with a product key, you can let your subscription expire by taking no action.
-- **Cancel before the subscription expires.** For details, see [Cancel your subscription](cancel-your-subscription.md).-
-## What happens after my subscription expires?
-
-If you let your subscription expire, it goes through multiple stages before it's ultimately deleted. This gives you, as the admin, time to reactivate if you want to continue the service, or to back up your data if you decide you no longer want the subscription.
-
-Here's what you can expect when your subscription is in each stage.
-
-### Stage: Expired
+|&nbsp;| Active | Expired | Disabled | Deleted |
+|--|--||-||
+| All subscription terms | Default status | 30 days | 90 days | Terminal state |
-**What to expect:** The Expired stage lasts for 30 days for most subscriptions, including subscriptions bought through [Microsoft Open](https://go.microsoft.com/fwlink/p/?LinkID=613298), in most countries and regions. For Volume Licensing products, except for Microsoft Open, the Expired stage lasts 90 days.
+### Lifecycle status durations for Enterprise customers
-In this stage, users have normal access to the Microsoft 365 portal, Microsoft 365 apps, and services such as email and SharePoint Online.
-
-As an admin, you still have access to the admin center. Don't worryΓÇöglobal or billing admins can [reactivate the subscription](reactivate-your-subscription.md) and continue using Microsoft 365. If you don't reactivate, [back up your data](move-users-different-subscription.md).
-
-### Stage: Disabled
+If youΓÇÖre an Enterprise customer, the lifecycle statuses and time periods for each are different, based on the length of your subscription. The following table lists the statuses and number of days for each status and each subscription length.
-**What to expect:** If you don't reactivate your subscription while it is in the Expired stage, it moves into a Disabled stage, which lasts for 90 days for most subscriptions, in most countries and regions. For Volume Licensing products, the Disabled stage lasts 30 days.
+|&nbsp;| Active | Grace | Inactive | Deleted |
+|--|-|-|-||
+| Monthly term | Default status | 30 days | 90 days | Terminal state |
+| Annual term | Default status | 30 days | 90 days | Terminal state |
+| Multi-year term | Default status | 90 days | 90 days | Terminal state |
-In this stage, your access decreases significantly. Users can't access Microsoft 365 apps. Microsoft 365 apps eventually move into a read-only, reduced functionality mode and display [Unlicensed Product notifications](https://support.microsoft.com/office/0d23d3c0-c19c-4b2f-9845-5344fedc4380). You can still sign in and get to the admin center, but can't assign licenses to users. Your customer data, including all user data, email, and files on team sites, is available only to you and other admins.
+### Lifecycle status durations for volume licensing customers
-As a global or billing admin, you can [reactivate the subscription](reactivate-your-subscription.md) and continue using Microsoft 365 with all of your customer data intact. If you choose not to reactivate, [back up your data](move-users-different-subscription.md).
+If you bought your subscription through an Enterprise volume licensing agreement or through the Open Value licensing program, the following table lists the statuses and number of days.
+
+|&nbsp;| Active | Grace | Inactive | Deleted |
+|--|--|-|-||
+| Enterprise | Default status. Subscription end date aligns with the agreement end date | 90 days from subscription end date | 60 days | Terminal State |
+| Open / Open Value | Subscription start date based on activation of token (not necessarily purchase date) | 30 days | 90 days | Terminal state |
+
+### Lifecycle status durations for Cloud Service Provider (CSP) customers
+
+If you bought your subscription through a CSP, see [Subscription lifecycle states - Partner Center](/partner-center/subscription-lifecycle) for descriptions of the lifecycle statuses that apply to those subscriptions.
+
+## Understand your options if your subscription is about to expire
+
+While a subscription is active, you and your users have normal access to your data, services like email, OneDrive, and Microsoft 365 apps. As the admin, you receive a series of notifications via email and in the admin center as your subscription nears its expiration date.
+
+If youΓÇÖre a Volume Licensing customer, see [Options if your volume licensing subscription is about to expire](#options-if-your-volume-licensing-subscription-is-about-to-expire).
+
+Before the subscription reaches its expiration date, you have two options:
+
+1. **Enable recurring billing for the subscription.**
+ - If **Recurring billing** is already turned on, you don't have to take any action. Your subscription is automatically billed, and you're charged for another year or month, depending on your current billing frequency.
+ - If you turned off **Recurring billing**, you can [turn it back on](renew-your-subscription.md) on to keep your subscription active
+ - If you bought Microsoft 365 Apps for business with a prepaid card, you can [turn on **Recurring billing**](renew-your-subscription.md) for your subscription and provide a payment method to continue the subscription.
+ - If you have Microsoft 365 Apps for business, see [Manage recurring billing for your subscription](renew-your-subscription.md).
+2. **Let the subscription expire.**
+ - If you don't want to continue your subscription, [turn off recurring billing](renew-your-subscription.md). Your subscription ends on its expiration date, and you can ignore all related email notifications.
+ - If you're a Microsoft 365 Business Standard customer, and you prepaid for your subscription and activated it with a product key, you can let your subscription expire by taking no action.
+
+## Lifecycle information for volume licensing customers
+
+This section contains information specifically for customers who bought online services either through the Open Volume Licensing program or through a volume licensing program, like Enterprise, Select Plus, or Microsoft Products & Services Agreement (MPSA).
-### Stage: Deleted
-
-**What to expect:** If you don't reactivate your subscription while it's expired or disabled, the subscription is deleted.
-
-Admins and users no longer have access to the services or Microsoft 365 apps that came with the subscription. All customer dataΓÇöfrom user data to documents and emailΓÇöis permanently deleted and is unrecoverable.
-
-At this point, you can't reactivate the subscription. However, as a global or billing admin, you can still access the admin center to manage other subscriptions, or to buy new subscriptions to meet your business needs.
-
> [!NOTE]
->
-> - Adding a new subscription of the same type that was deleted doesn't restore the data that was associated with the deleted subscription.
-> - If a Cloud Solution Provider (CSP) license is suspended, there's no 30-day Expired stage, and services are disabled immediately. Data is deleted after 90 days if the tenant isn't reactivated by adding a new license.
+> The Open Volume Licensing program was retired in December 2021.
+
+For all VL subscriptions, the **Expired** status starts immediately after the subscription reaches its end date, or the number of licenses is reduced. Services immediately become unavailable when the **Expired** status starts and lasts for 90 days. The exact end date depends on how you bought your subscription.
+
+- For subscriptions bought through the VL program, the end date depends on the date you placed the order.
+- For Open Value customers, the end date depends on the date you activated your product keys.
+
+### Options if your volume licensing subscription is about to expire
+
+1. **Enable recurring billing for the subscription.**
+ - If your online services were bought through the Open Volume Licensing program, see [Microsoft Open License program changes](https://www.microsoft.com/en-us/licensing/news/microsoft-open-license-program-changes) for your options to renew existing subscriptions or buy new products and services.
+ - If you bought your subscription through a Volume Licensing program, contact your Microsoft volume licensing partner about placing a renewal order.
+2. **Let the subscription expire.**
+ - If you're an Open Volume Licensing customer working with a partner, you can let your subscription expire by taking no action.
+ - If you bought your subscription through a volume licensing program, contact your Microsoft volume licensing partner to ensure there's no automatic extension in place for your agreement.
+
+## What happens when you cancel a subscription
+
+If you cancel your subscription within the cancellation policy window, the subscription skips the **Expired** status and moves directly to the **Disabled** status.
+
+We recommend that you [back up your data](move-users-different-subscription.md) before you cancel your subscription. As an admin, you can still access and back up data for your organization while itΓÇÖs in the Disabled status. Any customer data that you leave behind might be deleted after 90 days and will be deleted no later than 180 days after cancellation.
+
+> [!IMPORTANT]
+> If you explicitly delete a subscription, it skips the Expired and Disabled statuses and SharePoint Online data and content, including OneDrive, is immediately deleted.
+
+If you're a partner who's an admin on behalf of (AOBO) a customer, and you canceled a subscription, it can take up to 90 days for the admin center to reflect the status change.
+
+To learn how to cancel, see [Cancel your subscription in the Microsoft 365 admin center](cancel-your-subscription.md). If you want your subscription data to be deleted before the typical Disabled status is over, you can [close your account](../close-your-account.md).
-### What happens when my trial ends?
+## What happens when your trial ends
-When your trial ends, you can't continue using Microsoft 365 for free. You have a few options:
+When your trial ends, we automatically start billing you for your subscription. Before your trial ends, you can take one of the following actions:
-- **Buy Microsoft 365.** When your trial expires, it moves into the Expired stage, which gives you another 30 days (for most trials, in most countries and regions) to buy a Microsoft 365 subscription. To learn how to convert your trial into a paid subscription, see [Buy a subscription from your free trial](../try-or-buy-microsoft-365.md#buy-a-subscription-from-your-free-trial).-- **Extend your trial.** Need more time to evaluate Microsoft 365? In certain cases, you can [extend your trial](../extend-your-trial.md).-- **Cancel the trial or let it expire.** If you decide not to buy Microsoft 365, you can let your trial expire or [cancel it](cancel-your-subscription.md). Back up any data that you want to keep. After the 30-day Expired stage ends, your trial account information and data are permanently deleted.
+- **Extend your trial.** If you need more time to evaluate Microsoft 365, you can [extend your trial](../extend-your-trial.md).
+- **Cancel the trial or let it expire.** If you decide not to buy Microsoft 365, you can [turn off recurring billing](renew-your-subscription.md) and let your trial expire or [cancel it](cancel-your-subscription.md). Before your trial ends, back up any data that you want to keep. After the 30-day Expired status ends, your trial account information and data are permanently deleted.
> [!NOTE]
->
> The information on this page is subject to the [Microsoft Policy Disclaimer and Change Notice](https://go.microsoft.com/fwlink/p/?LinkId=613651). Return to this site periodically to review any changes. ## Related content
enterprise Cloud Microsoft Domain https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/cloud-microsoft-domain.md
The following Microsoft 365 products and services are now available in the `clou
|**Service**|**URL**| |:--|:--| |Microsoft 365 Service Health Status Page | status.cloud.microsoft|
+|Microsoft Admin Center| admin.cloud.microsoft|
|Microsoft Loop | loop.cloud.microsoft| |Microsoft Mesh | mesh.cloud.microsoft| |Microsoft Setup | setup.cloud.microsoft|
The following Microsoft 365 products and services are now available in the `clou
## See also - [Introducing cloud.microsoft: a unified domain for Microsoft 365 apps and services](https://techcommunity.microsoft.com/t5/microsoft-365-blog/introducing-cloud-microsoft-a-unified-domain-for-microsoft-365/ba-p/3804961)-- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges)
+- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges)
includes Office 365 Operated By 21Vianet Endpoints https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/office-365-operated-by-21vianet-endpoints.md
<!--THIS FILE IS AUTOMATICALLY GENERATED. MANUAL CHANGES WILL BE OVERWRITTEN.--> <!--Please contact the Office 365 Endpoints team with any questions.-->
-<!--China endpoints version 2023120100-->
-<!--File generated 2023-11-30 17:00:14.8942-->
+<!--China endpoints version 2024032900-->
+<!--File generated 2024-03-29 08:00:04.0622-->
## Exchange Online
ID | Category | ER | Addresses | Ports
## SharePoint Online and OneDrive for Business ID | Category | ER | Addresses | Ports | - | -- | | -
-4 | Allow<BR>Required | No | `*.sharepoint.cn`<BR>`40.73.129.0/24, 40.73.161.0/24, 42.159.34.0/27, 42.159.38.0/23, 42.159.162.0/27, 42.159.166.0/23, 2406:e500:4000:2::/63, 2406:e500:4101:2::/64` | **TCP:** 443, 80
+-- | - | -- | | -
+4 | Allow<BR>Required | No | `*.sharepoint.cn`<BR>`40.73.129.0/24, 40.73.161.0/24, 42.159.38.0/23, 2406:e500:4600::/39` | **TCP:** 443, 80
21 | Default<BR>Required | No | `*.wns.windows.com` | **TCP:** 443, 80 ## Skype for Business Online and Microsoft Teams
ID | Category | ER | Addresses | Ports
ID | Category | ER | Addresses | Ports -- | | -- | -- | -
-7 | Allow<BR>Required | No | `*.azure-mobile.cn, *.chinacloudapi.cn, *.chinacloudapp.cn, *.chinacloud-mobile.cn, *.chinacloudsites.cn, *.partner.microsoftonline-m.net.cn, *.partner.microsoftonline-m-i.net.cn, *.partner.microsoftonline-p.net.cn, *.partner.officewebapps.cn, *.windowsazure.cn, portal.partner.microsoftonline.cdnsvc.com, r4.partner.outlook.cn`<BR>`23.236.126.0/24, 40.73.240.0/24, 40.73.242.0/24, 58.68.168.0/24, 112.25.33.0/24, 123.150.49.0/24, 125.65.247.0/24, 171.107.84.0/24, 180.210.232.0/24, 180.210.234.0/24, 209.177.86.0/24, 209.177.90.0/24, 209.177.94.0/24, 222.161.226.0/24, 2406:e500:4900::/48` | **TCP:** 443, 80
-8 | Allow<BR>Required | No | `*.onmschina.cn, *.partner.microsoftonline.net.cn, *.partner.microsoftonline-i.net.cn`<BR>`101.28.252.0/24, 115.231.150.0/24, 123.235.32.0/24, 171.111.154.0/24, 175.6.10.0/24, 180.210.229.0/24, 211.90.28.0/24` | **TCP:** 443, 80
+7 | Allow<BR>Required | No | `*.azure-mobile.cn, *.chinacloud-mobile.cn, *.chinacloudapi.cn, *.chinacloudapp.cn, *.chinacloudsites.cn, *.partner.microsoftonline-m-i.net.cn, *.partner.microsoftonline-m.net.cn, *.partner.microsoftonline-p.net.cn, *.partner.officewebapps.cn, *.windowsazure.cn, portal.partner.microsoftonline.cdnsvc.com, r4.partner.outlook.cn`<BR>`23.236.126.0/24, 40.73.240.0/24, 40.73.242.0/24, 58.68.168.0/24, 112.25.33.0/24, 123.150.49.0/24, 125.65.247.0/24, 171.107.84.0/24, 180.210.232.0/24, 180.210.234.0/24, 209.177.86.0/24, 209.177.90.0/24, 209.177.94.0/24, 222.161.226.0/24, 2406:e500:4900::/48` | **TCP:** 443, 80
+8 | Allow<BR>Required | No | `*.onmschina.cn, *.partner.microsoftonline-i.net.cn, *.partner.microsoftonline.net.cn`<BR>`101.28.252.0/24, 115.231.150.0/24, 123.235.32.0/24, 171.111.154.0/24, 175.6.10.0/24, 180.210.229.0/24, 211.90.28.0/24` | **TCP:** 443, 80
9 | Allow<BR>Required | No | `*.partner.microsoftonline-p.cn`<BR>`182.50.87.0/24` | **TCP:** 443, 80 10 | Allow<BR>Required | No | `*.partner.microsoftonline.cn`<BR>`103.9.8.0/22` | **TCP:** 443, 80 11 | Default<BR>Required | No | `activation.sls.microsoft.com, crl.microsoft.com, odc.officeapps.live.com, officecdn.microsoft.com, officeclient.microsoft.com` | **TCP:** 443, 80
includes Office 365 Worldwide Endpoints https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/office-365-worldwide-endpoints.md
<!--THIS FILE IS AUTOMATICALLY GENERATED. MANUAL CHANGES WILL BE OVERWRITTEN.--> <!--Please contact the Office 365 Endpoints team with any questions.-->
-<!--Worldwide endpoints version 2024013000-->
-<!--File generated 2024-01-30 08:00:03.7751-->
+<!--Worldwide endpoints version 2024032900-->
+<!--File generated 2024-03-29 08:00:02.3936-->
## Exchange Online ID | Category | ER | Addresses | Ports | - | | | --
-1 | Optimize<BR>Required | Yes | `outlook.office.com, outlook.office365.com`<BR>`13.107.6.152/31, 13.107.18.10/31, 13.107.128.0/22, 23.103.160.0/20, 40.96.0.0/13, 40.104.0.0/15, 52.96.0.0/14, 131.253.33.215/32, 132.245.0.0/16, 150.171.32.0/22, 204.79.197.215/32, 2603:1006::/40, 2603:1016::/36, 2603:1026::/36, 2603:1036::/36, 2603:1046::/36, 2603:1056::/36, 2620:1ec:4::152/128, 2620:1ec:4::153/128, 2620:1ec:c::10/128, 2620:1ec:c::11/128, 2620:1ec:d::10/128, 2620:1ec:d::11/128, 2620:1ec:8f0::/46, 2620:1ec:900::/46, 2620:1ec:a92::152/128, 2620:1ec:a92::153/128` | **TCP:** 443, 80<BR>**UDP:** 443
+-- | - | | - | --
+1 | Optimize<BR>Required | Yes | `outlook.cloud.microsoft, outlook.office.com, outlook.office365.com`<BR>`13.107.6.152/31, 13.107.18.10/31, 13.107.128.0/22, 23.103.160.0/20, 40.96.0.0/13, 40.104.0.0/15, 52.96.0.0/14, 131.253.33.215/32, 132.245.0.0/16, 150.171.32.0/22, 204.79.197.215/32, 2603:1006::/40, 2603:1016::/36, 2603:1026::/36, 2603:1036::/36, 2603:1046::/36, 2603:1056::/36, 2620:1ec:4::152/128, 2620:1ec:4::153/128, 2620:1ec:c::10/128, 2620:1ec:c::11/128, 2620:1ec:d::10/128, 2620:1ec:d::11/128, 2620:1ec:8f0::/46, 2620:1ec:900::/46, 2620:1ec:a92::152/128, 2620:1ec:a92::153/128` | **TCP:** 443, 80<BR>**UDP:** 443
2 | Allow<BR>Optional<BR>**Notes:** POP3, IMAP4, SMTP Client traffic | Yes | `outlook.office365.com, smtp.office365.com`<BR>`13.107.6.152/31, 13.107.18.10/31, 13.107.128.0/22, 23.103.160.0/20, 40.96.0.0/13, 40.104.0.0/15, 52.96.0.0/14, 131.253.33.215/32, 132.245.0.0/16, 150.171.32.0/22, 204.79.197.215/32, 2603:1006::/40, 2603:1016::/36, 2603:1026::/36, 2603:1036::/36, 2603:1046::/36, 2603:1056::/36, 2620:1ec:4::152/128, 2620:1ec:4::153/128, 2620:1ec:c::10/128, 2620:1ec:c::11/128, 2620:1ec:d::10/128, 2620:1ec:d::11/128, 2620:1ec:8f0::/46, 2620:1ec:900::/46, 2620:1ec:a92::152/128, 2620:1ec:a92::153/128` | **TCP:** 587, 993, 995, 143 8 | Default<BR>Required | No | `*.outlook.com, autodiscover.<tenant>.onmicrosoft.com` | **TCP:** 443, 80 9 | Allow<BR>Required | Yes | `*.protection.outlook.com`<BR>`40.92.0.0/15, 40.107.0.0/16, 52.100.0.0/14, 52.238.78.88/32, 104.47.0.0/17, 2a01:111:f400::/48, 2a01:111:f403::/48` | **TCP:** 443
security Mac Install With Intune https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-install-with-intune.md
search.appverid: met150 Previously updated : 12/18/2020 Last updated : 03/28/2024 # Deploy Microsoft Defender for Endpoint on macOS with Microsoft Intune
Last updated 12/18/2020
- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for business](https://www.microsoft.com/security/business/endpoint-security/microsoft-defender-business)
-This article describes how to deploy Microsoft Defender for Endpoint on macOS through Microsoft Intune. A successful deployment requires the completion of all of the following steps:
-
-1. [Approve system extension](#step-1-approve-system-extensions)
-1. [Network Filter](#step-2-network-filter)
-1. [Full Disk Access](#step-3-full-disk-access)
-1. [Background services](#step-4-background-services)
-1. [Notifications](#step-5-notifications)
-1. [ Accessibility settings](#step-6-accessibility-settings)
-1. [Microsoft AutoUpdate](#step-7-microsoft-autoupdate)
-1. [Microsoft Defender for Endpoint configuration settings](#step-8-microsoft-defender-for-endpoint-configuration-settings)
-1. [Network protection for Microsoft Defender for Endpoint on macOS](#step-9-network-protection-for-microsoft-defender-for-endpoint-on-macos)
-1. [Device control for Microsoft Defender for Endpoint on macOS](#step-10-device-control-for-microsoft-defender-for-endpoint-on-macos)
-1. [Data Loss Prevention for Endpoint](#step-11-data-loss-prevention-dlp-for-endpoint)
-1. [Check status of the PList(.mobileconfig)](#step-12-check-status-of-plistmobileconfig)
-1. [Publish application](#step-13-publish-application)
-1. [Download the onboarding package](#step-14-download-the-onboarding-package)
-1. [Deploy the onboarding package](#step-15-deploy-the-onboarding-package)
+This article describes how to deploy Microsoft Defender for Endpoint on macOS through Microsoft Intune.
## Prerequisites and system requirements
The following table summarizes the steps you would need to take to deploy and ma
|Step |Sample file name |Bundle identifier | ||||
-|Approve system extension|sysext.mobileconfig|N/A|
-|Network extension policy|netfilter.mobileconfig|N/A|
-|Full Disk Access|fulldisk.mobileconfig|com.microsoft.wdav.epsext|
-|Microsoft Defender for Endpoint configuration settings <p> **Note:** If you're planning to run a third-party AV for macOS, set passiveMode to true.|MDE_MDAV_and_exclusion_settings_Preferences.xml|com.microsoft.wdav|
-|Background services|background_services.mobileconfig|N/A|
-|Configure Microsoft Defender for Endpoint notifications|notif.mobileconfig|com.microsoft.wdav.tray|
-|Accessibility settings|accessibility.mobileconfig|com.microsoft.dlp.daemon|
-|Configure Microsoft AutoUpdate (MAU)|com.microsoft.autoupdate2.mobileconfig|com.microsoft.autoupdate2|
-|Device Control|DeviceControl.mobileconfig|N/A|
-|Data Loss Prevention|DataLossPrevention.mobileconfig|N/A|
-|Download the onboarding package|WindowsDefenderATPOnboarding__MDATP_wdav.atp.xml|com.microsoft.wdav.atp|
-|Deploy the Microsoft Defender for Endpoint on macOS application|Wdav.pkg|N/A|
+|Approve system extension|`sysext.mobileconfig`|N/A|
+|Network extension policy|`netfilter.mobileconfig`|N/A|
+|Full Disk Access|`fulldisk.mobileconfig`|`com.microsoft.wdav.epsext`|
+|Microsoft Defender for Endpoint configuration settings <br/><br/>If you're planning to run non-Microsoft antivirus on Mac, set `passiveMode` to `true`.|`MDE_MDAV_and_exclusion_settings_Preferences.xml`|`com.microsoft.wdav`|
+|Background services|`background_services.mobileconfig`|N/A|
+|Configure Microsoft Defender for Endpoint notifications|`notif.mobileconfig`|`com.microsoft.wdav.tray`|
+|Accessibility settings|`accessibility.mobileconfig`|`com.microsoft.dlp.daemon`|
+|Configure Microsoft AutoUpdate (MAU)|`com.microsoft.autoupdate2.mobileconfig`|`com.microsoft.autoupdate2`|
+|Device Control|`DeviceControl.mobileconfig`|N/A|
+|Data Loss Prevention|`DataLossPrevention.mobileconfig`|N/A|
+|Download the onboarding package|`WindowsDefenderATPOnboarding__MDATP_wdav.atp.xml`|`com.microsoft.wdav.atp`|
+|Deploy the Microsoft Defender for Endpoint on macOS application|`Wdav.pkg`|N/A|
## Create system configuration profiles
In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2
This profile is needed for Big Sur (11) or later. It is ignored on older macOS since they use the kernel extension. 1. Under **Configuration profiles**, select **Create Profile**.+ 1. Under **Platform**, select **macOS**.+ 1. Under **Profile type**, select **Templates**.+ 1. Under **Template name**, select **Extensions**.
-1. Click **Create**.
-1. On the **Basics** tab, **Name** the profile. For example, 'SysExt-prod-macOS-Default-MDE'.
-1. Click **Next**.
+
+1. Select **Create**.
+
+1. On the **Basics** tab, **Name** the profile. For example, `SysExt-prod-macOS-Default-MDE`.
+
+1. Select **Next**.
+ 1. On the **Configuration settings** tab, expand **System Extensions** and add the following entries in the **Allowed system extensions** section: |Bundle identifier|Team identifier| |||
- |com.microsoft.wdav.epsext|UBF8T346G9|
- |com.microsoft.wdav.netext|UBF8T346G9|
+ |`com.microsoft.wdav.epsext`|`UBF8T346G9`|
+ |`com.microsoft.wdav.netext`|`UBF8T346G9`|
:::image type="content" source="media/mac-system-extension-intune2.png" alt-text="The settings of the system's extension" lightbox="media/mac-system-extension-intune2.png"::: 1. On the **Assignments** tab, assign the profile to a group where the macOS devices and/or users are located, or All Users and All devices.
-1. Review the configuration profile. Click **Create**.
+
+1. Review the configuration profile. Select **Create**.
### Step 2: Network filter
Download [netfilter.mobileconfig](https://raw.githubusercontent.com/microsoft/md
To configure network filter: 1. Under **Configuration profiles**, select **Create Profile**.+ 1. Under **Platform**, select **macOS**.+ 1. Under **Profile type**, select **Templates**.+ 1. Under **Template name**, select **Custom**.
-1. Click **Create**.
-1. On the **Basics** tab, **Name** the profile. For example, 'NetFilter-prod-macOS-Default-MDE'.
-1. Click **Next**.
-1. On the **Configuration settings** tab, enter a Cus**tom configuration profile** name. For example, 'NetFilter-prod-macOS-Default-MDE'.
+
+1. Select **Create**.
+
+1. On the **Basics** tab, **Name** the profile. For example, `NetFilter-prod-macOS-Default-MDE`.
+
+1. Select **Next**.
+
+1. On the **Configuration settings** tab, enter a Cus**tom configuration profile** name. For example, `NetFilter-prod-macOS-Default-MDE`.
+ 1. Choose a Deployment channel.
-1. Click **Next**.
+
+1. Select **Next**.
+ 1. On the **Assignments** tab, assign the profile to a group where the macOS devices and/or users are located, or All Users and All devices.
-1. Review the configuration profile. Click **Create**.
+
+1. Review the configuration profile. Select **Create**.
### Step 3: Full Disk Access
Download [**fulldisk.mobileconfig**](https://raw.githubusercontent.com/microsoft
To configure Full Disk Access: 1. Under **Configuration profiles**, select **Create Profile**.+ 1. Under **Platform**, select **macOS**.+ 1. Under **Profile type**, select **Templates**.+ 1. Under **Template name**, select **Custom**.
-1. Click **Create**.
-1. On the **Basics** tab, **Name** the profile. For example, 'FullDiskAccess-prod-macOS-Default-MDE'.
-1. Click **Next**.
-1. On the **Configuration settings** tab, enter a **Custom configuration profile** name. For example, 'Fulldisk.mobileconfig'.
+
+1. Select **Create**.
+
+1. On the **Basics** tab, **Name** the profile. For example, `FullDiskAccess-prod-macOS-Default-MDE`.
+
+1. Select **Next**.
+
+1. On the **Configuration settings** tab, enter a **Custom configuration profile** name. For example, `Fulldisk.mobileconfig`.
+ 1. Choose a **Deployment channel**.
-1. Click **Next**.
+
+1. Select **Next**.
+ 1. Select a **Configuration profile file**.+ 1. On the **Assignments** tab, assign the profile to a group where the macOS devices and/or users are located, or All Users and All devices.
-1. Review the configuration profile. Click **Create**.
+
+1. Review the configuration profile. Select **Create**.
### Step 4: Background services
Download [background_services.mobileconfig](https://raw.githubusercontent.com/mi
To configure background 1. Under **Configuration profiles**, select **Create Profile**.+ 1. Under **Platform**, select **macOS**.+ 1. Under **Profile type**, select **Templates**.+ 1. Under **Template name**, select **Custom**.
-1. Click **Create**.
-1. On the **Basics** tab, **Name** the profile. For example, 'FullDiskAccess-prod-macOS-Default-MDE'.
-1. Click **Next**.
-1. On the **Configuration settings** tab, enter a **Custom configuration profile** name. For example, 'Fulldisk.mobileconfig'.
+
+1. Select **Create**.
+
+1. On the **Basics** tab, **Name** the profile. For example, `FullDiskAccess-prod-macOS-Default-MDE`.
+
+1. Select **Next**.
+
+1. On the **Configuration settings** tab, enter a **Custom configuration profile** name. For example, `Fulldisk.mobileconfig`.
+ 1. Choose a **Deployment channel**.
-1. Click **Next**.
+
+1. Select **Next**.
+ 1. Select a **Configuration profile file**.+ 1. On the **Assignments** tab, assign the profile to a group where the macOS devices and/or users are located, or All Users and All devices.
-1. Review the configuration profile. Click **Create**.
+
+1. Review the configuration profile. Select **Create**.
### Step 5: Notifications
This profile is used to allow Microsoft Defender for Endpoint on macOS and Micro
Download [notif.mobileconfig](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/notif.mobileconfig) from [GitHub repository](https://github.com/microsoft/mdatp-xplat/tree/master/macos/mobileconfig/profiles).
-To turn off notifications for the end users, you can change '**Show NotificationCenter**' from 'true' to 'false' in
+To turn off notifications for the end users, you can change **Show NotificationCenter** from `true` to `false` in
[notif.mobileconfig](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/notif.mobileconfig). :::image type="content" source="media/image.png" alt-text="Screenshot showing notif.mobileconfig with ShowNotificationCenter set to True.":::
To turn off notifications for the end users, you can change '**Show Notification
To configure notifications: 1. Under **Configuration profiles**, select **Create Profile**.+ 1. Under **Platform**, select **macOS**.+ 1. Under **Profile type**, select **Templates**.+ 1. Under **Template name**, select **Custom**.
-1. Click **Create**.
-1. On the **Basics** tab, **Name** the profile. For example, 'FullDiskAccess-prod-macOS-Default-MDE'.
-1. Click **Next**.
-1. On the **Configuration settings** tab, enter a **Custom configuration profile** name. For example, 'Notification.mobileconfig'.
+
+1. Select **Create**.
+
+1. On the **Basics** tab, **Name** the profile. For example, `FullDiskAccess-prod-macOS-Default-MDE`.
+
+1. Select **Next**.
+
+1. On the **Configuration settings** tab, enter a **Custom configuration profile** name. For example, `Notification.mobileconfig`.
+ 1. Choose a **Deployment channel**.
-1. Click **Next**.
+
+1. Select **Next**.
+ 1. Select a **Configuration profile file**.+ 1. On the **Assignments** tab, assign the profile to a group where the macOS devices and/or users are located, or All Users and All devices.
-1. Review the configuration profile. Click **Create**.
+
+1. Review the configuration profile. Select **Create**.
### Step 6: Accessibility settings
This profile is used to allow Microsoft Defender for Endpoint on macOS to access
Download [accessibility.mobileconfig](https://github.com/microsoft/mdatp-xplat/blob/master/macos/mobileconfig/profiles/accessibility.mobileconfig) from [GitHub repository](https://github.com/microsoft/mdatp-xplat/tree/master/macos/mobileconfig/profiles). 1. Under **Configuration profiles**, select **Create Profile**.+ 1. Under **Platform**, select **macOS**.+ 1. Under **Profile type**, select **Templates**.+ 1. Under **Template name**, select **Custom**.
-1. Click **Create**.
-1. On the **Basics** tab, **Name** the profile. For example, 'Accessibility-prod-macOS-Default-MDE'.
-1. Click **Next**.
-1. On the **Configuration settings** tab, enter a **Custom configuration profile** name. For example, 'Accessibility.mobileconfig'.
+
+1. Select **Create**.
+
+1. On the **Basics** tab, **Name** the profile. For example, `Accessibility-prod-macOS-Default-MDE`.
+
+1. Select **Next**.
+
+1. On the **Configuration settings** tab, enter a **Custom configuration profile** name. For example, `Accessibility.mobileconfig`.
+ 1. Choose a **Deployment channel**.
-1. Click **Next**.
+
+1. Select **Next**.
+ 1. Select a **Configuration profile file**.+ 1. On the **Assignments** tab, assign the profile to a group where the macOS devices and/or users are located, or All Users and All devices.
-1. Review the configuration profile. Click **Create**.
+
+1. Review the configuration profile. Select **Create**.
### Step 7: Microsoft AutoUpdate
Download [AutoUpdate2.mobileconfig](https://github.com/microsoft/mdatp-xplat/blo
> The sample AutoUpdate2.mobileconfig from the GitHub repository has it set to Current Channel (Production). 1. Under **Configuration profiles**, select **Create Profile**.+ 1. Under **Platform**, select **macOS**.+ 1. Under **Profile type**, select **Templates**.+ 1. Under **Template name**, select **Custom**.
-1. Click **Create**.
-1. On the **Basics** tab, **Name** the profile. For example, 'Autoupdate-prod-macOS-Default-MDE'.
-1. Click **Next**.
-1. On the **Configuration settings** tab, enter a **Custom configuration profile** name. For example, 'Autoupdate.mobileconfig'.
+
+1. Select **Create**.
+
+1. On the **Basics** tab, **Name** the profile. For example, `Autoupdate-prod-macOS-Default-MDE`.
+
+1. Select **Next**.
+
+1. On the **Configuration settings** tab, enter a **Custom configuration profile** name. For example, `Autoupdate.mobileconfig`.
+ 1. Choose a **Deployment channel**.
-1. Click **Next**.
+
+1. Select **Next**.
+ 1. Select a **Configuration profile file**.+ 1. On the **Assignments** tab, assign the profile to a group where the macOS devices and/or users are located, or All Users and All devices.
-1. Review the configuration profile. Click **Create**.
+
+1. Review the configuration profile. Select **Create**.
### Step 8: Microsoft Defender for Endpoint configuration settings
-In this step, we'll go over the "Preferences," which enables you to configure anti-malware and edr policies using Microsoft Defender portal and Microsoft Intune.
+In this step, we go over the "Preferences," which enables you to configure anti-malware and EDR policies using Microsoft Defender portal and Microsoft Intune.
#### Set policies using Microsoft Defender portal
Go through [Configure Microsoft Defender for Endpoint in Intune](/mem/intune/pro
In the [Microsoft Defender portal](https://sip.security.microsoft.com/homepage?tid=72f988bf-86f1-41af-91ab-2d7cd011db47): 1. Go to **Configuration management** > **Endpoint security policies** > **Mac policies** > **Create new policy**.+ 1. Under **Select Platform**, select **macOS**.
-1. Under **Select Template**, choose a template and click **Create Policy**.
+
+1. Under **Select Template**, choose a template and select **Create Policy**.
+ 1. Enter the Name and Description of the policy.
-1. Click **Next**.
-1. On the **Assignments** tab,assign the profile to a group where the macOS devices and/or users are located, or All Users and All devices.
+
+1. Select **Next**.
+
+1. On the **Assignments** tab, assign the profile to a group where the macOS devices and/or users are located, or All Users and All devices.
For more information about managing security settings, see:
For more information, see [Set preferences for Microsoft Defender for Endpoint o
In the [Microsoft Defender portal](https://sip.security.microsoft.com/homepage?tid=72f988bf-86f1-41af-91ab-2d7cd011db47): 1. Go to **Configuration management** > **Endpoint security policies** > **Mac policies** > **Create new policy**.+ 1. Under **Select Platform**, select **macOS**.
-1. Under **Select Template**, select **Microsoft Defender Antivirus** and click **Create Policy**.
+
+1. Under **Select Template**, select **Microsoft Defender Antivirus** and select **Create Policy**.
:::image type="content" alt-text="networkprotection" source="images/network-protection1.jpg" lightbox="images/network-protection1.jpg":::
-1. On the **Basics** tab, enter the **Name** and **Description** of the policy. Click **Next**.
+1. On the **Basics** tab, enter the **Name** and **Description** of the policy. Select **Next**.
:::image type="content" source="images/networkprotection2.png" alt-text="Basicstab":::
-1. On the **Configuration Settings** tab, under Network Protection, select an **Enforcement level**. Click **Next**.
+1. On the **Configuration Settings** tab, under Network Protection, select an **Enforcement level**. Select **Next**.
:::image type="content" source="images/networkprotection3.png" alt-text="configurationsettings":::
-1. On the **Assignments** tab,assign the profile to a group where the macOS devices and/or users are located, or All Users and All devices.
+1. On the **Assignments** tab, assign the profile to a group where the macOS devices and/or users are located, or All Users and All devices.
:::image type="content" source="images/networkprotection4.png" alt-text="np4":::
-1. Review the policy in **Review+Create** and click **Save**.
+1. Review the policy in **Review+Create** and select **Save**.
> [!TIP]
This step enables deploying Microsoft Defender for Endpoint to enrolled machines
:::image type="content" source="mediatp-8-app-before.png"::: 1. Select **By platform** > **macOS** > **Add**.
-1. Under **App type**, select **macOS**. Click **Select**.
+
+1. Under **App type**, select **macOS**. Select **Select**.
:::image type="content" source="mediatp-9-app-type.png":::
-1. On the **App information**, keep the default values and click **Next**.
+1. On the **App information**, keep the default values and select **Next**.
:::image type="content" source="mediatp-10-properties.png":::
-1. On the **Assignments** tab, click **Next**.
+1. On the **Assignments** tab, select **Next**.
:::image type="content" source="mediatp-11-assignments.png":::
To download the onboarding packages from Microsoft 365 Defender portal:
4. Extract the contents of the .zip file:
- ```bash
- unzip WindowsDefenderATPOnboardingPackage.zip
- ```
+ ```bash
+ unzip WindowsDefenderATPOnboardingPackage.zip
+ ```
- ```console
- Archive: WindowsDefenderATPOnboardingPackage.zip
- warning: WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators
- inflating: intune/kext.xml
- inflating: intune/WindowsDefenderATPOnboarding.xml
- inflating: jamf/WindowsDefenderATPOnboarding.plist
- ```
+ ```console
+ Archive: WindowsDefenderATPOnboardingPackage.zip
+ warning: WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators
+ inflating: intune/kext.xml
+ inflating: intune/WindowsDefenderATPOnboarding.xml
+ inflating: jamf/WindowsDefenderATPOnboarding.plist
+ ```
- :::image type="content" alt-text="Sample description" source="media/deploy-onboarding-package.png" lightbox="media/deploy-onboarding-package.png":::
+ :::image type="content" alt-text="Sample description" source="media/deploy-onboarding-package.png" lightbox="media/deploy-onboarding-package.png":::
### Step 15: Deploy the onboarding package
-This profile contains license information for Microsoft Defender for Endpoint, without which it is reported as not licensed.
+This profile contains license information for Microsoft Defender for Endpoint.
To deploy the onboarding package: 1. Under **Configuration profiles**, select **Create Profile**.+ 1. Under **Platform**, select **macOS**.+ 1. Under **Profile type**, select **Templates**.+ 1. Under **Template name**, select **Custom**.
-1. Click **Create**.
+
+1. Select **Create**.
:::image type="content" alt-text="Deploy onboarding package" source="mediatp-6-systemconfigurationprofiles-1.png":::
-1. On the **Basics** tab, **Name** the profile. For example, 'Autoupdate-prod-macOS-Default-MDE'. Click **Next**.
+1. On the **Basics** tab, **Name** the profile. For example, `Autoupdate-prod-macOS-Default-MDE`. Select **Next**.
:::image type="content" alt-text="click next" source="mediatp-6-systemconfigurationprofiles-2.png":::
-1. On the **Configuration settings** tab, enter a **Custom configuration profile** name. For example, 'Autoupdate.mobileconfig'.
+1. On the **Configuration settings** tab, enter a **Custom configuration profile** name. For example, `Autoupdate.mobileconfig`.
+ 1. Choose a **Deployment channel**.
-1. Click **Next**.
+
+1. Select **Next**.
+ 1. Select a **Configuration profile file**. :::image type="content" alt-text="configuration profile" source="mediatp-6-systemconfigurationprofiles.png":::
To deploy the onboarding package:
:::image type="content" alt-text="assign users" source="mediatp-6-systemconfigurationprofiles-3.png":::
-1. Review the configuration profile. Click **Create**.
+1. Review the configuration profile. Select **Create**.
+ 1. Open **Devices** > **Configuration profiles** to see the created profile. ## Step 16: Verify anti-malware detection
-See the following article to test for an anti-malware detection review: [AV detection test for verifying device's onboarding and reporting services](validate-antimalware.md)
+See the following article to test for an anti-malware detection review: [Antivirus detection test for verifying device's onboarding and reporting services](validate-antimalware.md)
## Step 17: Verifying EDR detection
For information on troubleshooting procedures, see:
See [Uninstalling](mac-resources.md#uninstalling) for details on how to remove Microsoft Defender for Endpoint on macOS from client devices. -- ## Recommended content [Add Microsoft Defender for Endpoint to macOS devices using Microsoft Intune](/mem/intune/apps/apps-advanced-threat-protection-macos?source=recommendations)
-<br>Learn about adding Microsoft Defender for Endpoint to macOS devices using Microsoft Intune.
+
+Learn about adding Microsoft Defender for Endpoint to macOS devices using Microsoft Intune.
[Examples of device control policies for Intune](mac-device-control-intune.md) <br>Learn how to use device control policies using examples that can be used with Intune.
See [Uninstalling](mac-resources.md#uninstalling) for details on how to remove M
<br>Configure Microsoft Defender for Endpoint web protection on Android devices managed by Microsoft Intune. --- [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../../includes/defender-mde-techcommunity.md)]
security Onboard Configure https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/onboard-configure.md
Title: Onboard devices and configure Microsoft Defender for Endpoint capabilities
-description: Onboard Windows 10 devices, servers, non-Windows devices and learn how to run a detection test.
+description: Onboard Windows 10 and Windows 11 devices, servers, non-Windows devices and learn how to run a detection test.
search.appverid: met150 Previously updated : 01/31/2023 Last updated : 03/28/2024 # Configure Microsoft Defender for Endpoint capabilities
In this step, you're ready to configure Microsoft Defender for Endpoint capabili
## Configure capabilities
-In many cases, organizations will have existing endpoint security products in place. The bare minimum being an antivirus solution, but in some cases, an organization might have existing endpoint detection and response solution.
+In many cases, organizations have existing endpoint security products in place. The bare minimum being an antivirus solution, but in some cases, an organization might have existing endpoint detection and response solution.
-It is common that Defender for Endpoint will need to exist along side these existing endpoint security products either indefinitely or during a cutover period. Fortunately, Defender for Endpoint and the endpoint security suite is modular and can be adopted in a systematic approach.
+It's common that Defender for Endpoint needs to exist along side these existing endpoint security products either indefinitely or during a cutover period. Fortunately, Defender for Endpoint and the endpoint security suite is modular and can be adopted in a systematic approach.
Onboarding devices effectively enables the endpoint detection and response capability of Microsoft Defender for Endpoint. After onboarding the devices, you'll then need to configure the other capabilities of the service. The following table lists the capabilities you can configure to get the best protection for your environment and the order Microsoft recommends for how the endpoint security suite should be enabled.
Onboarding devices effectively enables the endpoint detection and response capab
| [Configure Microsoft Defender Vulnerability Management](../defender-vulnerability-management/tvm-prerequisites.md) | Defender Vulnerability Management is a component of Microsoft Defender for Endpoint, and provides both security administrators and security operations teams with unique value, including: <br><br> - Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities. <br><br> - Invaluable device vulnerability context during incident investigations. <br><br> - Built-in remediation processes through Microsoft Intune and Microsoft System Center Configuration Manager.|2| | [Configure Next-generation protection (NGP)](configure-microsoft-defender-antivirus-features.md) | Microsoft Defender Antivirus is a built-in antimalware solution that provides next-generation protection for desktops, portable computers, and servers. Microsoft Defender Antivirus includes:<br> <br>-Cloud-delivered protection for near-instant detection and blocking of new and emerging threats. Along with machine learning and the Intelligent Security Graph, cloud-delivered protection is part of the next-gen technologies that power Microsoft Defender Antivirus.<br> <br> - Always-on scanning using advanced file and process behavior monitoring and other heuristics (also known as "real-time protection").<br><br> - Dedicated protection updates based on machine learning, human and automated big-data analysis, and in-depth threat resistance research. |3| | [Configure attack surface reduction](overview-attack-surface-reduction.md) | Attack surface reduction capabilities in Microsoft Defender for Endpoint help protect the devices and applications in the organization from new and emerging threats. |4|
-| [Configure Auto Investigation & Remediation (AIR) capabilities](configure-automated-investigations-remediation.md) | Microsoft Defender for Endpoint uses Automated investigations to significantly reduce the volume of alerts that need to be investigated individually. The Automated investigation feature leverages various inspection algorithms, and processes used by analysts (such as playbooks) to examine alerts and take immediate remediation action to resolve breaches. This significantly reduces alert volume, allowing security operations experts to focus on more sophisticated threats and other high value initiatives.|Not applicable|
+| [Configure Auto Investigation & Remediation (AIR) capabilities](configure-automated-investigations-remediation.md) | Microsoft Defender for Endpoint uses Automated investigations to significantly reduce the volume of alerts that need to be investigated individually. The Automated investigation feature uses various inspection algorithms, and processes used by analysts (such as playbooks) to examine alerts and take immediate remediation action to resolve breaches. AIR significantly reduces alert volume, allowing security operations experts to focus on more sophisticated threats and other high value initiatives.|Not applicable|
| [Configure Microsoft Defender Experts capabilities](../defender/defender-experts-for-hunting.md) | Microsoft Experts is a managed hunting service that provides Security Operation Centers (SOCs) with expert level monitoring and analysis to help them ensure that critical threats in their unique environments don't get missed.|Not applicable| For more information, see [Supported Microsoft Defender for Endpoint capabilities by platform](supported-capabilities-by-platform.md).
security Onboard Windows Client https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/onboard-windows-client.md
Last updated 05/19/2022
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https:%2F%2Faka.ms%2FMDEp2OpenTrial)
-You'll need to go through onboarding steps of the Defender for Endpoint portal to onboard any of the supported devices. Depending on the device, you'll be guided with appropriate steps and provided management and deployment tool options suitable for the device.
+You'll need to go through onboarding steps of the [Microsoft Defender portal](https://security.microsoft.com) (Go to **Settings** > **Endpoints** > **Onboarding**) to onboard any of the supported devices. Depending on the device, you're guided with appropriate steps and provided management and deployment tool options suitable for the device.
Devices in your organization must be configured so that the Defender for Endpoint service can get sensor data from them. There are various methods and deployment tools that you can use to configure the devices in your organization.
-In general, you'll identify the client you're onboarding, then follow the corresponding tool appropriate to the device or your environment.
+In general, you identify the client you're onboarding, then follow the corresponding tool appropriate to the device or your environment.
:::image type="content" source="images/onboarddevices.png" alt-text="Onboard devices" lightbox="images/onboarddevices.png"::: -- [!INCLUDE [Defender for Endpoint repackaging warning](../../includes/repackaging-warning.md)] -- ## Related topics+ - [Onboard Windows devices using Microsoft Intune](configure-endpoints-mdm.md) - [Onboard Windows devices using Group Policy](configure-endpoints-gp.md) - [Onboard Windows devices using a local script](configure-endpoints-script.md) - [Onboard non-persistent virtual desktop infrastructure (VDI) devices](configure-endpoints-vdi.md)+ [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../../includes/defender-mde-techcommunity.md)]
solutions Apps Add Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-add-overview.md
audience: ITPro Last updated : 03/29/2024 description: Add apps overview for Microsoft Intune. ms.localizationpriority: high
solutions Apps Add Step 1 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-add-step-1.md
audience: ITPro Last updated : 03/29/2024 description: Step 1. Assess app requirements. ms.localizationpriority: high
solutions Apps Add Step 2 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-add-step-2.md
audience: ITPro Last updated : 03/29/2024 description: Step 2. Create and edit categories for apps. ms.localizationpriority: high
solutions Apps Add Step 3 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-add-step-3.md
audience: ITPro Last updated : 03/29/2024 description: Step 3. Purchase apps. ms.localizationpriority: high
solutions Apps Add Step 4 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-add-step-4.md
audience: ITPro Last updated : 03/29/2024 description: Step 4. Add apps to Intune. ms.localizationpriority: high
solutions Apps Add Step 5 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-add-step-5.md
audience: ITPro Last updated : 03/29/2024 description: Step 5. Manage apps and licenses. ms.localizationpriority: high
solutions Apps Config Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-config-overview.md
audience: ITPro Last updated : 03/29/2024 description: Configure apps using Microsoft Intune. ms.localizationpriority: high
solutions Apps Config Step 1 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-config-step-1.md
audience: ITPro Last updated : 03/29/2024 description: Step 1. Configure the Company Portal ms.localizationpriority: high
solutions Apps Config Step 2 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-config-step-2.md
audience: ITPro Last updated : 03/29/2024 description: Step 2. Configure Microsoft Outlook. ms.localizationpriority: high
solutions Apps Config Step 3 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-config-step-3.md
audience: ITPro Last updated : 03/29/2024 description: Step 3. Configure Microsoft 365. ms.localizationpriority: high
solutions Apps Config Step 4 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-config-step-4.md
audience: ITPro Last updated : 03/29/2024 description: Step 4. Configure Microsoft Edge in Intune. ms.localizationpriority: high
solutions Apps Config Step 5 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-config-step-5.md
audience: ITPro Last updated : 03/29/2024 description: Step 5. Configure Microsoft Teams in Intune. ms.localizationpriority: high
solutions Apps Config Step 6 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-config-step-6.md
audience: ITPro Last updated : 03/29/2024 description: Step 6. Configure other apps in Intune. ms.localizationpriority: high
solutions Apps Config Step 7 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-config-step-7.md
audience: ITPro Last updated : 03/29/2024 description: Step 7. Verify app configuration. ms.localizationpriority: high
solutions Apps Guide Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-guide-overview.md
audience: ITPro Last updated : 03/29/2024 description: Purchase and add managed apps for your managed environment. ms.localizationpriority: high
solutions Apps License Manage https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-license-manage.md
audience: ITPro Last updated : 03/29/2024 description: Manage app licenses used in Intune. ms.localizationpriority: high
solutions Apps License Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-license-overview.md
audience: ITPro Last updated : 03/29/2024 description: Understand app licenses used in Intune. ms.localizationpriority: high
solutions Apps Protect Access Requirements https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-protect-access-requirements.md
audience: ITPro Last updated : 03/29/2024 description: Understand app protection access requirements using Microsoft Intune. ms.localizationpriority: high
solutions Apps Protect Conditional Launch https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-protect-conditional-launch.md
audience: ITPro Last updated : 03/29/2024 description: Understand app protection conditional launch using Microsoft Intune. ms.localizationpriority: high
solutions Apps Protect Data Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-protect-data-protection.md
audience: ITPro Last updated : 03/29/2024 description: Understand app data protection using Microsoft Intune. ms.localizationpriority: high
solutions Apps Protect Framework https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-protect-framework.md
audience: ITPro Last updated : 03/29/2024 description: Use the app protection framework with Microsoft Intune. ms.localizationpriority: high
solutions Apps Protect Health Checks https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-protect-health-checks.md
audience: ITPro Last updated : 03/29/2024 description: Understand app protection health checks using Microsoft Intune. ms.localizationpriority: high
solutions Apps Protect Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-protect-overview.md
audience: ITPro Last updated : 03/29/2024 description: Secure and protect apps using Microsoft Intune. ms.localizationpriority: high
solutions Apps Protect Step 1 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-protect-step-1.md
audience: ITPro Last updated : 03/29/2024 description: Step 1. Apply minimum data protection. ms.localizationpriority: high
solutions Apps Protect Step 2 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-protect-step-2.md
audience: ITPro Last updated : 03/29/2024 description: Step 2. Apply enhanced data protection ms.localizationpriority: high
solutions Apps Protect Step 3 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-protect-step-3.md
audience: ITPro Last updated : 03/29/2024 description: Step 3. Apply high data protection ms.localizationpriority: high
solutions Apps Protect Step 4 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-protect-step-4.md
audience: ITPro Last updated : 03/29/2024 description: Step 4. Understand app protection delivery. ms.localizationpriority: high
solutions Apps Protect Step 5 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-protect-step-5.md
audience: ITPro Last updated : 03/29/2024 description: Step 5. Verify and monitor app protection ms.localizationpriority: high
solutions Apps Protect Step 6 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-protect-step-6.md
audience: ITPro Last updated : 03/29/2024 description: Step 6. Use app protection actions. ms.localizationpriority: high
solutions Apps Purchase Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-purchase-overview.md
audience: ITPro Last updated : 03/29/2024 description: Understand how to purchase apps for Intune. ms.localizationpriority: high
solutions Apps Purchase Store https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-purchase-store.md
audience: ITPro Last updated : 03/29/2024 description: Purchase store apps in Intune. ms.localizationpriority: high
solutions Apps Purchase Volume https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-purchase-volume.md
audience: ITPro Last updated : 03/29/2024 description: Purchase apps in-volume for Intune. ms.localizationpriority: high
solutions Apps Type Built In https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-type-built-in.md
audience: ITPro Last updated : 03/29/2024 description: Understand built-in apps as they apply to a managed environment. ms.localizationpriority: high
solutions Apps Type Lob https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-type-lob.md
audience: ITPro Last updated : 03/29/2024 description: Understand line-of-business apps as they apply to a managed environment. ms.localizationpriority: high
LOB apps can be added to Intune by first selecting either **Line-of-business app
:::image type="content" source="../media/purchase-add-managed-apps/purchase-add-managed-apps-09.png" alt-text="Intune app types" border="true" :::
-When you select **Line-of-business app**, you'll have the option to add your specific installation package file. Also, you can choose to use [Test Base](https://go.microsoft.com/fwlink/?linkid=2165798) to help you manage the performance of your LOB app.
+When you select **Line-of-business app**, you have the option to add your specific installation package file. Also, you can choose to use [Test Base](https://go.microsoft.com/fwlink/?linkid=2165798) to help you manage the performance of your LOB app.
:::image type="content" source="../media/purchase-add-managed-apps/purchase-add-managed-apps-10.png" alt-text="Intune - Line-of-business app" border="true" :::
solutions Apps Type Microsoft https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-type-microsoft.md
audience: ITPro Last updated : 03/29/2024 description: Understand Microsoft apps as they apply to a managed environment. ms.localizationpriority: high
solutions Apps Type Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-type-overview.md
audience: ITPro Last updated : 03/29/2024 description: Understand the app types that are available for managed environments. ms.localizationpriority: high
solutions Apps Type Store https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-type-store.md
audience: ITPro Last updated : 03/29/2024 description: Understand store apps as they apply to a managed environment. ms.localizationpriority: high
solutions Apps Type Web https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/apps-type-web.md
audience: ITPro Last updated : 03/29/2024 description: Understand web apps as they apply to a managed environment. ms.localizationpriority: high
syntex Apply A Sensitivity Label To A Model https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/apply-a-sensitivity-label-to-a-model.md
description: Learn how to apply a sensitivity label to a model in Microsoft Synt
You can easily apply a [sensitivity label](../compliance/sensitivity-labels.md) to unstructured document processing models in Microsoft Syntex.
-> [!Note]
-> Sensitivity labels are not yet available for prebuilt models or for freeform or structured document processing models.
- Sensitivity labels let you apply encryption to the documents that your models identify. For example, you want your model to not only identify any financial documents that contain bank account numbers or credit card numbers that are uploaded to your document library, but also to apply a sensitivity label that's configured with encryption settings to restrict who can access that content and how it can be used. Syntex models honor the [label order](../compliance/apply-sensitivity-label-automatically.md#how-multiple-conditions-are-evaluated-when-they-apply-to-more-than-one-label) rules and also don't overwrite an existing label that was manually applied by a user to the file. You can apply a pre-existing sensitivity label to your model through your model settings on your model's home page. The label must already be published to be available for selection from model settings. Labels apply to Office files for Word (.docx), PowerPoint (.pptx), and Excel (.xlsx).